Windows XP Recovery. How to remove? (Uninstall guide)

removal by Gabriel E. Hall - -   Also known as Windows Vista Recovery, Windows 7 Recovery | Type: Rogue Antispyware
12

Windows 7 Recovery is a fake computer optimization program that attacks PC with a help of TDSS rootkit. Additionally, it will start reporting you about various hard drive problems detected and it will do its best while trying to create such impression. First of all, Widows 7 Recovery will say that you must start it in Safe Mode. To trick you, it will display fake Safe Mode and then will hide your files to make it look like there is really something wrong with your hard drive. However, all these problems presented by Windows 7 Recovery, Windows Vista Recovery or Windows XP Recovery are faked by their creators. All these clones will require you to pay for their defragmentation services what means giving your money for hackers. You should ignore all ‘problems’ found by these scams and use automatic removal tool or STOPzilla to remove Windows 7 Recovery.

To make you concerned about your machine, Windows Vista Recovery (you will see such name if you have Windows Vista OS running on your computer) will display numerous nagging alerts, such as these written below:

Critical Error Hard Drive not found.
Missing hard drive.

Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Requested registry access is not allowed. Registry defragmentation required
Read time of hard drive clusters less than 500 ms
32% of HDD space is unreadable
Bad sectors on hard drive or damaged file allocation table
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Drive C initializing error
Ram Temperature is 83 C. Optimization is required for normal operation.
Hard drive doesn’t respond to system commands
Data Safety Problem. System integrity is at risk.
Registry Error – Critical Error

Windows XP Recovery Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?

Fix Disk
Windows Vista Recovery Diagnostics will scan the system to identify performance problems.
Start or Cancel

Windows 7 Recovery attack is followed by certain Registry modifications and files manipulations, which in its turn results in getting your computer badly hacked. It means you will lose control of some essential system options like the Add/Remove Programs, Task Manager as well as using your antivirus software to remove the virus.

As you may have already realized, Windows XP Recovery and all its clones are fake defragmenters that won’t leave you alone until you purchase their ‘licensed’ version. However, that means that your money and credit card details will be given for scammers. You won’t be capable to notice Windows Vista Recovery intrusion because it closely relies on Trojans, so having a reputable anti-spyware seems to be the only good decision. We could recommend using STOPzilla licensed version if you want to remove Windows XP Recovery and protect it from unexpected intruders.

The latest parasite names used by FakeHDD:
[newest id=”fakehdd”]

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Windows XP Recovery you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Windows XP Recovery. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Windows XP Recovery (2012-06-11)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Windows XP Recovery (2012-06-11)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Windows XP Recovery (2012-06-11)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Windows XP Recovery (2012-06-11)
Windows XP Recovery snapshot
Windows XP Recovery

Windows XP Recovery manual removal:

Kill processes:
[random].exe

Delete registry values:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ".exe"

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "CertificateRevocation" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop "NoChangingWallPaper" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = '1'

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'

HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'yes'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "Hidden" = '0'

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "ShowSuperHidden" = 0'

Unregister DLLs:
[random].dll

Delete files:
%AllUsersProfile%Application Data~

%AllUsersProfile%Application Data~r

%AllUsersProfile%Application Data[random].dll

%AllUsersProfile%Application Data[random].exe

%AllUsersProfile%Application Data[random].exe

%UserProfile%DesktopWindows XP Recovery.lnk

%UserProfile%Start MenuProgramsWindows XP Recovery

%UserProfile%Start MenuProgramsWindows XP RecoveryUninstall Windows XP Recovery.lnk

%UserProfile%Start MenuProgramsWindows XP RecoveryWindows XP Recovery.lnk

Delete directories:
%AllUsersProfile%Application Data[random]

About the author

Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author


  • jason

    you guys fail to mention that after removing the virus, it hides ALL files on the same partition as the OS. look up unhide.exe from bleepingcomputers to resolve the problem