HELP_RESTORE_FILES.txt seems to have affected on my desktop, need help

System restore before those updates

Hmm, you have a point, but honestly, I would hope that updates would not have caused the problem. I had to have done something stupid. I noticed all of the .ecc files were created on the same date, 4/17, 9:37a. That was Friday, a full week after the updates were installed.

It sounds like the PC was hit by TeslaCrypt ransomware, which wipes out shadow copies as well as encrypting documents.
You won't be able to decrypt the .ecc files unless you pay the ransom - not recommended.
Your best bet is to restore your last backup and unfortunately lose some data.

I cant believe there is no way around it. I did a restore. I still cannot get rid of some of the HELP_RESTORE_FILES.txt laying around. I dont have the permissions. jimfive

If it's a ransomware it should lock up your desktop screen and just display a message that you have to pay a certain amount if you want to get the key to decrypt your files, and usually there isn't a way around it as they use RSA 2048 encryption, practically impossible to bruteforce through.

In any case, If I were you I would indeed go for restore point or complete reinstall to make sure that everything is wiped out of the system.

As of your question 'how did you get it' usually those are spread through phishing emails containing infected file attachments

It's a Trojan that cannot be removed and it will keep popping up when you restart. It is a danger to your internet environment since it redirects you to nasty webpages with fake Adobe downloads. It runs in the background and modify your registry and even create corrupt files. Watch out too since it creates exploits into vulnerable programs. It even installs nasty unwanted programs like the Powerliks trojan or one of those poxy registry cleaners. Also deleting them might make them pop up somewhere else make sure to check the sytem again. oh and the trojan is named Troj/EccKrypt-C by sophos

It encrypts files/folders/docs/pics then leaves you the choice of paying the ransom, restoring to a previous point, or a wipe. Removing the virus will not solve your problem of encrypted files. They use a 2048 bit RSA token to encrypt your data, so there is virtually no way of decrypting thse files. Even if you do pay the ransom there is no guarantee they will decrypt everything. The HELP_RESTORE_FILES.txt usually shows up on the desktop after it has run through its encryption rampage. It did not come from Microsoft and the timing of the updates is coincidental. It is very hard to identify the cause of the infection, I am currently working on 3 PCs with this excact issue. To see what has been encrypted on your pc open up command prompt and run the following commands:

cd c:\ (This gets you to the root of your C drive)

dir *.ecc /s > list.txt (This creates a txt doc listing the encrypted files)

That command will export a list to the directory that you are in when you run the command. So if you are in c:\ then the list.txt will be there. That list will show the results of the command and show all of the data that has been encrypted. This way you will at least know the data that will be lost. Other versions of ransomware delete restore points as well, hopefully this is not the case for this one. So once again, the options we have are to pay the ransom (Not gonna happen), restore to earlier point of infection (Hopefully), or perform a clean installation of windows (Lots of work).
I know that they are not the best answers, and hopefully someone can come up with a significantly better resolution, but with this one we are stuck between a rock and a hard place.