Title: fake System Restore
Remove fake System Restore
Removal instructions
Severity scale:  (80 / 100)
System restore is a legitimate Microsoft Windows program that restores windows functionality when needed. However, there is a fake System Restore as well - a rogue system optimizer. This corrupt optimization program displays various warnings that PCs hard disk, video card or registry is in bad state and requires repair with a help of System Restore program. While actual System restore can repair software errors after unsuccessful installation, the rogue version of System Restore claims to be able to fix hardware errors. This is simply not true.
System Restore will try to prevent user from running legitimate software. Each executable is blocked randomly explaining that it resides in bad part of hard disk. Eventually, they will launch. Additionally, some internet pages might get blocked. This is done to prevent downloading programs that assist in System Restore's removal.
To remove System Restore, we recommend launching the application and leaving it running while you open browser windows to download anti-malware programs. We recommend downloading process explorer first, and killing System Restore processes. Then download legitimate anti-spyware program to identify actual System Restore's files and delete these. These files should reside in AllUsers Application Data folder.
Automatic fake System Restore removal:
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
By Downloading any provided Anti-spyware software to remove fake System Restore you agree to our privacy policy and agreement of use.
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing fake System Restore
(2011-10-26 19:08:20)
We are testing Spyware Doctor's efficiency at removing fake System Restore
(2011-10-26 19:08:20)
We are testing STOPzilla's efficiency at removing fake System Restore
(2011-10-26 19:08:20)
fake System Restore manual removal:
Kill processes: [random].exe
6DSS92c31Apgjk.exe
Delete registry values:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run " .exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
Delete files:
[random].exe from AllUsers\AppData
6DSS92c31Apgjk.exe
Phone Support to remove fake System Restore
QR code for fake System Restore removal instructions:
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the website is that parasites like fake System Restore are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall fake System Restore right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.
SYMPTOMS OF rogue antispyware INFECTION
Rogue AntiSpyware virus enters your PC without your consent or using some sort of social engineering trick. Fake scanner pages, malicious mail attachments or system vulnerabilities are often used.
Virus has a single goal: to gain money. Like other rogue anti-spyware applications, it will try to convince you that your system is infected with multiple parasites: trojans, adware, or other rogues. Typically, rogues do not provide enough detail about infections detected or show fake results. Rogue anti-spyware like fake System Restore will not clean any actual infections for free.
Most of the parasites of this type do not have parasite detection engine thus every warning they show is a random one. If you see persistent popups or alerts, you can safely discard them.
You should never pay for Rogue Anti-spyware application like fake System Restore as it funds development of other computer parasites.
Information added: 2011-10-08 20:18:28
Information updated: 2011-10-26 16:31:05
Additional resources:
Attention: If you know know a reputable website reated to security threats, please add a link here: add
url
more resources
|
FORUM:
HELP:
|
Follow us 
|
Like us 
Post Comment: