Remove System Recovery
Removal instructions
Severity scale:  (80 / 100)
System Recovery is a fake system optimisation utility and a rogue disk defragmenter. Real system optimisation utilities help increasing windows operating system performance. This is not the case with System Recovery: It will mess Windows PC so users believe that they got serious hardware and software problems and then will ask for a payment to fix it.
Additionally, System Recovery uses trojans to propagate. These trojans infect computer systems and download additional malicious software to earn money from their victims. System Recovery malware will display lots of faked alerts and warnings to scare users. It will display allerts like this:
Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
and so on. All these messages are false - neither can System Recovery detect such errors, neither there are any on your PC. It is purely malware infection.
It will also prevent antivirus software from launching. However, you will be able to launch all kinds of software if you try enough times or scan with your antivirus in safe mode.
You should remove System Recovery from your PC and clean all the trojans that come with it. For that, we recommend killing System Recovery processes first, and then scanning your PC with our recommended software to identify its files and folders. This malware uses random file names, however, in most cases they will be in Application Data folder of active user or All Users.
NOTE: You should not clean temporally files before fully restoring your PC. System Recovery moves your program shortcuts to temporally files folder. If you clean temporally files, you loose all the shortcuts to your daily programs.
To unhide files that are hidden by System Recovery try this command :
attrib -h "C:\Documents and Settings\[username]\*.* " /s /d
where username is your username.
Automatic System Recovery removal:
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
By Downloading any provided Anti-spyware software to remove System Recovery you agree to our privacy policy and agreement of use.
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes System Recovery (2011-09-04 17:49:32)
Tested and Confirmed! STOPzilla removes System Recovery (2011-09-04 17:49:32)
We are testing Spyware Doctor's efficiency at removing System Recovery
(2011-10-26 16:24:08)
System Recovery manual removal:
Kill processes: [random].exe
6DSS92c31Apgjk.exe
Delete registry values:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"
Delete files:[random].exe
6DSS92c31Apgjk.exe
Phone Support to remove System Recovery
QR code for System Recovery removal instructions:
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like System Recovery are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall System Recovery right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.
SYMPTOMS OF rogue antispyware INFECTION
Rogue AntiSpyware virus enters your PC without your consent or using some sort of social engineering trick. Fake scanner pages, malicious mail attachments or system vulnerabilities are often used.
Virus has a single goal: to gain money. Like other rogue anti-spyware applications, it will try to convince you that your system is infected with multiple parasites: trojans, adware, or other rogues. Typically, rogues do not provide enough detail about infections detected or show fake results. Rogue anti-spyware like System Recovery will not clean any actual infections for free.
Most of the parasites of this type do not have parasite detection engine thus every warning they show is a random one. If you see persistent popups or alerts, you can safely discard them.
You should never pay for Rogue Anti-spyware application like System Recovery as it funds development of other computer parasites.
Information added: 2011-09-04 17:49:32
Information updated: 2011-10-26 16:24:08
Additional resources:
Attention: If you know know a reputable website reated to security threats, please add a link here: add
url
more resources
|
FORUM:
HELP:
|
Follow us 
|
Like us 
Post Comment: