File Restore (FileRestore) Virus

File Restore, also known as FileRestore, is a new fake computer optimization application. File Restore is a new version of File Recovery, which is also a fake computer optimization application released a couple months ago. File Restore claims to offer a variety of services similar to a real computer optimization program such as performing tests to check the hard disk health, performing diagnostics on the drive to remove unneeded files, and improving access speed of the hard drive. The program claims to evaluates the hard disk on reliability, performance, and error resistance. The program will run a fake scan once installed on the computer and then proceed to provide a fake report which doesn’t access the actual health of the hard drive. Windows provides a free program (which is likely to already be installed on the computer) called disk defragmenter which can partially access the health of the hard drive. Computer optimization programs are built in order to supplement the free program provided by Windows and provide addition diagnostics at a cost. However, File Restore is fake and should be removed. The user comments for Windows Recovery may provide insight into removing File Restore since the viruses are similar.

Below is our recommended removal tool for File Restore. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with File Restore with task manager. If task manager has been blocked by File Restore, try using Process Explorer.

It is recommended to use safe mode when removing the virus because File Restore will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. File Restore can be removed by using the removal tool or by manually removing the virus.

View File Restore Files
View File Restore Keys

File Restore will hide the majority of files on the computer. It will then show an alert to the computer that there are hard disk errors, which may scare the user into thinking that the computer hard drive has crashed. However, the files are still on the computer but are hidden. In order to view the files, search “Show hidden files and holders” in the Windows search bar and it will provide the user with the folder options for Windows in which the user can select to “show hidden files, folders, and drives.” The user comments for Windows Recovery may provide insight into removing File Restore since the viruses are similar.

Manual File Restore Removal – In order to manually remove File Restore, the processes associated with File Restore must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before File Restore entered the computer.

Stop File Restore Processes (Learn How To Do This)
[random].exe

Remove File Restore Files (Learn How To Do This)

Windows XP – C:\Documents and Settings\All Users\Application Data\[random].exe

Windows Vista & Windows 7 – C:\ProgramData\[random].exe

Remove File Restore Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\File Restore
HKEY_LOCAL_MACHINE\SOFTWARE\File Restore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\File Restore

Remove File Restore Startup Entry (Learn How To Do This)
[random].exe

File Restore will display warnings and messages which are fake. These warnings include:

“The computer is in critical state. Hard disk error detected.
As a result it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of files, applications and documents stored on your computer.”

“Hard drive boot sector reading error
During I/O system initialization, the boot device driver might have failed to initialize the boot device.
File system initialization might have failed because it did not recognize the data on the boot device”

“System blocks were not found
This has most likely occurred because of hard disk failure.
This may also lead to a potential loss of data.”

“DATA_BUS_ERROR”

“PAGE_FAULT_IN_NONPAGED_AREA
The Stop 0×50 message indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address.”

“INACCESSIBLE_BOOT_DEVICE”

“The DRM attribute value is too small before disk scan
Drive Reliability Monitor (a system of monitoring the reliability of disk drive functioning). The malfunction counter built into the disk drive shows excessive number of malfunctions. The storage device needs to be replaced.”

If you have any questions or comments, please don’t hesitate to comment below. Please feel free to share a solution that you may have used to remove File Restore.

This entry was posted on Saturday, October 27th, 2012 at 7:07 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply