Severity scale  
  (67/100)

Windows Recovery Series. How to Remove? (Uninstall Guide)

removal by - -   Also known as Windows Recovery Series | Type: Rogue Antispyware
12

Windows Recovery Series is a rogue anti-spyware program that uses misleading methods to trick users into purchasing bogus security solutions. This rogue antispyware program uses false scan results and completely fake security warnings to scare users into thinking that their computers are infected with spyware, adware, rootkits and other malware that may cause serious damage to the system. It is usually promoted through the use of Trojan downloaders, fake online virus scanners that display pop ups stating that your computer is infected and that you should download and run Windows Recovery Series in order to clean your computer. This rogue program is also promoted via infected websites and spam emails. You shouldn't trust it and pay for it since it's a scam. Instead, remove Windows Recovery Series from your computer as soon as possible; otherwise you may end up with worse malware on your computer. The removal instructions below will show you how to get rid of this malware.

When running, Windows Recovery Series will pretend to scan your computer and then list a variety of infections that supposedly cannot be removed until you purchase the program. The scan results are false and are only being shown to scare you into thinking you are infected with all sorts of malware where as the only real infection is the rogue program itself. As a typical rogue security program, Windows Recovery Series will display many fake security alerts and pop-ups from Windows Taskbar. Those alerts will claim that your computer is infected with spyware, adware and other types of malware. Please ignore those fake alerts.

Warning! Identity theft attempt Detected
Hidden connection IP: xxxxxxxxx
Target: Your passwords for sites

Warning
Firewall has blocked a program from accessing the Internet.
Windows Media Player Resources
C:\Windows\system32\dllcache\wmploc.dll
C:\Windows\system32\dllcache\wmploc.dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.

Error
Keylogger activity detected. System information security is at risk.
It is recommended to activate protection and run a full system scan.

As you can see, Windows Recovery Series has only one goal -- to scare you into purchasing the rogue program to supposedly remove found malware. However, it's malware itself and should be removed from the system upon detection. Also note, that of you have already purchased this bogus program then you should contact your credit card company and dispute the charges. To remove this malware from your computer, download and run a full system scan with malware removal software listed below.

The latest parasite names used by FakeVimes:
Windows Internet Guard, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Recovery Series. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall Windows Recovery Series. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2012-04-29 15:35)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2012-04-29 15:35)
Hitman Pro
Webroot SecureAnywhere AntiVirus
Windows Recovery Series screenshot
Windows Recovery Series snapshot

Windows Recovery Series manual removal

Kill processes:
Inspector-[rnd].exe
Protector-[rnd].exe
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ERROR_PAGE_BYPASS_ZONE_CHECK_FOR_HTTPS_KB954312
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = "2012-2-17_2"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "UID" = "rudbxijemb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe
Delete files:
%AppData%\Inspector-[rnd].exe
%AppData%\Protector-[rnd].exe

Geolocation of Windows Recovery Series

Map reveals the prevalence of Windows Recovery Series. Countries and regions that have been affected the most are: United States.

Information updated:

Comments on Windows Recovery Series

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)