Severity scale:  
  (64/100)

Windows Restore. How to remove? (Uninstall guide)

removal by Jake Doevan - -   Also known as WindowsRestore | Type: Rogue Antispyware
12

Windows Restore is a fake disk defragmenter that uses misleading methods such as displaying fake error messages and pop-ups to make you think that your computer has been infected by malware. It prompts to pay for a full version of the program to remove the infections. If you choose to purchase this bogus program, you will lose your money and give your credit card details to the malware creators who developed this scareware. You credit card details can be sold to other scammers, so you shouldn't purchase this bogus program. Don't give your email either because they might send you spam. Please use the removal instructions below to remove Windows Restore from your computer. You can remove it manually or use an automatic removal tool given below.

Windows Restore enters the system with the help of Trojans and infected websites. The program runs system scanner and later on reports critical errors detected on your system. It claims that some of your private data might be lost because of the lack of free space, RAM memory usage, etc. The truth is that it is fake information and Windows Restore only wants you to believe your system is infected. Windows Restore will offer you purchasing a full version of its program with a promise that this will fix everything. However, its real intention is to receive your money, but in return you won’t get anything. Do not buy this rogue program. In order to stop all malicious activities on your computer you should remove Windows Restore as soon as possible. You can remove WindowsRestore manually too, but remember that manual removal guide was made for the rogue program only and do not include other possible malware, rootkits. That's why you should scan your computer with STOPzilla or other anti-spyware software.

When trying to disable this malware and launch automaci removal tool, you can use this code to 'register' Windows Restore: 8475082234984902023718742058948. Just click on Help and Support button, enter this code and run a full system scan with your anti-spyware.

The latest parasite names used by FakeHDD:
[newest id=”fakehdd”]

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows Restore you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Windows Restore. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows Restore (2011-06-20)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows Restore (2011-06-20)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows Restore (2011-06-20)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows Restore (2011-06-20)
Windows Restore snapshot
Windows Restore

Windows Restore manual removal:

Kill processes:
[random].exe

Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random].exe"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "[random]"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'yes'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'

Unregister DLLs:
[random].dll

Delete files:
[random].exe [random].dll WindowsRestore.lnk

Delete directories:



  • Mel

    Thank you to whoever post this article. My laptop was just infected and I was skeptical about Windows Restore asking to purchase an extended version to restore my ram. I google Windows Restore on line and found this article, followed the steps and it works instantly. Thank you.

  • Chris

    Hey I tried using the registration code but it asks for a valid username. Help?

  • Lawrie Neale

    I found WindowsRestore referred to in the registry:-
    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars]

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{32683183-48a0-441b-a342-7c2a440a9478}]
    @=”Media Band”

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}]
    “BarSize”=hex:cc,00,00,00,00,00,00,00

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}FilesNamedMRU]
    “000”=”WindowsRecovery”

    [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerExplorer Bars{EFA24E64-B078-11D0-89E4-00C04FC9E26E}]
    “BarSize”=hex:0b,01,00,00,00,00,00,00