Windows Recovery Removal – How To Guide

Posted by fixrogue on September 27, 2011 Leave a comment (0) Go to comments

Windows Recovery is a fake software that promises to optimize your computer and fix all the errors.  This bogus software is infecting millions of computers since quite some time now and still infecting thousands of new computers daily. Windows Recovery promotes itself as a flash update or a very useful software. When you download and install this software in good faith, your computer gets infected.

Windows Recovery is promoted via hacked websites and various other methods. For example, you are surfing the web and may come across a hacked website. On that hacked site, you will see a message which will encourage you to download flash update or a similar software. You’ll download that update which is actually Windows Recovery software. This is how Windows Recovery enters in your computer in disguised way.

Windows Recovery will configure itself to run automatically at startup and whenever you’ll try to run a program, you’ll see various errors and warnings. Apart from this, It will also hide many different folders on your computer and display random content in different folders. This is done to convince you that something is really wrong with your computer and you need Windows Recovery to fix this problem. Don’t buy this software at any cost as It is just a shallow gimmick.

Here is a screenshot of Windows Recovery showing fake errors. When you’ll click on “Fix Errors” button, It will imitate defragmentation process and tell you that you need to buy advanced version. You can see various other screenshots in the gallery below. These screenshots were taken while researching on the rogue.Windows Recovery Virus

As you can see, Windows recovery is a very bad software that uses aggressive marketing tactics to push naive consumers into buying bogus software. This is how these scammers are making money. Read the removal instruction below to learn how to remove windows recovery quickly and easily.

How To Remove Windows Recovery

You can follow any of these two removal methods. First removal method is automated while second removal method is manual.

A) Automatic Removal

Security companies are relentlessly working to fight with new rogue products and this method guarantees complete removal of the virus without damaging anything on your computer. You are just required to scan your computer with a genuine anti-malware software and your computer will be back on track in few minutes. This method is equally effective for computer experts and neophytes.

You are just required to download the scanner software by clicking the button below and scan your computer for infections. All the threats will get caught and fixed automatically. Here is how to conduct automatic removal of Windows Recovery :

1. Download Spyware Doctor scanner by clicking the button below.

Download Spyware Doctor

2. Save the installer file and complete installation of Spyware Doctor. On first run, please update virus database and now you are ready to scan your computer.

3. Run Spyware Doctor and click on “Start Scan” button and you’ll see three options:

a. Custom Scan
b. Intelli-Scan
c. Full Scan.

Select “Full Scan” option and then click on “Scan Now” button. Spyware Doctor will automatically detect all the malicious software automatically including Windows Recovery. Apart from this rogue, It is very likely that several other threats will also get caught which are hiding in your computer without your knowledge.

Once the scanning is done, please click “Fix Checked” button and now your computer is free from the rogue software. Restart your computer and that’s it! This video from our research lab shows how Windows Recovery imitates real scans :

 

B) Manual Removal

Manual removal of Windows Recovery is only recommended for computer experts. If you have no previous experience of dealing with a virus, don’t attempt your hands on manual. Deleting wrong files during manual removal can paralyze your computer completely.  If you are not sure, follow automatic removal method as it guarantees complete removal of the rogue software.

Please follow the removal steps at your own risk :

1. Try To Do a System Restore

Run System Restore and restore your computer to an earlier date when Windows Recovery rogue was not present in your computer.

To Do a System Restore, please boot up your computer in “Safe Mode with Networking” mode (Keep pressing F8 button at startup and select this mode) and then click on Start—>Programs—>Accessories—>System Tools—>System Restore. (More Help on How To Do System Restore)

2. Correct Malicious Registry Entries

Windows Recovery modifies registry settings of your computer. To fix computer’s registry, run Registry Editor by clicking on Start—>Run, type “regedit” and click OK. Find these registry entries and repair/remove them: (Learn How To Edit Registry)

Please keep in mind that you’ll need to remove some registry entries while correct other entries to their original value. If you don’t know how to edit registry, simply follow automatic removal method.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

3. Remove Windows Recovery Files From Your Computer

After cleaning the registry, please remove files associated with Windows Recovery virus. Find these files and delete them. (Learn How To Search and Delete Files)

%AllUsersProfile%\.dll
%AllUsersProfile%\.exe

Just for example, If your username is “Administrator” you should check this folder :

C:\Documents and Settings\Administrator\Application Data\
C:\Documents and Settings\Administrator\

In above folder, you will see an executable file with strange name. You need to delete this file from your computer permanently.

That’s it. It is likely that If you follow above removal steps correctly, you should be able to remove Windows Recovery virus. If in doubt, please consider following automatic removal method instead.

Be Sociable, Share!
malwares

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Web Analytics