Virus Removal Guru

System Restore (SystemRestore) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

System Restore, also known as SystemRestore, is a new fake optimization program. Real optimization programs are made to help optimize the computer to make it perform faster by making changes to software and hardware. For example, a disk optimization program may optimize a computer hard disk by organizing the files so that the computer can access these files quickly; the disk optimization program may also cleaning up unused files. This fake program is not to be confused with System Restore which is provided by Windows; System Restore can be used to rollback changes to the computer to a previous date. System Restore by Windows is provided in multiple operating systems and is a useful program. System Restore attempts to convince the user that there is hard drive issues by making a majority of files hidden. When the user can’t find these files, the user may believe that the hard drive is corrupt. These files can still be viewew by turning on “hidden files and folders” in folder options. System Restore is a new version of Windows Restore, which is also a fake optimization program. The comments here for Windows Restore which are posted by users may provide insight into the successful removal of System Restore since the two programs are very similar. The two programs look the same and act very similar, with the main difference being the change in name. System Restore is a clone of other fake computer optimization programs; these fake optimization programs are generally released on a weekly basis. Some other versions of this fake program are Windows Recovery and Windows Repair. Both of these programs were released in March 2023.

System Restore claims to offer a variety of computer related services including being able to view the system status of the computer (computer hard drives, computer memory, system health, performance services and proactive protection), diagnostics (system safety & performance test along with RAM & storage memory test), and the ability to fix errors found. For example, System Restore claims to look at hard disk fragmentation and claims to check for system files integrity. Fake programs like System Restore will use a variety of methods to enter and infect computers. System Restore was recently introduced around April 2023 and is generally installed without user permission through the use of a trojan horse, which is generally downloaded through a security flaw. The flaw can be in the web browser or any software which has the ability to access the web. For example, it has been reported that its previous clone, Windows Recovery, was spread through a security flaw in specific PDF files. Some fake antivirus programs, such as Win 7 Security 2023, have also spread through email attachments. System Restore main executable is generally a series of random characters.

Below is our recommended removal tool for System Restore. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with System Restore with task manager. If task manager has been blocked by System Restore, try using Process Explorer.

Important - System Restore will hide other files and folders in the computer in an attempt to try and convince the user that there are issues with the hard drive. By turning on “show hidden files and folders,” the user will be able to see their files. In Windows 7, you can search “hidden files and folders” in the Windows Search Bar to find the folder options. To bring up the Windows Search Bar, click on the Windows 7 logo in the bottom left hand portion of the screen (this will bring up the programs). In Windows XP, the user will need to go to tools and then go to folder options in the file manager. In folder options, click “View” and scroll down to “Hidden files and folders.” This will allow the user to see the hidden files and folders. In order too make these files unhidden, you will need to go to the following location.

Windows Vista & Windows 7 – C:\Users\

Windows XP – C:\Documents and Settings\

The user will need to locate the folder with their username. They will then need to right click on the folder and left click on properties. This will bring up the properties. Deselect the hidden box and click ok. A box will come up and select to apply changes to the folder, subfolder, and files.

System Restore, like many other fake fake programs, will create a series of warnings and pop ups in order to scare the user into purchasing the fake program. System Restore hopes to make the user think that there are serious issues with the computer. System Restore may also create these warnings in an attempt to make it look legitimate to the user. Some of these warnings which are created by System Restore can be found below. Many of these warnings will come up when attempting to open a program. System Restore will generally close the program and then show the warning.

“Hard Drive Failure

RAM memory usage is critically high. RAM memory failure.”

System Restore, like many other fake fake programs, will also claim that there are many issues with the user’s computer. Some of these issues can be found below.

“Registry Error – Critical Error
Boot sector of the hard drive disk is damaged – Critical Error
Data Safety Problem. System integrity is at risk.
RAM memory temperature is 83 Celsius. Optimization is required for normal operation.
Read time of hard drive clusters less than 500 ms – Critical Error
A problem detected while reading boot operating system files
Drive C initializing error
Bad sectors on hard drive or damaged file allocation table – Critical Error
Hard drive doesn’t respond to system commands – Critical Error
RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
35% of HDD space is unreadable – Critical Error”

Below is additional warnings created by System Restore.

“Critical Hard Disk Drive Error

Damaged hard drive clusters detected. Private data is at risk.”

The main goal being all these warnings to just to hopefully convince the user that there are major issues with the computer. Hiding files is further just a method to convince the user that there are possible issues with the computer. However, it is important to note that System Restore is fake and the program is causing the issue.

It is recommended to use safe mode when removing the virus because System Restore will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

The safe mode with networking option will allow the user to be able to use the internet in safe mode. System Restore can be removed by using the removal tool or by manually removing the virus.

View System Restore Files
View System Restore Keys

Common symptoms and characteristics of System Restore and other rogue security programs include:
1. System Restore is generally installed without user permission.
2. System Restore uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

Manual System Restore Removal – In order to manually remove System Restore, the processes associated with System Restore must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before System Restore entered the computer.

Important: Before attempting to manually remove System Restore, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing System Restore. However, please use discretion since these specific comments pertain to other fake antivirus programs.

Stop System Restore Processes (Learn How To Do This)
[random].exe

To clarify, [random].exe means that the executable will be a set of random characters.

Remove System Restore Files (Learn How To Do This)

Windows XP – C:\Documents and Settings\All Users\Application Data\Microsoft\[random].exe

Windows Vista & Windows 7 – C:\ProgramData\[random].exe

The file location is different among operating systems (Windows XP, Windows Vista, Windows 7) due to a different method in which each operating system organizes files.

System Restore will generally make a large portion of files on the computer hidden. This includes the main executable for System Restore. Therefore, the user will need to turn on “show hidden files” in order to see these files. This feature can be found in the folder options under “Hidden files and folders.” In Windows 7, you can search “hidden files and folders” in the Windows Search Bar to find the folder options. To bring up the Windows Search Bar, click on the Windows symbol in the bottom left hand part of the screen. In Windows XP, the user will need to go to tools and then go to folder options in the file manager. In folder options, click “View” and scroll down to “Hidden files and folders.”

Remove System Restore Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\System Restore
HKEY_LOCAL_MACHINE\SOFTWARE\System Restore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Restore

Remove System Restore Startup Entry (Learn How To Do This)
[random].exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove System Restore.

Posted in: Malware Removal

This entry was posted on Wednesday, April 13th, 2024 at 5:14 pm and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.