Tuesday, April 12, 2011

Windows Restore Virus (remove virus-restore)

Windows Restore Virus is usually stands for fake anti virus/anti-spyware programs that infects our cmputer with multiple spyware and malware issues. Windows Restore virus will automatically installs itself from ActiveX files that are downloaded to your system due to flaws in your internet security settings or out of date spyware removal tools will automatically windows restore virus will automatically update themselves when your computer is connected to the internet.

If your computer system/OS is infected with "Windows Restore Virus" the windows OS will continuously give messages about an infection on the PC via pop-ups, and notifications in the task menu. When the Windows Restore malware runs it will appear to be running scans and it will present a list of infections and when it attempts to remove the infections. That is just a scam to scare you into submitting their credit card information.

Windows Restore Virus - Manual Removal:

The first step in order to avoid any further infections caused by internet browsing redirects users will need to go to their Internet Options. To do it go to the start menu- control panel - Internet Options - choose the "Connections" tab - LAN Settings - uncheck the "Use a Proxy Server" Option, Then click "Ok" to save your settings. Next, restart your PC, and start with "safe mode". To access the safe mode, restart your computer and tap the F8 button. When correctly done a black screen will appear with options for starting up Windows. Choose Safe Mode and Windows will load safe mode, Next locate and delete the following files associated with Windows Restore:

Windows Vista an windows 7:
(Openyour windows explorer - Documents and Settings, and )

%UserProfile%\Desktop\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\
%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk

Windows XP:

%AllUsersProfile%\Application Data\~random
%AllUsersProfile%\Application Data\~randomr
%AllUsersProfile%\Application Data\random.dll
%AllUsersProfile%\Application Data\random.exe
%UserProfile%\Desktop\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\
%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk

Windows Restore Registry Entries that must be removed - (go to start- run - type regedit)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “random.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′

Note : the random (red color) can be any names, such as , hdfkdh , dkfhdhfk.exe jdfhjkdh.dll, Windows-Restore-Virus.exe , ...etc

No comments:

Post a Comment

Please leave your comments or your promotion links, but don't add HTML links into the comment body, because I consider it as a spam, and will be delete..

Thank you for your visit..