Remove Windows Restore
Removal instructions

Severity scale:  
  (64/100)
Windows Restore is also known as WindowsRestore | Type: Rogue Antispyware | Tags: FakeHDD

Windows Restore is a fake disk defragmenter that uses misleading methods such as displaying fake error messages and pop-ups to make you think that your computer has been infected by malware. It prompts to pay for a full version of the program to remove the infections. If you choose to purchase this bogus program, you will lose your money and give your credit card details to the malware creators who developed this scareware. You credit card details can be sold to other scammers, so you shouldn't purchase this bogus program. Don't give your email either because they might send you spam. Please use the removal instructions below to remove Windows Restore from your computer. You can remove it manually or use an automatic removal tool given below.

Windows Restore enters the system with the help of Trojans and infected websites. The program runs system scanner and later on reports critical errors detected on your system. It claims that some of your private data might be lost because of the lack of free space, RAM memory usage, etc. The truth is that it is fake information and Windows Restore only wants you to believe your system is infected. Windows Restore will offer you purchasing a full version of its program with a promise that this will fix everything. However, its real intention is to receive your money, but in return you won’t get anything. Do not buy this rogue program. In order to stop all malicious activities on your computer you should remove Windows Restore as soon as possible. You can remove WindowsRestore manually too, but remember that manual removal guide was made for the rogue program only and do not include other possible malware, rootkits. That's why you should scan your computer with Spyware Doctor or other anti-spyware software.

When trying to disable this malware and launch automaci removal tool, you can use this code to 'register' Windows Restore: 8475082234984902023718742058948. Just click on Help and Support button, enter this code and run a full system scan with your anti-spyware.

The latest parasite names used by FakeHDD:
S.M.A.R.T. Repair, File Rescue virus, File Restore virus, File Recovery, Smart Data Recovery

Windows Restore properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background

Automatic Windows Restore removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove Windows Restore you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
remover for Windows Restore Happiness
Guarantee
Compatible with Microsoft
SpyHunter is recommended remover to uninstall Windows Restore. You should confirm using free trial that it detects current version of parasite.
more than 40.000.000 downloads!
What to do if you failed to remove the infection?
If you failed to remove Windows Restore using SpyHunter, read here how to submit a support ticket or submit a question to our support team and provide as much details as possible.

Alternate Software

STOPzilla
Tested and Confirmed! STOPzilla removes Windows Restore (2011-04-06 06:29:44)
Malwarebytes Anti Malware
Tested and Confirmed! Malwarebytes Anti Malware removes Windows Restore (2011-04-06 06:29:44)
SpyHunter
We are testing SpyHunter's efficiency at removing Windows Restore (2011-06-20 08:43:27)
XoftSpySE Anti Spyware
We are testing XoftSpySE Anti Spyware's efficiency at removing Windows Restore (2011-06-20 08:43:27)
Virus Removal Phone Support
1-877-657-9614
Help Line to remove Windows Restore

Windows Restore screenshot

Windows Restore snapshot

Windows Restore manual removal

Kill processes:
[random].exe
Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random].exe"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'yes'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'
Unregister DLLs:
[random].dll

Delete files:
[random].exe [random].dll WindowsRestore.lnk

Geolocation of Windows Restore

Map reveals the prevalence of Windows Restore. Countries and regions that have been affected the most are: Philippines, United States, Trinidad and Tobago, Jamaica and Canada.

Information added: 04/06/11 06:29; information updated: 06/20/11 06:06

Additional resources

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Comments on Windows Restore

0
0
Lawrie Neale
I found WindowsRestore referred to in the registry:-
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{32683183-48a0-441b-a342-7c2a440a9478}]
@="Media Band"

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]
"BarSize"=hex:cc,00,00,00,00,00,00,00

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}FilesNamedMRU]
"000"="WindowsRecovery"

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{EFA24E64-B078-11D0-89E4-00C04FC9E26E}]
"BarSize"=hex:0b,01,00,00,00,00,00,00
0
0
Chris
Hey I tried using the registration code but it asks for a valid username. Help?
0
0
Mel
Thank you to whoever post this article. My laptop was just infected and I was skeptical about Windows Restore asking to purchase an extended version to restore my ram. I google Windows Restore on line and found this article, followed the steps and it works instantly. Thank you.

Post a comment

Attention: Use this form only if you have additional information about Windows Restore parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)
Like us on Facebook
Read on mobile
News
Press Mentions
I failed to remove Windows Restore using SpyHunter.

Email


Close
add text box
rss feed
help other
Spreading the knowledge: It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!