Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 4 September 2011

How to Remove "System Recovery" (Uninstall Guide)

Posted on 09:38 by Unknown
System Recovery scareware is typically introduced by deceptive security alerts targeting unsuspecting computer users. Is this software legitimate? NO. It's a fake system optimization program that reports non-existent hard drive errors, RAM failures and Windows registry issues to make you think that your computer is about to bite the dust unless you pay a fee on the spot. However, paying the fee only makes things worse.



We have to admit that "System Recovery" is a very generic name and it looks more like a legit system utility than scareware. Conversation rate is typically around 2% for rogue anti-virus software, System Recovery might do even better because it looks like genuine Windows software. As you may have guessed, it's not a first-of-its kind scareware designed to steal money from inexperienced computer users. Just a few days ago, we wrote about Master Utilities which is pretty much the same rogue application and there are a many more similar malware in our database. So, if you are under System Recovery malware attack, please follow the removal instructions on this page: http://deletemalware.blogspot.com/2011/09/how-to-remove-master-utilities.html

Important!
  • Do not delete files from Windows Temp folder
  • Use TDSSKiller and Backdoor.Tidserv Removal Tool before scanning your computer with well-known and well-reviewed malware removal tool
  • Do not purchase System Recovery
Additionally, you can activate the rogue program by entering this registration code 1203978628012489708290478989147 and any email as shown in the image below. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.



Fake System Recovery warning:




Associated System Recovery files and registry values:

Files:

Windows XP:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\System Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\System Recovery
  • %UsersProfile%\Start Menu\Programs\System Recovery\System Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\System Recovery\Uninstall System Recovery.lnk
%AllUsersProfile% refers to: C:\Documents and Settings\All Users
%UserProfile% refers to: C:\Documents and Settings\[User Name]

Windows Vista/7:
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\System Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\System Recovery\
  • %UsersProfile%\Start Menu\Programs\System Recovery\System Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\System Recovery\Uninstall System Recovery.lnk
%AllUsersProfile% refers to: C:\ProgramData
%UserProfile% refers to: C:\Users\[User Name]

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
Share this information with other people:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...
  • Remove "System Check" (Uninstall Guide)
    System Check is malicious software posing as Windows system utility. Although, it may look like a real thing, it isn't! You are actuall...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ►  November (18)
    • ►  October (21)
    • ▼  September (24)
      • How to Remove Security Sphere 2012 (Uninstall Guide)
      • Remove Advanced PC Shield 2012 (Uninstall Guide)
      • Notification of Limited Account Access - PayPal Ph...
      • Remove Ask Search and Ask Toolbar (Uninstall Guide)
      • Cyberbullying
      • Facebook Price Grid Hoax
      • ZeroAccess/Sirefef/MAX++ Rootkit Removal Tool
      • Remove Startsear.ch and search.searchcompletion.co...
      • Remove Babylon Toolbar and "Search the web (Babylo...
      • Seeearch.com Browser Hijacker (Uninstall Guide)
      • Remove Classysearchserver.com (Uninstall Guide)
      • Remove Coolsearchserver.com (Uninstall Guide)
      • Remove Excellentsearchserver.com (Uninstall Guide)
      • Windows заблокирован! Ransomware (Uninstall Guide)
      • Remove Bigseekpro.com and Somoto.com Toolbar (Unin...
      • Apple - Important information about your Apple ID
      • Remove Webplains.net (Uninstall Guide)
      • Remove *dayoftheweek.com (Uninstall Guide)
      • Remove Chit Chat (Uninstall Guide)
      • Remove La policía ESPAÑOLA Ransomware (Uninstall G...
      • How to Remove "System Recovery" (Uninstall Guide)
      • How to Remove OpenCloud Security (Uninstall Guide)
      • How to Remove Master Utilities (Uninstall Guide)
      • Remove Bandoo (Uninstall Guide)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile