Data Repair
Posted: September 28, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 16 |
First Seen: | September 28, 2011 |
---|---|
Last Seen: | December 14, 2020 |
OS(es) Affected: | Windows |
Data Repair is a fake system diagnostic program and defragmenter that's copied from similar types of scamware. Although Data Repair pretends to be able to detect and fix a variety of system errors, SpywareRemove.com malware researchers have found that Data Repair is no better than Data Repair's descendants and prefers to create fake alerts in-between badgering you for registration fees. Like many other types of rogue diagnostic applications, Data Repair will also try to convince you that your PC is malfunctioning by causing browser hijacks, concealing your shortcuts, interfering with file displays and blocking security-related programs. As an actively harmful program, Data Repair should be removed as soon as possible, although SpywareRemove.com malware experts recommend that you use dedicated anti-malware products to delete a Data Repair infection, when you have access to such software.
Data Repair and Its Plentiful Helpings of Fake System Data
Data Repair uses fake error messages and system scanners to infect new computers, and you're most likely to be infected by Data Repair after you've seen a pop-up or website-embedded Java or Flash script that contains either of the above displays. The most prominent behavior that SpywareRemove.com malware researchers have recorded in Data Repair infections is the presentation of extremely alarming security warnings, system errors and other types of alerts. These alerts are used for various purposes, but especially to convince you that buying Data Repair's fake software will help you fix your PC of all of these Data Repair-caused problems.
Data Repair errors can consist of errors that pretend that specific programs are infected, while Data Repair is blocking you from using them:
Confirmation
[Rogue defragmenter] detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?
Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.
Other Data Repair errors will play on your fears that you may lose information; if you don't purchase Data Repair's fake software or create unusual pop-ups that display errors that may confuse you with their sheer obscurity:
Bad sectors on hard drive or damaged file allocation table – Critical Error
28% of HDD space is unreadable – Critical Error
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
A problem detected while reading boot operation system files
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition
Windows – No Disk
Exception Processing Message 0×0000013
Read time of hard drive cluster less than 500 ms – Critical Error
Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.
You should always ignore Data Repair error messages and avoid interacting with them whenever possible. Sadly, even if you're ready to ignore Data Repair's plaintive and fraudulent cries, SpywareRemove.com malware experts have found that these errors are only the start of Data Repair's attacks against an infected PC.
Pulling Up the Wires of Data Repair's Fake Repair Work
Data Repair belongs to the FakeSysDef family and has many clones which include System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low and Hdd Fix. SpywareRemove.com malware research team has noted that a standard Data Repair infection may also include some or all of the following symptoms:
- Program shortcuts that have been removed from their normal locations. Modern versions of Data Repair and Data Repair's clones have been known to store these shortcuts in the Temp folder.
- Files and folders that refuse to display in Windows Explorer (the default file-viewing program for Windows). However, Command Prompt and other programs will display your files and folders normally; Data Repair only hides them and doesn't try to delete them.
- Browser hijacks that redirect you to harmful websites, block security-related sites that could help you delete Data Repair, create pop-ups or prevent you from changing your browser's settings.
If you find that your computer has been assaulted by even a single one of these symptoms, you shouldn't waste time in finding the best anti-malware program that you can and scan your PC for a potential Data Repair infection.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\1
File name: %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\1Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\2
File name: %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\2Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\3
File name: %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\3Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\4
File name: %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\4Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Application Data\~
File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\~Group: Malware file
%Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\
File name: %Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Group: Malware file
%Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Data Repair.lnk
File name: %Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Data Repair.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Uninstall Data Repair.lnk
File name: %Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Uninstall Data Repair.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[User Name]\Desktop\Data Repair.lnk
File name: %Documents and Settings%\[User Name]\Desktop\Data Repair.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\
File name: %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS]
File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS]Group: Malware file
%Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
File name: %Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS].exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0?HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.