A new strain of fake alert has been spotted that goes by the name of "Windows Recovery". In addition to the usual host of features this copy of fake alert also marks all files on the computer as hidden. Some nastier variants will take this one step further and move your start menu and desktop items to a separate folder so that even if you remove the hidden flag you still do not have access to your shortcuts.

This copy of fake alert sports the following features:

• Lives in %UserProfile%\%AppData%\ as a hidden, random three character executable (exa: pev.exe)
• Hijacks the HKCU .exe file extension. A registry edit must be performed to fix this after removing the exe or else you will be unable to run programs.
• Does not force close applications or disable the task manager as other version do.
• Disables "Show Desktop Icons"
• Marks all files on C:\ as hidden
• Some variants move desktop and start menu items to another folder
• Error on screen simulates hard drive failure via warnings. However, nothing is written to the event logs and there is no additional risk to the physical drive than other variants.

Rest assured however that all your files are safe and the virus will not spread from machine to machine. For help in removing this variant of fake alert, call Metro Data at 410-667-3600.