Title: Windows Restore
Also known as: WindowsRestore

Remove Windows Restore
Removal instructions

 
Severity scale:Windows Restore severity is 64  (64 / 100)
 

Windows Restore is a fake disk defragmenter that uses misleading methods such as displaying fake error messages and pop-ups to make you think that your computer has been infected by malware. It prompts to pay for a full version of the program to remove the infections. If you choose to purchase this bogus program, you will lose your money and give your credit card details to the malware creators who developed this scareware. You credit card details can be sold to other scammers, so you shouldn't purchase this bogus program. Don't give your email either because they might send you spam. Please use the removal instructions below to remove Windows Restore from your computer. You can remove it manually or use an automatic removal tool given below.

Windows Restore enters the system with the help of Trojans and infected websites. The program runs system scanner and later on reports critical errors detected on your system. It claims that some of your private data might be lost because of the lack of free space, RAM memory usage, etc. The truth is that it is fake information and Windows Restore only wants you to believe your system is infected. Windows Restore will offer you purchasing a full version of its program with a promise that this will fix everything. However, its real intention is to receive your money, but in return you won’t get anything. Do not buy this rogue program. In order to stop all malicious activities on your computer you should remove Windows Restore as soon as possible. You can remove WindowsRestore manually too, but remember that manual removal guide was made for the rogue program only and do not include other possible malware, rootkits. That's why you should scan your computer with Spyware Doctor or other anti-spyware software.

When trying to disable this malware and launch automaci removal tool, you can use this code to 'register' Windows Restore: 8475082234984902023718742058948. Just click on Help and Support button, enter this code and run a full system scan with your anti-spyware.

The latest parasite names used by FakeHDD:
S.M.A.R.T. Repair, File Rescue virus, File Restore virus, File Recovery, Smart Data Recovery

Windows Restore properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic Windows Restore removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove Windows Restore you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall Windows Restore. You should confirm using free trial that it detects current version of parasite.

Note: Tested and Confirmed means that we have tested spyware remover with multiple versions of Windows Restore and got the best results. There might be updated or modified version of particular parasite that require manual killing of parasite process or an update. In such case try other removers in the line.

Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove Windows Restore using SpyHunter, submit question to our support team and provide as much details as possible.
dot
STOPzilla
download
Tested and Confirmed! STOPzilla removes Windows Restore (2011-04-06 06:29:44)
dot
Malwarebytes Anti Malware
download
manual required
Tested and Confirmed! Malwarebytes Anti Malware removes Windows Restore (2011-04-06 06:29:44)
dot
XoftSpySE Anti Spyware
download
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing Windows Restore (2011-06-20 08:43:27)
dot
Defender Pro Ultimate
download
manual required
We are testing Defender Pro Ultimate's efficiency at removing Windows Restore (2011-06-20 08:43:27)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove Windows Restore
Windows Restore snapshot:
Windows Restore snapshot

Windows Restore manual removal:

Kill processes:
[random].exe
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random].exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'yes'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'
Unregister DLLs:
[random].dll

Delete files:
[random].exe [random].dll WindowsRestore.lnk
Delete directories:

Geolocation of Windows Restore:

This map reveals the prevalence of Windows Restore. Countries and regions that have been affected the most are: Philippines, United States, Trinidad and Tobago, Jamaica and Canada.

QR code for Windows Restore removal instructions:

Windows Restore qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like Windows Restore are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall Windows Restore right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2011-04-06 06:29:44
Information updated: 2011-06-20 06:06:12

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

0
0
Mel
Thank you to whoever post this article. My laptop was just infected and I was skeptical about Windows Restore asking to purchase an extended version to restore my ram. I google Windows Restore on line and found this article, followed the steps and it works instantly. Thank you.
0
0
Chris
Hey I tried using the registration code but it asks for a valid username. Help?
0
0
Lawrie Neale
I found WindowsRestore referred to in the registry:-
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]
"BarSize"=hex:cc,00,00,00,00,00,00,00

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}FilesNamedMRU]
"000"="WindowsRecovery"

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{EFA24E64-B078-11D0-89E4-00C04FC9E26E}]
"BarSize"=hex:0b,01,00,00,00,00,00,00

Post Comment:

Attention: Use this form only if you have additional information about Windows Restore parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48643 Subscribers
Ask us
I failed to remove Windows Restore using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other