Windows Recovery (WindowsRecovery) Virus Removal Guide
Virus Type: Rogue Security Application
Threat Level: 8 / 10
Windows Recovery, also known as WindowsRecovery, is a new fake disk and system optimization application; Windows Recovery claims to offer a variety of services including checking the system status of the user’s system (computer hard drives, ram memory, system health, etc.), diagnostics, and the ability to fix any errors. Like many other fake programs, Windows Recovery also displays in the right hand area of the program the operating system, installed memory, and hard drive information of the user’s computer. Windows Recovery was recently introduced around late March 2011 and is generally installed without user permission through the use of a trojan horse, which is downloaded generally through a security flaw. It has also been reported that Windows Recovery is spreading through a PDF exploit (essentially, there is a security flaw in the PDF file which is allowing the virus to be downloaded through it). Windows Recovery is a clone of previous fake computer optimization programs and a new version of this virus is generally introduced on a weekly basis; the look generally stays the same but the name changes as new clones are created. Generally, fake antivirus programs create new versions in order to make it harder to be found by antivirus software. Windows Recovery main executable is generally a series of random characters. Previous versions of Windows Recovery include HDD Fix, Quick Defrag, and HDD Low.
Below is our recommended removal tool for Windows Recovery. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.
If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with Windows Recovery with task manager. If task manager has been blocked by Windows Recovery, try using Process Explorer.
Windows Recovery, like many other fake fake programs, will create a series of warnings and pop ups in order to scare the user into purchasing the fake program. Windows Recovery may also create these warnings in an attempt to make it look legitimate to the user. Some of these warnings which are created by Windows Recovery can be found below.
“Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.”
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.”
Windows Recovery, like many other fake fake programs, will also claim that there are many issues with the user’s computer. Some of these issues can be found below.
Registry Error – Critical Error
Read time of hard drive clusters less than 500 ms – Critical Error
A problem detected while reading boot operating system files
Drive C initializing error
Bad sectors on hard drive or damaged file allocation table – Critical Error
Hard drive doesn’t respond to system commands – Critical Error
It is recommended to use safe mode when removing the virus because Windows Recovery will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.
Common symptoms and characteristics of Windows Recovery and other rogue security programs include:
1. Windows Recovery is generally installed without user permission.
2. Windows Recovery uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.
The user comments for ThinkPoint may provide insight into removing Windows Recovery since the viruses are similar.
Manual Windows Recovery Removal – In order to manually remove Windows Recovery, the processes associated with Windows Recovery must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Windows Recovery entered the computer.
Important: Before attempting to manually remove Windows Recovery, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Windows Recovery. However, please use discretion since these specific comments pertain to other fake antivirus programs.
Stop Windows Recovery Processes (Learn How To Do This)
Remove Windows Recovery Files (Learn How To Do This)
Windows XP – C:\Documents and Settings\All Users\Application Data\[random].exe
Windows Vista & Windows 7 – C:\ProgramData\[random].exe
Remove Windows Recovery Registry Keys (Learn How To Do This)
Remove Windows Recovery Startup Entry (Learn How To Do This)
Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)
If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.
Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Windows Recovery.
This entry was posted on Wednesday, March 23rd, 2011 at 12:33 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.