Thursday, November 24, 2011

HOW TO GET RID OF FAKE WINDOW RESTORE VIRUS

A few days ago, my client reported that: "I seem to have a virus/spyware/malware on my computer. The virus/malware showed up yesterday, and within minutes completely delete my hard drive, all , my desktop is empty , I’m left with a blank desktop and no Documents / Files / Music / Pictures / Programs etc, and all of my programs are deleted , the spyware preventing me from using any antivirus/spyware programs to scan my computer."
I checked my client's computer , the computer is infected by Windows Restore spyware, it didn’t delete those files it just made the files attribute as “hidden”, and did the same thing with desktop shortcuts, all of your folders and everything.

FOLLOW THE STEPS OUTLINE BELOW

The simple thing you have to do is open your folder options within any window , and “Folder and Search options” should be the tabpage to pick. Under the tabpage there is a view tab and within are a bunch of radial buttons, there is a options called “Hidden Files and Folders”, checkmark the one that says “Show hidden files, folders” , after you check it , then click apply button , you should see all of your folders and datas back to where they are.

What is Windows Restore? Windows Restore is really a spyware or virus?

Fake Windows Restore reputation/ rating online is terrible. and it is installed/ run without your permission.WinRestore.exe spyware is a fake software which belongs to rogue spyware family. it is also named as WindowsRestore and has a clone named System Restore virus. It is 100 percent sure and confirmed that Windows Restore is not a useful computer software but a bogus and piece of fraud tools and a part of scam. Windows-Restore spyware is a fake software developed by hackers, They install it into computers over internet using malicious websites ,worm and trojans. After Windows restored virus or WinRestore.exe is placed in your computer, it will try to scare you with fake warnings and alerts and it will force you to buy its full version to get rid of viruses.

Windows Restore malware/spyware/virus manually removal:
  1. The associated files of Fake Windows Restore to be deleted are listed below:
    • %AppData%\Microsoft\[random].exe
    • %UserProfile%\Desktop\Windows Restore.lnk
    • %UserProfile%\Start Menu\Programs\Windows Restore\
    • %UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk
    • %UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk
  2. The registry entries of Windows Restore spyware that need to be deleted are listed as follows:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =‘{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = ‘1′
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = ‘no’
    • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = ‘yes’
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = ‘0′
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = ‘1′
How to remove fake WindowsRestore virus (spyware,Trojan,worms) automatically:

You will need to download and burn into cd several programs on clean PC or copy them to USB Disk to remove WindowsRestore virus. Here is the instructions:

  1. Copy the below programs to USB disk (you can use an MP3 player) or Burn them to CD :
    1. Avast Pro Antispyware software(Try, free of charge, for a 30 day trial period!) .Please download with this Download Link.
    2. Avast downlaod Link
    3. Download wise PC doctor : with this download link(http://www.wisepcdoctor.com/wisepcdoctor_Setup.exe),to restore normal execution of registry.
    4. Wise PC doctor download link
  2. Restart your computer. At this point you need to gently Press the F8 key repeatedly when you find the startup menu, Select the option “ Safe Mode with Networking” by using the arrow key, then press Enter key on your keyboard , and your computer will start into Windows Safe Mode.
  3. Now you need to install Avast Pro Antispyware on your computer, When the program is installed, your need update its database to the latest, then reboot your computer to make the program fully functional, Go to the previous Step to reboot(restart) your computer into Safe Mode and do a complete scan for your computer .
  4. NOTE:
    1. In case you have some problems running Avast Pro Antispyware, you may rename the downloaded file’s name to explorer.exe or iexplore.exe. After that double click the download file and follow the install steps.
    2. Please make file extention show before renaming download file.
  5. After finish the full scan, click "Show Results" and be sure that the important data aren’t removed and infected. Select or ignore the scan result and click "Remove Selected" button to get rid of the virus and malwares. Avast Pro Antispyware will give you a report to indicate all operations for this scan. It can be saved as you want. Restart your computer and the Avast Pro Antispyware will get rid of all virus or malwares which are detected before.
  6. How to erase bad registry? Please install Wise PC Doctor- the best PC cleaner can easily fix your broken registry values and restore registry values.
  7. Why Wise PC Doctor should be used?

    As we all know, virus, Trojans and Malwares make the computer breakdown by destroying and modifying the registry values so that the computer will not run normally. After the virus, Trojans and Malwares are removed, the registry remains to be destroyed or modified, therefore the computer’s system still has some problems. That’s why you really need to fix the registry. Furthermore, some virus, Malwares and Trojans leave many dll data in the registry and this may cause damaged DLL errors and also have an effect on the computer’s system performance. In any other case Uninstall or install software may make your registry database fragmented, with corrupted, harmful and obsolete files. Do a complete scan for your computer by Wise PC Doctor at this moment.

  8. Run Wise PC Doctor to repair your computer:
    1. Install Wise PC Doctor.
    2. Click "One-Click Fix",do a complete scan for your computer.
    3. Click “Repair All” then fix all detected problems.

Following the five easy steps above, your computer will run much faster than before.

1 comment:

  1. Great tutorial. I myself experienced this one indeed. Thanks for sharing!

    ReplyDelete