System Recovery
System Recovery Description
System Recovery is a fake defragmentation program (or defragger) that creates hostile error messages and a range of other system problems to make it appear as though your PC is seconds away from spontaneous combustion. SpywareRemove.com malware experts haven’t found any real error-detection or removal features in System Recovery, let alone actual defragmentation features, and due to these deceitful and outright harmful traits, System Recovery should be considered scamware instead of a legitimate program. System Recovery is strongly-associated with other rogue defraggers in the FakeHDD family, and until you delete System Recovery with the appropriate anti-malware product, you should be prepared for attacks that these scamware programs are known for, such as browser hijacks, vanishing files and unwanted changes to your desktop.Staying Alert for System Recovery’s Fraudulent PC Monitoring Features
System Recovery, like other FakeHDD rogue defragmenters, pretends to offer many different features that you wouldn’t see on a normal defragger, such as RAM analysis and Registry-cleaning. Since these features require extremely specialized functions, SpywareRemove.com malware researchers weren’t surprised to discover that System Recovery doesn’t have any of the features it advertises, including its supposed defragging function. Instead, these fake features are merely billboards for posting fake warnings.
Many of these errors are also recreated by other rogue defraggers that are related to System Recovery. Examples include Windows 7 Restore, Master Utilities, Memory Scan, HDD Tools, HDD Scan, Memory Optimizer and Windows Tool, which all belong to the same overall family of rogue defragmenters as System Recovery and utilize similar attacks.
Finding a Way to Recover Your PC from System Recovery
Gaining access to powerful anti-malware programs is recommended as the first step towards removing System Recovery efficiently.
- System Recovery may use several methods to hide files on your hard drive, including moving program shortcuts to your Temp folder and attacking Windows Explorer to prevent it from showing certain files. Until you’ve gotten rid of System Recovery, it’s recommended that you try to avoid cleaning out folders casually, since System Recovery may have stored your important files in these locations. If you can’t access a critical file, consider using the Command Prompt program, which should show any files that System Recovery tries to hide from Windows Explorer.
- System Recovery may also block security programs. The easiest way to duck under this unwarranted assault is to use Safe Mode or another form of system boot that stops System Recovery from launching in the first place. Because System Recovery, like many other FakeHDD programs, will hook itself into the normal startup routine for your PC, you should assume that System Recovery is active if you’ve used a normal system boot.
- Finally, web browser redirect attacks are also common with any FakeHDD infection, including System Recovery. Take care to avoid giving away money or private information to websites that System Recovery redirects you to, and never try to buy System Recovery. If necessary, our malware experts have found that you can use the free code ’1203978628012489708290478989147′ to imitate registration for System Recovery prior to deletion.
System Recovery Automatic Detection Tool (Recommended)
Is your PC infected with System Recovery? To safely & quickly detect System Recovery, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect System Recovery
What happens if System Recovery does not let you open SpyHunter or blocks the Internet?
Visual & GUI Characteristics
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 %ALLUSERSPROFILE%\ Application Data\ YvhFlJjjduMa.exe 131 2 %ALLUSERSPROFILE%\ Application Data\ BvhFlJjjduMa.exe 124 3 %ALLUSERSPROFILE%\ Application Data\ BvhFlJwnduMa.exe 103 4 %ALLUSERSPROFILE%\ Application Data\ GyxHFmRWxGIKn.exe 96 5 %ALLUSERSPROFILE%\ Application Data\ iMXxHFmRWxGIKn.exe 87 6 %LocalAppData%\[RANDOM CHARACTERS] N/A 7 %LocalAppData%\[RANDOM CHARACTERS].exe N/A 8 %LocalAppData%\~[RANDOM CHARACTERS] N/A 9 %LocalAppData%\~[RANDOM CHARACTERS] N/A 10 %Temp%\smtmp\ N/A 11 %Temp%\smtmp\1 N/A 12 %Temp%\smtmp\2 N/A 13 %Temp%\smtmp\3 N/A 14 %Temp%\smtmp\4 N/A 15 %StartMenu%\Programs\System Recovery\ N/A 16 %StartMenu%\Programs\System Recovery\System Recovery.lnk N/A 17 %StartMenu%\Programs\System Recovery\Uninstall System Recovery.lnk N/A 18 %UserProfile%\Desktop\System Recovery.lnk N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
Additional Information
- The following messages's were detected:
# Message 1 Activation Reminder System Recovery Activation Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features. 2 Critical Error A critical error has occurred while indexing data stored on hard drive. System restart required. 3 Critical Error Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error. 4 Critical Error Hard Drive not found. Missing hard drive. 5 Critical Error RAM memory usage is critically high. RAM memory failure. 6 Critical Error Windows can't find hard disk space. Hard drive error 7 Critical Error! Damaged hard drive clusters detected. Private data is at risk. 8 Critical Error! Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware. 9 Critical Hard Disk Drive Error System Recovery detected a bad sector on your hard disk drive. This error may cause the following problems: - Data corruption and loss - Hard drive inaccessibility - System errors and failures 10 Fix Disk System Recovery Diagnostics will scan the system to identify performance problems. Start or Cancel 11 Hard Drive Failure The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system. 12 System Error An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors. 13 System Recovery Diagnostics Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software? 14 System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required. 15 Windows - No Disk Exception Processing Message 0x0000013
Posted: September 3, 2011 | By SpywareRemove
MoreThreat Level: 10/10
(1 votes, average: 1.00 out of 5)
Loading ...Rate this article:
Detection Count: 726
It is very useful and informative. appreciate helping to remove my malware.