Windows Vista Recovery
Windows Vista Recovery pretends to be both a defragmenter and a general system security program, but in reality, Windows Vista Recovery is a rogue security application that threatens your PC by creating false positive alerts. A Windows Vista Recovery infection on your PC is likely to be coupled with rootkit-based Trojan infections that may be difficult to detect or remove without an anti-malware application. Problems associated with Windows Vista Recovery infections include fake infection and system error pop-ups, audio advertisements, browser hijacks and an inability to use various unrelated applications.
Windows Vista Recovery is Neither a Good Recovery Tool Nor Vista-Specific
Although Windows Vista Recovery pretends to be specially designed for the Windows Vista platform, complete with the Windows logo, the truth is that Windows Vista Recovery is just one of more than a few rogue security programs recycling the same malicious code. Known clones of Windows Vista Recovery include, but aren't limited to Windows 7 Recovery, Windows XP Recovery, Windows Tool, Windows Fix Disk, Windows Diagnostic, Windows Repair, Windows Restore, and Windows Recovery.
Windows Vista Recovery pretends to offer many different and advanced features that you may not be used to seeing, such as memory optimization. However, Windows Vista Recovery only has the interface of these features without any real functions to be a worthwhile investment for your computer's security.
Besides being a hollow shell of a recovery tool, Windows Vista Recovery will even create fake errors like the examples below to make you think that Windows Vista Recovery is more useful than Windows Vista Recovery really is:
Low Disk Space
You are running very low disk space on Local Disk (C:).
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Activation Reminder
Windows Recovery Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.
Windows - No Disk
Exception Processing Message 0x0000013
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Requested registry access is not allowed. Registry defragmentation required
32% of HDD space is unreadable
Registry Error - Critical Error
Drive C initializing error
Bad sectors on hard drive or damaged file allocation table
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Hard drive doesn't respond to system commands
Ram Temperature is 83 C. Optimization is required for normal operation.
Read time of hard drive clusters less than 500 ms
Data Safety Problem. System integrity is at risk.
These error messages don't represent any real dangers to your computer, except insofar as Windows Vista Recovery is a danger by being present on your hard drive in the first place.
High-Priority Windows Vista Recovery Attacks
Even if you make the smart decision to avoid purchasing Windows Vista Recovery, you may have to deal with a number of different attacks on your PC until you've found a way to remove Windows Vista Recovery. Known possibilities include:
- The presence of TDSS rootkits. Rootkits are capable of concealing themselves by infecting normal memory processes, and are very difficult to remove manually.The TDSS rootkits that are often bundled with Windows Vista Recovery are known to create obnoxious audio advertisements, and may hinder your ability to use web browsers or other applications.
- Browser hijack attacks. Hijacks will redirect your web browser to a different site, display fake warnings or advertisements, place malicious links into online content or change your homepage.
- An inability to use various applications, especially programs that could be used to monitor or uninstall Windows Vista Recovery.
In all cases, your best chance of stopping these attacks is to switch to Safe Mode, reboot from a CD or USB storage device, or reboot into a non-Windows operating system. Don't try to remove Windows Vista Recovery and Windows Vista Recovery's rootkits by yourself unless you have no other options, since improper manual removal of Windows Vista Recovery can cause other problems for your PC.
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonAppData%\[RANDOM CHARACTERS] 2 %CommonAppData%\exe 3 %CommonAppData%\~[RANDOM CHARACTERS] 4 %UserProfile%\Desktop\Windows Vista Recovery.lnk 5 %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 6 %UserProfile%\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk 7 %UserProfile%\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = YesHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM CHARACTERS].exeHKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
Additional Information on Windows Vista Recovery
- The following messages's were detected:
# Message 1 System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.2 Windows – No Disk
Exception Processing Message 0×00000133 Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.4 Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.5 System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors6 Critical Error
RAM memory usage is critically high. RAM memory failure7 Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hart drive error.8 Critical Error
Damaged hard drive clusters detected. Private data is at risk.9 Critical Error
Hard Drive not found. Missing hard drive10 Low Disk Space
You are running very low disk space on Local Disk (C:).
Honestly thought this was the Vista Recovery program for me restoring my Windows Vista software to my PC. Boy, I was mislead and actually purchased that program. How do I get my money back. My bank said I must fill out a fraud report. Please help! Also, many thanks to you spywareremove for helping remove the program Vista Recovery. It no longer pops up when I turn on my PC!