Windows Recovery Series is a rogue anti-spyware program that uses misleading methods to trick users into purchasing bogus security solutions. This rogue antispyware program uses false scan results and completely fake security warnings to scare users into thinking that their computers are infected with spyware, adware, rootkits and other malware that may cause serious damage to the system. It is usually promoted through the use of Trojan downloaders, fake online virus scanners that display pop ups stating that your computer is infected and that you should download and run Windows Recovery Series in order to clean your computer. This rogue program is also promoted via infected websites and spam emails. You shouldn't trust it and pay for it since it's a scam. Instead, remove Windows Recovery Series from your computer as soon as possible; otherwise you may end up with worse malware on your computer. The removal instructions below will show you how to get rid of this malware.
When running, Windows Recovery Series will pretend to scan your computer and then list a variety of infections that supposedly cannot be removed until you purchase the program. The scan results are false and are only being shown to scare you into thinking you are infected with all sorts of malware where as the only real infection is the rogue program itself. As a typical rogue security program, Windows Recovery Series will display many fake security alerts and pop-ups from Windows Taskbar. Those alerts will claim that your computer is infected with spyware, adware and other types of malware. Please ignore those fake alerts.
Warning! Identity theft attempt Detected
Hidden connection IP: xxxxxxxxx
Target: Your passwords for sites
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.
As you can see, Windows Recovery Series has only one goal — to scare you into purchasing the rogue program to supposedly remove found malware. However, it's malware itself and should be removed from the system upon detection. Also note, that of you have already purchased this bogus program then you should contact your credit card company and dispute the charges. To remove this malware from your computer, download and run a full system scan with malware removal software listed below.
The latest parasite names used by FakeVimes:
Windows Recovery Series manual removal:
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegedit" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "ID" = 0
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "net" = "2012-2-17_2"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avp32.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options_avpcc.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashDisp.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdivx.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsmostat.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsplatin.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionstapinstall.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionszapsetup3001.exe