Windows Vista Recovery (WindowsVistaRecovery) Virus Removal Guide
Virus Type: Rogue Security Application
Threat Level: 8 / 10
Windows Vista Recovery is a newest in a long list of fake disk optimization programs. Windows Vista Recovery is a clone of Windows XP Recovery and Windows 7 Recovery. It also shares characteristics with Windows Recovery, which is also a fake disk optimization program and the previous version of Windows Vista Recovery. The program was released in early to mid May. Additional previous fake optimization programs include Windows Fix Disk and Windows Restore. Essentially, there are two versions of this fake virus which has similar characteristics.
A disk optimization program is designed to optimize the computer hard drive so that the computer can perform better. It generally will do this by moving files around on the hard drive for faster access and removing unneeded files. However, Windows Vista Recovery is a fake program. The easiest way to tell that it is fake is that it scans the computer almost instantly. Also, the scan results should be the same across multiple computers. Windows Vista Recovery will also hide files on your computer in order to scare the user into purchasing the program; however, it is important to note that if the program does do this, the files are hidden but still there. The comments posted by users who were infected by Windows Restore and the The comments posted by users who were infected by Windows Recovery may provide insight into the successful removal of Windows Vista Recovery. Since the viruses are very similar, we recommend that the user read through the users comments for Windows Restore to gain insight into removing Windows Vista Recovery. The main difference is the name of the program; however, these programs do have a slightly different look. The virus is spread through a trojan horse, which is downloaded on the computer through a security flaw.
Below is our recommended removal tool for Windows Vista Recovery. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.
If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with Windows Vista Recovery with task manager. If task manager has been blocked by Windows Vista Recovery, try using Process Explorer. Also, try renaming the removal tool to iexplore.exe or to a random series of characters, which may allow the program to not be blocked by Windows Vista Recovery. If you need assistance, please feel to ask a question at the bottom of this post.
Important - Windows Vista Recovery will hide other files and folders in the computer in an attempt to try and convince the user that there are issues with the hard drive. Therefore, by turning on “show hidden files and folders,” the user will be able to see their files. In Windows 7, you can search “hidden files and folders” in the Windows Search Bar to find the folder options. To bring up the Windows Search Bar, click on the Windows 7 logo in the bottom left hand portion of the screen, which will bring up the programs. In Windows XP, the user will need to go to tools and then go to folder options in the file manager. In folder options, click “View” and scroll down to “Hidden files and folders.” This will allow the user to see the hidden files and folders. In order too make these files unhidden, you will need to go to the following location.
Windows Vista & Windows 7 – C:\Users\
Windows XP – C:\Documents and Settings\
The user will need to locate the folder with their username. They will then need to right click on the folder and left click on properties. This will bring up the properties. Deselect the hidden box and click ok. A box will come up and select to apply changes to the folder, subfolder, and files.
Once installed, Windows Vista Recovery will set itself to start up when the computer is turned on and will start running the fake scan. Windows Vista Recovery will display a warnings and pop ups to scare the user into purchasing the fake program. The user may be scared because they may feel that their data is at risk. By hiding files on the computer, the program can cause the user to believe that the hard drive is corrupted. However, the files are just hidden.
“Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.”
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.”
RAM memory usage is critically high. RAM memory failure.”
Windows Vista Recovery, like many other fake fake programs, will also claim that there are many issues with the user’s computer. Some of these issues can be found below.
“Registry Error – Critical Error
Boot sector of the hard drive disk is damaged – Critical Error
Data Safety Problem. System integrity is at risk.
RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
RAM memory temperature is 83 Celsius. Optimization is required for normal operation.
Read time of hard drive clusters less than 500 ms – Critical Error
A problem detected while reading boot operating system files
Drive C initializing error
Bad sectors on hard drive or damaged file allocation table – Critical Error
Hard drive doesn’t respond to system commands – Critical Error
35% of HDD space is unreadable – Critical Error”
Below are additional warnings created by Windows Vista Recovery.
“Critical Hard Disk Drive Error
Critical hard disk drive error has been detected!
Windows Vista Recovery detected a bad sector on your hard drive.”
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hart drive error.”
Damaged hard drive clusters detected. Private data is at risk.”
Hard Drive not found. Missing hard drive.”
“Low Disk Space
You are running very low disk space on Local Disk (C:).”
“Windows – No Disk
Exeception Processing Message 0×0000013.”
As previous mentions, the purpose of these messages are likely just to scare the user. It is important to remove Windows Vista Recovery and restore the computer to its original state. This can be done by automatically removing the virus, manually removing it, or attempting a system restore.
It is recommended to use safe mode when removing the virus because Windows Vista Recovery will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.
The safe mode with networking option will allow the user to be able to use the internet in safe mode. Windows Vista Recovery can be removed by using the
Common symptoms and characteristics of Windows Vista Recovery and other rogue security programs include:
1. Windows Vista Recovery is generally installed without user permission.
2. Windows Vista Recovery uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.
Manual Windows Vista Recovery Removal – In order to manually remove Windows Vista Recovery, the processes associated with Windows Vista Recovery must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Windows Vista Recovery entered the computer.
Important: Before attempting to manually remove Windows Vista Recovery, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Windows Vista Recovery. However, please use discretion since these specific comments pertain to other fake antivirus programs.
Stop Windows Vista Recovery Processes (Learn How To Do This)
To clarify, [random].exe means that the executable will be a set of random characters. This executable will be different from computer to computer. There may be multiple random executables associate with this virus.
Remove Windows Vista Recovery Files (Learn How To Do This)
Windows XP – C:\Documents and Settings\All Users\Application Data\Microsoft\[random].exe
Windows Vista & Windows 7 – C:\ProgramData\[random].exe
Remove Windows Vista Recovery Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Windows Vista Recovery
HKEY_LOCAL_MACHINE\SOFTWARE\Windows Vista Recovery
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Vista Recovery
Remove Windows Vista Recovery Startup Entry (Learn How To Do This)
Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)
If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.
Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Windows Vista Recovery.
This entry was posted on Saturday, May 14th, 2016 at 6:44 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.