Windows XP Restore (WindowsXPRestore) Virus Removal Guide
Virus Type: Rogue Security Application
Threat Level: 8 / 10
Windows XP Restore is a fake disk optimization application. The application makes is one of three fake applications which target the main three Windows operating systems. The other two are called Windows Vista Restore and Windows 7 Restore. These are all new versions of Windows XP Recovery, Windows Vista Recovery, and Windows 7 Recovery. When it comes to symptoms created by the application, these three are all the same but they just have a different name for the application. They are also all fake disk optimization applications.
A disk optimization program is designed to optimize the computer hard drive. It provides this through removing unneeded files and moving files to make it more efficient. Windows XP Restore will also hide files on your computer in order to scare the user into purchasing the program; however, it is important to note that if the program does do this, the files are hidden but still there on the computer. Below we will discuss how to get the files unhidden. The comments posted by users who were infected by Windows Restore, the comments posted by users who were infected by Windows Recovery, and the comments posted by users who were infected by Windows XP Recovery may provide insight into the successful removal of Windows XP Restore since they are all from the same family of viruses.
Below is our recommended removal tool for Windows XP Restore. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.
If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with Windows XP Restore with task manager. If task manager has been blocked by Windows XP Restore, try using Process Explorer. Also, try renaming the removal tool to iexplore.exe or to a random series of characters, which may allow the program to not be blocked by Windows XP Restore. If you would rather manually remove Windows XP Restore, we recommend checking our removal tips which will help to remove Windows XP Restore.
Important - Windows XP Restore will hide other files and folders in the computer in an attempt to try and convince the user that there are issues with the hard drive. Therefore, by turning on “show hidden files and folders,” the user will be able to see their files. In Windows 7, you can search “hidden files and folders” in the Windows Search Bar to find the folder options. To bring up the Windows Search Bar, click on the Windows 7 logo in the bottom left hand portion of the screen, which will bring up the programs. In Windows XP, the user will need to go to tools and then go to folder options in the file manager. In folder options, click “View” and scroll down to “Hidden files and folders.” This will allow the user to see the hidden files and folders. In order too make these files unhidden, you will need to go to the following location.
Windows Vista & Windows 7 – C:\Users\
Windows XP – C:\Documents and Settings\
The user will need to locate the folder with their username. They will then need to right click on the folder and left click on properties. This will bring up the properties. Deselect the hidden box and click ok. A box will come up and select to apply changes to the folder, subfolder, and files.
Below are some warnings shown by Windows XP Restore.
“Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.”
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.”
RAM memory usage is critically high. RAM memory failure.”
Windows XP Restore, like many other fake fake programs, will also claim that there are many issues with the user’s computer. Some of these issues can be found below.
“Registry Error – Critical Error
Boot sector of the hard drive disk is damaged – Critical Error
RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
RAM memory temperature is 83 Celsius. Optimization is required for normal operation.
Read time of hard drive clusters less than 500 ms – Critical Error
A problem detected while reading boot operating system files
Drive C initializing error
Bad sectors on hard drive or damaged file allocation table – Critical Error
Data Safety Problem. System integrity is at risk.
Hard drive doesn’t respond to system commands – Critical Error
32% of HDD space is unreadable – Critical Error”
Below are additional warnings created by Windows XP Restore.
“Critical Hard Disk Drive Error
Critical hard disk drive error has been detected!
Windows XP Restore detected a bad sector on your hard drive.”
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hart drive error.”
Damaged hard drive clusters detected. Private data is at risk.”
Hard Drive not found. Missing hard drive.”
“Low Disk Space
You are running very low disk space on Local Disk (C:).”
“Windows – No Disk
Exeception Processing Message 0×0000013.”
A critical error has occured while indexing data stored on hard drive. System restart required.”
As previous mentions, the purpose of these messages are likely just to scare the user into purchasing the fake program and to make them believe that there are major issues in the computer. If there really was a hard drive failure, the computer would not even load Windows. We recommend removing Windows XP Restore and then restoring the computer to its original state. This can be done successfully by automatically removing the virus or by manually removing it.
It is recommended to use safe mode when removing the virus because Windows XP Restore will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.
Common symptoms and characteristics of Windows XP Restore and other rogue security programs include:
1. Windows XP Restore is generally installed without user permission.
2. Windows XP Restore uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.
Manual Windows XP Restore Removal – In order to manually remove Windows XP Restore, the processes associated with Windows XP Restore must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before Windows XP Restore entered the computer.
Important: Before attempting to manually remove Windows XP Restore, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing Windows XP Restore. However, please use discretion since these specific comments pertain to other fake antivirus programs.
Stop Windows XP Restore Processes (Learn How To Do This)
To clarify, [random].exe means that the executable for Windows XP Restore will be a set of random characters. This executable will be different from computer to computer. There may be multiple random executables associate with this virus.
Remove Windows XP Restore Files (Learn How To Do This)
Windows XP – C:\Documents and Settings\All Users\Application Data\Microsoft\[random].exe
Windows Vista & Windows 7 – C:\ProgramData\[random].exe
Remove Windows XP Restore Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Windows XP Restore
HKEY_LOCAL_MACHINE\SOFTWARE\Windows XP Restore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Restore
Remove Windows XP Restore Startup Entry (Learn How To Do This)
Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove Windows XP Restore.
This entry was posted on Wednesday, June 8th, 2011 at 4:36 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.