Home Malware Programs Rogue Defragmenter Programs Data Restore

Data Restore

Posted: September 28, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 974
First Seen: September 28, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

Data Restore Screenshot 1Data Restore is a rogue defragmenter, system diagnostics and information recovery tool. Our malware researchers have traced Data Restore's lineage back to the FakeScanti family wich comprises other types of fake defragmenters that share its appearance, error messages and attack methods . You should do your best to ignore the many types of fake errors that Data Restore creates on your PC; these errors aren't real system problems and have no point to their existence besides trying to make a grab at your wallet's contents. However, ignoring Data Restore isn't enough to solve a Data Restore problem, since browser hijacks, file-viewing problems and blocked applications are also common signs of a Data Restore attack. Anti-malware software is the preferred tool for deleting Data Restore, although updates and usage of Safe Mode where applicable are also important to insure that Data Restore is completely removed.

The Deadliest Examples of Data Restore's Arsenal - Wielded Against Your PC

Unlike a real defragmenter or data recovery program, Data Restore doesn't offer real system-analysis features or any abilities that would help you maintain or preserve information on your PC. Despite this, Data Restore does look identical to a real defragger or other type of legitimate PC maintenance product, and even creates fake error messages to try to fool you about its capabilities. However, our malware analysts have found that Data Restore's fake errors are substantially less dangerous than its other functions, which are involved in attacking your PC in several different ways:

  • Data Restore will attempt to block you from using anti-malware and security programs that could assist you with detecting or removing Data Restore itself. These blockades may also be supplemented by fake error messages that Data Restore uses to trick you into thinking that your programs are damaged.
  • Data Restore may attack your browser with hijacks that redirect you to unusual websites. This can include the display of fake errors that block websites as well as general browser setting changes.
  • Data Restore may also use several methods to conceal files, folders and shortcuts. Two popular methods that our malware experts have recorded include Data Restore using the Windows Registry to cripple Windows Explorer's ability to display files, and moving shortcuts to obscure locations (such as the Temp folder).

Escaping Data Restore's Unpleasant Idea of System 'Maintenance'

Although there's no reason to keep Data Restore on your PC and quite a few reasons to delete Data Restore, the deletion process can be obfuscated by Data Restore's usage of fake errors, alerts and warnings. The following list is a series of examples of Data Restore's fake errors that our malware experts have noted, and you should disregard any error that resembles the ones noted below:

Bad sectors on hard drive or damaged file allocation table – Critical Error

28% of HDD space is unreadable – Critical Error

A problem detected while reading boot operation system files

Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

Windows – No Disk
Exception Processing Message 0×0000013

Read time of hard drive cluster less than 500 ms – Critical Error

Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.

Confirmation
Data Restore detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?

Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.

If you're ready to restore your PC back to actual health by getting rid of Data Restore, switch to Safe Mode and use a good anti-malware program to scan your computer. Removing Data Restore by manual methods isn't recommended, since improper Data Restore removal can harm Windows and may even require that you reinstall the OS. Among the countless members of Data Restore family are Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013.

Data Restore Screenshot 2Data Restore Screenshot 3Data Restore Screenshot 4Data Restore Screenshot 5Data Restore Screenshot 6Data Restore Screenshot 7Data Restore Screenshot 8Data Restore Screenshot 2Data Restore Screenshot 9Data Restore Screenshot 10Data Restore Screenshot 11

Aliases

Generic25.CCZJ [AVG]AdWare.SuspectCRC [Ikarus]Adware/Win32.FoxTab [AhnLab-V3]Adware.InstallCore.12 [DrWeb]W32/InstallCore.A.gen!Eldorado [F-Prot]Win32/InstallCore [NOD32]Misc/OnlineInstaller [Fortinet]Win32/Agent.A!generic [eTrust-Vet]SPR/Dldr.Agent.dt.17 [AntiVir]Trojan.DownLoader.origin [DrWeb]ApplicUnwnt.Win32.Adware.Agent.~GGS [Comodo]not-a-virus:Downloader.Win32.Agent.dt [Kaspersky]Win32:Dropper-EFY [Avast]W32/Dropper.AE.gen!Eldorado [F-Prot]a variant of Win32/SweetIM.A [NOD32]
More aliases (50)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%USERPROFILE%\My Documents\Downloads\VideoConverterSetup.exe File name: VideoConverterSetup.exe
Size: 546.3 KB (546304 bytes)
MD5: 9b0269781c9d357c00e3c668173a3fab
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\My Documents\Downloads
Group: Malware file
Last Updated: December 5, 2011
%ALLUSERSPROFILE%\Application Data\6DSS92c31Apgjk.exe File name: 6DSS92c31Apgjk.exe
Size: 350.72 KB (350720 bytes)
MD5: b083cf5dd168f87af9e19f5bf13e20ab
Detection count: 59
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: September 30, 2011
K:\Server Documenten\ConvertXToDVD\video_converter_setup.exe File name: video_converter_setup.exe
Size: 404.99 KB (404992 bytes)
MD5: f8c14ab127e63b475aa6a7d9d4200e1f
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: K:\Server Documenten\ConvertXToDVD
Group: Malware file
Last Updated: November 21, 2011
J:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP163\A0060305.exe File name: A0060305.exe
Size: 4.24 MB (4240182 bytes)
MD5: cc53e636516250d1de09f2d79d371170
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: J:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP163\A0060305.exe
Group: Malware file
Last Updated: February 1, 2022
%ALLUSERSPROFILE%\Application Data\ENtNsKwGvJhK.exe File name: ENtNsKwGvJhK.exe
Size: 468.99 KB (468992 bytes)
MD5: 308771f50c0ad12aee141ad369244b8d
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: August 17, 2022
%Temp%\smtmp\3 File name: %Temp%\smtmp\3
Group: Malware file
%Temp%\smtmp\1 File name: %Temp%\smtmp\1
Group: Malware file
%Temp%\smtmp\2 File name: %Temp%\smtmp\2
Group: Malware file
%Temp%\smtmp\ File name: %Temp%\smtmp\
Group: Malware file
%Temp%\smtmp\4 File name: %Temp%\smtmp\4
Group: Malware file
%LocalAppData%\ File name: %LocalAppData%\
Group: Malware file
%LocalAppData%\.exe File name: %LocalAppData%\.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\Programs\Data Restore\ File name: %StartMenu%\Programs\Data Restore\
Group: Malware file
%StartMenu%\Programs\Data Restore\Data Restore.lnk File name: %StartMenu%\Programs\Data Restore\Data Restore.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\Data Restore\Uninstall Data Restore.lnk File name: %StartMenu%\Programs\Data Restore\Uninstall Data Restore.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\Data Restore.lnk File name: %UserProfile%\Desktop\Data Restore.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

File name without pathUninstall Data Restore.lnkHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

Additional Information

The following messages's were detected:
# Message
1Activation Reminder
Data Restore Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.
2Critical Error!
A critical error has occurred while indexing data stored on hard drive. System restart required.
3Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
4Critical Error!
Hard Drive not found. Missing hard drive.
5Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
6Critical Error
Hard drive clusters are partly damaged. Segment load failure.
7Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.
8Critical Error
RAM memory usage is critically high. RAM memory failure.
9Critical Error
Windows can't find hard disk space. Hard drive error
10Critical Hard Disk Drive Error
Data Restore detected a bad sector on your hard disk drive.
This error may cause the following problems:
- Data corruption and loss
- Hard drive inaccessibility
- System errors and failures
11Data Restore Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified <sic> software to fix the detected hard drive problems. Do you want to download recommended software?
12Fix Disk
Data Restore Diagnostics will scan the system to identify performance problems.
Start or Cancel
13Hard Drive Failure
The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system.
14Low Disk Space
You are running very low disk space on Local Disk (C:).
15System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
16System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
17Windows - Delayed Write Failed
Failed to save all the components for the file \System32\00004823. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.
18Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents store on the hard disk. It's highly recommended to scan and solve HDD problems before continue using this PC.
19Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced.

2 Comments

  • Denero Patel says:

    Data Restore... what a freaking joke. I thought the Data Restore program would restore my Windows but boy was I wrong. Data Restore somehow installed on its own and before I knew it i get pop-up after pop-up. Thanks you guys for helping me detect and remove this fake Data Restore program! You are the best SpywareRemove and SpyHunter guys!

  • dave says:

    I'd be extremely suspicious of any program that asked me to download 'sertified software'.

Loading...