File Repair
File Repair Description
File Repair is a new and advanced variant of a rogue defragmenter that SpywareRemove.com malware researchers have observed using dozens of different names to infect PCs, including the recent Windows XP System Repair, Windows Vista System Repair and Win 7 Home System Repair. Like other rogue defraggers, File Repair has no ability to defrag your hard drive or detect hard drive errors, but File Repair still creates error messages to make you think that purchasing File Repair might prevent your PC from breaking down. As an upgraded variant from its rogue defragger subgroup, File Repair is also capable of making advanced attacks, such as blocking security features, hijacking your browser and especially altering your file-viewing preferences to hide files and shortcuts. Removing File Repair itself with a suitable anti-malware application is the only thing that’s required to put a stop to these problems.
File Repair may look like a real defragger, and it may even act like a real defragger at first, but even a brief time spent with File Repair quickly reveals its true nature – as a scamware defragmenter that’s more interested in handing out fake warnings than in fixing your hard drive. SpywareRemove.com malware researchers have watched File Repair, like many other rogue defraggers that it’s related to, create error messages without any basis in reality for the relevant errors. Samples of some of File Repair’s favorite scare tactics are shown here:
Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.
System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Hard Drive not found.
Missing hard drive.
Bad sectors on hard drive or damaged file allocation table
Ram Temperature is 83 C. Optimization is required for normal operation.
Requested registry access is not allowed. Registry defragmentation required
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Critical Error
Windows can’t find hard disk space. Hard drive error
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Low Disk Space
You are running very low disk space on Local Disk (C:).
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.
SpywareRemove.com malware research team has also seen many of these errors used by other rogue defraggers that use most of File Repair’s own code. These related rogue defragmenters, such as System Repair, Windows Repair, Windows XP Repair, Windows Vista Repair, Windows 7 Repair, Windows Startup Repair and many others should be considered just as worthless and hostile as File Repair itself.
An especially worrisome trait of File Repair is the fact that its file-viewing attacks have been expanded from those of its ancestors. While a typical File Repair clone file-viewing attack might make Windows Explorer-viewed files unable to be seen, File Repair has been seen doing the same for desktop shortcuts and Start menu shorts, as well. However, if you use Safe Mode or another boot method that disables File Repair, your shortcuts and files will magically reappear and be completely unharmed.
Because trojans, such as Zlob, Vundo, and Fake Microsoft Security Essentials Alert are often accompanied by rogue defraggers and other scamware programs like File Repair, you only should delete File Repair by using a proper anti-malware scanner that can detect all potential infections on your PC. Updating your threat definition database is also strongly encouraged, since File Repair is a recent example of its rogue defragger gang as of August 2011, and may not be deleted if your threat definitions are out-of-date.
File Repair and related trojans may also hinder your attempts to removal File Repair and related threats by hijacking your web browser or disabling anti-malware programs. Like the file-viewing attacks mentioned above, these attacks can only occur when File Repair or its trojans are active, and using standard techniques to avoid triggering File Repair’s startup routine (which SpywareRemove.com malware researchers have found to be Registry-based) is the solution.
Why File Repair is More Likely to Hide Your Files Instead of Repairing Them
File Repair may look like a real defragger, and it may even act like a real defragger at first, but even a brief time spent with File Repair quickly reveals its true nature – as a scamware defragmenter that’s more interested in handing out fake warnings than in fixing your hard drive. SpywareRemove.com malware researchers have watched File Repair, like many other rogue defraggers that it’s related to, create error messages without any basis in reality for the relevant errors. Samples of some of File Repair’s favorite scare tactics are shown here:
Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.
System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Hard Drive not found.
Bad sectors on hard drive or damaged file allocation table
Ram Temperature is 83 C. Optimization is required for normal operation.
Requested registry access is not allowed. Registry defragmentation required
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Critical Error
Windows can’t find hard disk space. Hard drive error
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Low Disk Space
You are running very low disk space on Local Disk (C:).
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.
SpywareRemove.com malware research team has also seen many of these errors used by other rogue defraggers that use most of File Repair’s own code. These related rogue defragmenters, such as System Repair, Windows Repair, Windows XP Repair, Windows Vista Repair, Windows 7 Repair, Windows Startup Repair and many others should be considered just as worthless and hostile as File Repair itself.
An especially worrisome trait of File Repair is the fact that its file-viewing attacks have been expanded from those of its ancestors. While a typical File Repair clone file-viewing attack might make Windows Explorer-viewed files unable to be seen, File Repair has been seen doing the same for desktop shortcuts and Start menu shorts, as well. However, if you use Safe Mode or another boot method that disables File Repair, your shortcuts and files will magically reappear and be completely unharmed.
Putting Good Repair Techniques to Work Against File Repair
Because trojans, such as Zlob, Vundo, and Fake Microsoft Security Essentials Alert are often accompanied by rogue defraggers and other scamware programs like File Repair, you only should delete File Repair by using a proper anti-malware scanner that can detect all potential infections on your PC. Updating your threat definition database is also strongly encouraged, since File Repair is a recent example of its rogue defragger gang as of August 2011, and may not be deleted if your threat definitions are out-of-date.
File Repair and related trojans may also hinder your attempts to removal File Repair and related threats by hijacking your web browser or disabling anti-malware programs. Like the file-viewing attacks mentioned above, these attacks can only occur when File Repair or its trojans are active, and using standard techniques to avoid triggering File Repair’s startup routine (which SpywareRemove.com malware researchers have found to be Registry-based) is the solution.
File Repair Automatic Detection Tool (Recommended)
Is your PC infected with File Repair? To safely & quickly detect File Repair, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect File Repair
What happens if File Repair does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\Application Data\~[RANDOM CHARACTERS] 2 %AllUsersProfile%\Application Data\~[RANDOM CHARACTERS]r 3 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].exe 4 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dll 5 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS] 6 %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].exe 7 %UserProfile%\Start Menu\Programs\File Repair\ 8 %UserProfile%\Start Menu\Programs\File Repair\Uninstall File Repair.lnk 9 %UserProfile%\Start Menu\Programs\File Repair\File Repair.lnk 10 %UserProfile%\Desktop\File Repair.lnk
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
Posted: August 13, 2011 | By SpywareRemove
MoreRate this article:
(1 votes, average: 2.00 out of 5)
Loading ...