Windows Repair

Posted: March 26, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	1,145

First Seen:	March 29, 2011
Last Seen:	June 8, 2023
OS(es) Affected:	Windows

Windows Repair is a rogue defragmenter (also known as defragger) application that borrows visual elements and malicious functions from older known rogue threats. There's no gain to be had by refraining from removing Windows Repair from your computer; while it does offer scanning and heuristic services, these functions are all falsified and will offer inaccurate and misleading results. Windows Repair may prevent programs from running, hijack web browser applications and confuse the user with fake error messages, so a thorough removal of this rogue malware isn't something you should wait to do later.

An Alarm a Minute Infection

Unlike some types of rogue PC threats, Windows Repair currently lacks a thoroughly-defined infection technique. You may accidentally download Windows Repair by visiting a website that hosts malicious drive-by download code, by acquiring a trojan infection that downloads malware automatically or by opening a P2P or freeware site file bundled with Windows Repair.

It won't be hard to see Windows Repair on your PC, however, infection will begin by displaying the Windows Repair program brazenly on each startup. While active, Windows Repair may try to create fake errors like the ones you'll see below under the guise of being legitimate system warnings.

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Critical Error!
Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Critical Error
Windows can't find hard disk space. Hard drive error

Critical Error
Hard Drive not found. Missing hard drive.

If you have a Windows Repair infection or infection by similar rogue malware, you should treat any strange errors or alerts with extreme caution until you've verified that the rogue program isn't running, even as a background process in memory. You can check your background memory processes in Task Manager, although many types of malware like Windows Repair will imitate the names of benign system processes.

Repairing Your PC - Without the 'Help' of Windows Repair

Inadvertently hosting Windows Repair on your PC can also lead to serious system damage:

Your web browser may be hijacked by Windows Repair. Hijacks can create misleading content like fake website errors and warnings, change you to a malicious domain or stop you from going to a safe and helpful website. This attack is often coupled with the alteration of your homepage to a malicious one.
Windows Repair may stop different programs from launching. Standard victim programs for these attacks include basic Windows maintenance tools like MSConfig and anti-malware scanners that could delete Windows Repair.
Exposure to other malware attacks due to the above two conditions can result in your PC becoming more compromised the longer you use it. Only totally removing Windows Repair and reverting all security settings to normal levels will make your computer safe again.

Using the serial key '8475082234984902023718742058948' may allow you to run applications while Windows Repair is active if it's truly necessary. However, a better choice is to reboot into Safe Mode, which stops many types of malware from launching at all.

Windows Repair shares enough code with older known rogue programs that it can be removed without trouble by the right anti-malware applications. Any product that has been received due adulation from the industry and is armed with the latest database updates should be able to remove Windows Repair without further ill effects.

Windows Repair belongs to the FakeSysDef family, which includes members such as System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low and Hdd Fix.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%ALLUSERSPROFILE%\Application Data\JmpyxPEOWqPO.exe

File name: JmpyxPEOWqPO.exe
Size: 545.79 KB (545792 bytes)
MD5: 504d44db8bb38ac499950ae9d5585760
Detection count: 53
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: January 8, 2020

%ALLUSERSPROFILE%\Application Data\16113460.exe

File name: 16113460.exe
Size: 467.96 KB (467968 bytes)
MD5: ee42befd1d6ee2217f3daab9d38ba699
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: March 29, 2011

Registry Modifications

The following newly produced Registry Values are:

File name without pathWindows Repair.lnk

8 Comments

Brian says:

March 30, 2011 at 4:54 pm

Just to let anyone who has this know, I recently worked on a computer that had windows repair on it. somehow, windows repair managed to set the properties on all of the folders and files from the C drive to hidden. Be aware.
zak says:

April 2, 2011 at 12:10 am

how do i unhide the files?
colin says:

April 3, 2011 at 7:20 pm

Yes, all fies on C drive attributes changed to hidden. Also removed the DNS server IP address so that I couldn't access any websites by name only by IP address - took me hours to figure that little problem. As it could change the attributes it could also have deleted the files - very dangerous. It even had the nerve to put a shortcut on the desktop to itself (did make it easy to find the .exe though!!)
Anna says:

April 4, 2011 at 4:24 pm

How do i delete windows repair for good?
Bob says:

April 4, 2011 at 6:31 pm

To unhide your files, at a cmd prompt type attrib -h /s /d *
C says:

April 10, 2011 at 1:48 pm

My background is stuck on solid color. Any suggestions? Thx in advance.
e-nolastname says:

April 20, 2011 at 8:54 pm

Me too, My background color was stuck and I couldn\'t use Aero themes anymore. So I made a new user and threw away the old one.

If you can kill all the trojan processes then you should be able to run system restore to fix your old user.
Starlet says:

August 7, 2012 at 10:24 pm

Awesome stuff! Seemed like it worked other than having to make the files unhidden.