Data Restore
Data Restore Description
Data Restore is a rogue defragmenter, system diagnostics and information recovery tool. Our malware researchers have traced Data Restore’s lineage back to the FakeScanti family wich comprises other types of fake defragmenters that share its appearance, error messages and attack methods . You should do your best to ignore the many types of fake errors that Data Restore creates on your PC; these errors aren’t real system problems and have no point to their existence besides trying to make a grab at your wallet’s contents. However, ignoring Data Restore isn’t enough to solve a Data Restore problem, since browser hijacks, file-viewing problems and blocked applications are also common signs of a Data Restore attack. Anti-malware software is the preferred tool for deleting Data Restore, although updates and usage of Safe Mode where applicable are also important to insure that Data Restore is completely removed.The Deadliest Examples of Data Restore’s Arsenal – Wielded Against Your PC
Unlike a real defragmenter or data recovery program, Data Restore doesn’t offer real system-analysis features or any abilities that would help you maintain or preserve information on your PC. Despite this, Data Restore does look identical to a real defragger or other type of legitimate PC maintenance product, and even creates fake error messages to try to fool you about its capabilities. However, our malware analysts have found that Data Restore’s fake errors are substantially less dangerous than its other functions, which are involved in attacking your PC in several different ways:
- Data Restore will attempt to block you from using anti-malware and security programs that could assist you with detecting or removing Data Restore itself.These blockades may also be supplemented by fake error messages that Data Restore uses to trick you into thinking that your programs are damaged.
- Data Restore may attack your browser with hijacks that redirect you to unusual websites. This can include the display of fake errors that block websites as well as general browser setting changes.
- Data Restore may also use several methods to conceal files, folders and shortcuts. Two popular methods that our malware experts have recorded include Data Restore using the Windows Registry to cripple Windows Explorer’s ability to display files, and moving shortcuts to obscure locations (such as the Temp folder).
Escaping Data Restore’s Unpleasant Idea of System ‘Maintenance’
Although there’s no reason to keep Data Restore on your PC and quite a few reasons to delete Data Restore, the deletion process can be obfuscated by Data Restore’s usage of fake errors, alerts and warnings. The following list is a series of examples of Data Restore’s fake errors that our malware experts have noted, and you should disregard any error that resembles the ones noted below:
Bad sectors on hard drive or damaged file allocation table – Critical Error
28% of HDD space is unreadable – Critical Error
A problem detected while reading boot operation system files
Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition
Windows – No Disk
Exception Processing Message 0×0000013
Read time of hard drive cluster less than 500 ms – Critical Error
Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.
Confirmation
Data Restore detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?
Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.
If you’re ready to restore your PC back to actual health by getting rid of Data Restore, switch to Safe Mode and use a good anti-malware program to scan your computer. Removing Data Restore by manual methods isn’t recommended, since improper Data Restore removal can harm Windows and may even require that you reinstall the OS. Among the countless members of Data Restore family are Cloud Protection, OpenCloud Security, BlueFlare Antivirus, AV Protection 2011, AV Security Essentials, System Protection 2012, AV Protection Online, Home Security Solutions, AV Secure 2012, Security Guard, Wireshark Antivirus, AV Protection 2012, Sysinternals Antivirus, Your PC Protector, Super AV 2013, Wolfram Antivirus, Sphere Security 2012, Milestone Antivirus, Cloud AV 2012, Super AV, Internet Security Guard, OpenCloud Antivirus, AV Guard Online, System Protection, Win 7 2012, AV Security 2012 and Security Guard 2012.
Aliases
Generic25.CCZJ [AVG]AdWare.SuspectCRC [Ikarus]Adware/Win32.FoxTab [AhnLab-V3]Adware.InstallCore.12 [DrWeb]AdWare.SuspectCRC!IK [Emsisoft]W32/InstallCore.A.gen!Eldorado [F-Prot]Win32/InstallCore [NOD32]Misc/OnlineInstaller [Fortinet]Virus.Win32.Virut.X6 [VBA32]Win32/Agent.A!generic [eTrust-Vet]
More aliases (50)
Data Restore Automatic Detection Tool (Recommended)
Is your PC infected with Data Restore? To safely & quickly detect Data Restore, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Data Restore
What happens if Data Restore does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %UserProfile%\Start Menu\Programs\Data Restore 534 2 Uninstall Data Restore.lnk 527 3 %ALLUSERSPROFILE%\ Application Data\ ENtNsKwGvJhK.exe 438 4 %USERPROFILE%\ My Documents\ Downloads\ VideoConverterSetup.exe 192 5 K:\ Server Documenten\ ConvertXToDVD\ video_converter_setup.exe 122 6 %USERPROFILE%\ Mis documentos\ Keygen de Win RaR 3.90 - 3.92 - 3.93 beta 3.exe 21 7 %Temp%\smtmp\3 N/A 8 %Temp%\smtmp\1 N/A 9 %Temp%\smtmp\2 N/A 10 %Temp%\smtmp\ N/A 11 %Temp%\smtmp\4 N/A 12 %LocalAppData%\ N/A 13 %LocalAppData%\.exe N/A 14 %StartMenu%\Programs\Data Restore\ N/A 15 %StartMenu%\Programs\Data Restore\Data Restore.lnk N/A 16 %StartMenu%\Programs\Data Restore\Uninstall Data Restore.lnk N/A 17 %UserProfile%\Desktop\Data Restore.lnk N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
Additional Information
- The following messages's were detected:
# Message 1 Activation Reminder
Data Restore Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.2 Critical Error!
A critical error has occurred while indexing data stored on hard drive. System restart required.3 Critical Error!
Damaged hard drive clusters detected. Private data is at risk.4 Critical Error!
Hard Drive not found. Missing hard drive.5 Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.6 Critical Error
Hard drive clusters are partly damaged. Segment load failure.7 Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.8 Critical Error
RAM memory usage is critically high. RAM memory failure.9 Critical Error
Windows can't find hard disk space. Hard drive error10 Critical Hard Disk Drive Error
Data Restore detected a bad sector on your hard disk drive.
This error may cause the following problems:
- Data corruption and loss
- Hard drive inaccessibility
- System errors and failures11 Data Restore Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertifiedsoftware to fix the detected hard drive problems. Do you want to download recommended software? 12 Fix Disk
Data Restore Diagnostics will scan the system to identify performance problems.
Start or Cancel13 Hard Drive Failure
The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system.14 Low Disk Space
You are running very low disk space on Local Disk (C:).15 System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.16 System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.17 Windows - Delayed Write Failed
Failed to save all the components for the file \System32\00004823. The file is corrupted or unreadable. This error may be caused by a PC hardware problem.18 Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents store on the hard disk. It's highly recommended to scan and solve HDD problems before continue using this PC.19 Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced.
Posted: September 28, 2011 | By SpywareRemove
MoreThreat Level: 10/10
(4 votes, average: 4.00 out of 5)
Loading ...Rate this article:
Detection Count: 415
Thank you a bunch for sharing this with all of us you really understand how to remove the data malware.
I’d be extremely suspicious of any program that asked me to download ‘sertified software’.
Data Restore… what a freaking joke. I thought the Data Restore program would restore my Windows but boy was I wrong. Data Restore somehow installed on its own and before I knew it i get pop-up after pop-up. Thanks you guys for helping me detect and remove this fake Data Restore program! You are the best SpywareRemove and SpyHunter guys!