How to get rid of fake Windows Restore virus

A few days ago, my customer reported that: I seem to have a virus/spyware/malware on my computer. The virus/malware showed up yesterday, and within minutes completely delete my hard drive, all , my desktop is empty , I’m left with a blank desktop and no Documents / Files / Music / Pictures / Programs etc, and all of my programs are deleted , the spyware preventing me from using any antivirus/spyware programs to scan my computer.

I check the customer’s computer , the computer is infected by Windows Restore spyware, it didn’t delete those files it just made the files attribute as “hidden”, and did the same thing with desktop shortcuts, all of your folders and everything.

The simple thing you have to do is open your folder options within any window , and “Folder and Search options” should be the tabpage to pick. Under the tabpage there is a view tab and within are a bunch of radial buttons, there is a options called “Hidden Files and Folders”, checkmark the one that says “Show hidden files, folders” , after you check it , then click apply button , you should see all of your folders and datas back to where they are.

What is Windows Restore? Windows Restore is really a spyware or virus?

Fake Windows Restore reputation/ rating online is terrible. and it  is installed/ run without your permission.WinRestore.exe spyware is a fake software which belongs to rogue spyware family. it is also named as WindowsRestore and has a clone named System Restore virus. It is 100 percent sure and confirmed that Windows Restore is not a useful computer software but a bogus and piece of fraud tools and a part of scam. Windows-Restore spyware is a fake software developed by hackers, They install it into computers over internet using malicious websites ,worm and trojans. After Windows restored virus or WinRestore.exe is placed in your computer, it will try to scare you with fake warnings and alerts and it will force you to buy its full version to get rid of viruses.

Windows Restore malware/spyware/virus manually removal :

1.The associated files of Fake Windows Restore to be deleted are listed below:

%AppData%\Microsoft\[random].exe

%UserProfile%\Desktop\Windows Restore.lnk

%UserProfile%\Start Menu\Programs\Windows Restore\

%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk

%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk

2.The registry entries of Windows Restore spyware that need to be deleted are listed as follows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ‘{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = ‘1′

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = ‘no’

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = ‘yes’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = ‘0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = ‘1′

How to remove fake WindowsRestore virus (spyware,Trojan,worms) automatically:
You will need to download and burn into cd several programs on clean PC or copy them to USB Disk to remove WindowsRestore virus. Here is the instructions:
a) copy the below programs to USB disk (you can use an MP3 player) or Burn them to CD :
  1. Avast Pro Antispyware software(Try, free of charge, for a 30 day trial period!) .Please download with this Download Link.

remove fake windows restore malware

  1. Wise PC Doctor : with this download link(http://www.wisepcdoctor.com/wisepcdoctor_Setup.exe)to restore normal execution of registry.

remove fake windows restore virus

  1. You might want to download AVG Internet Security 2011 as alternate scanners. Though you are likely to be able to download them later on.

b). Restart your computer. At this point you need to gently Press the F8 key repeatedly when you find the startup menu, Select the option “ Safe Mode with Networking” by using the arrow key, then press Enter key on your keyboard , and your computer will start into Windows Safe Mode.

c) Now you need to install Avast Pro Antispyware on your computer, When the program is installed, your need update its database to the latest, then reboot your computer to make the program fully functional, Go Step B to reboot your computer into Safe Mode and do a complete scan for your computer .

NOTE:

(1)In case you have some problems running Avast Pro Antispyware, you may rename the downloaded file’s name to explorer.exe or iexplore.exe. After that double click the download file and follow the install steps .

(2) Please make file extention show before renaming download file.

d) After finish the full scan, click "Show Results" and be sure that the important data aren’t removed and infected. Select or ignore the scan result and click "Remove Selected" button to get rid of the virus and malwares. Avast Pro Antispyware will give you a report to indicate all operations for this scan. It can be saved as you want. Restart your computer and the Avast Pro Antispyware will get rid of all virus or malwares which are detected before.

e) How to erase bad registry? Please install Wise PC Doctor- the best PC cleaner can easily fix your broken registry values and restore registry values .

Why Wise PC Doctor should be used ?

As we all know, virus, Trojans and Malwares make the computer breakdown by destroying and modifying the registry values so that the computer will not run normally.

After the virus, Trojans and Malwares are removed, the registry remains to be destroyed or modified, therefore the computer’s system still has some problems. That’s

why you really need to fix the registry. Furthermore, some virus, Malwares and Trojans leave many dll data in the registry and this may cause damaged DLL errors and also have an effect on the computer’s system performance.

in any other case Uninstall or install software may make your registry database fragmented, with corrupted, harmful and obsolete files. Do a complete scan for your computer by Wise PC Doctor at this moment.

f) Run Wise PC Doctor to repair your computer:

1. Install Wise PC Doctor.

2. Click "One-Click Fix",do a complete scan for your computer.

3., Click “Repair All” then fix all detected problems.

Following the five easy steps above, your computer will run much faster than before.

Additional Resources of fake Windows Restore spyware removal:

Tags: , , ,

11 Responses to “How to get rid of fake Windows Restore virus”

  1. Helsen says:

    I can’t believe that windows restore could be allowed on the web. Obviously, windows restore is spyware and malware, Do Not call the online help center. Do NOT install their software.

  2. wilson says:

    Good advice…. I don’t like windows restore coming to my pc without my knowledge. I followed your directions on this malware’s removal. thank you.

  3. Sarath says:

    Thank you so much for the tip. It helped.

  4. Carol says:

    I have this fake spyware virus on my computer and it will not allow me to reboot the computer in safe mode so that I can try to run an anti virus program

  5. Robert Karen says:

    Good Information related to this malware or virus.I am really in need to know about this malware and how to resolve this.

  6. phdaddy says:

    How can the people running the internet be so dumb…they aren’t. They just close their eyes to this crime so they can make more money selling stuff to confused people. They could actually shut down this virus in a day or two and put the people in jail.

  7. alex says:

    when i choose Safe Mode with Networking the pc freeze when loading windows files
    it just loads 3:
    windows\system32\config\system
    windows\system32\ntoskrnl.exe
    windows\system32\hal.dll

  8. w00ly says:

    @phdaddy wow what a foolish reply. There’s no one individual or organization that “runs” the internet. The internet is a collection of computers distributed globally. Because of this reason it is impossible to simply “shut down” viruses. The only ones that make money off it are the creators, so I do agree that the windows restore virus is criminal and the creators should be jailed.

  9. Nice tutorial, i have rated it 5 stars because it works just well.

  10. PC Monster says:

    i know a few people who have had this issues and i reccomended wise pc doctor as well. Ive also used some misc free tools.

  11. Kina Cheeves says:

    Do you think that Windows 7 is much better at guarding pc users from infections and spyware? I have a couple of laptops with Windows 7 installed and both have had problems with viruses. Now it may be that my better half uses one plus my son uses the other. But operating systems must protect your computer no matter who’s working with it. Just saying.

Leave a Reply