Tuesday, June 7, 2011

How To Remove The Recovery Virus

How To Remove The Recovery Virus


The Windows XP 'Recovery' is a malware program that is widely infecting computers under the guise of system optimization software. Windows XP Recovery will install itself on Windows XP, Windows Vista, and Windows 7 computers providing false system information. It's purpose is to deceive computer users into purchasing a licensed full version version of the program. Once loaded on to the computer, this product will launch a system scan and warn of hard disk drive errors, junk files and folders, numerous registry errors, and several outdated drivers. All are false and do not exist on the system.
To further scare computer users into purchasing the full version of Windows XP Recovery, it will flood the computer with system task bar. All attempts to fix these errors will refer user to a payment web site where credit card account will be processed. The full version (paid version) will not repair the errors. This software was developed solely to steal money from innocent victims.

Windows XP Recovery Removal Procedures

Manual Removal:
Booting 'Safe Mode with Network Support' is the best option to start the removal process.

Press Ctrl+Alt+Del on keyboard to stop the process “Windows XP Recovery”.
When Windows Task Manager opens, go to the 'Processes' Tab and find and end the following process:
(example: 2354568.exe (typically some random characters).exe

2. Update your antivirus to the latest database signatures.
3. Thoroughly scan your computer and remove all threats.
4. All Windows XP Recovery registry entries deleted. See below for entries associated to the rogue program.
5. Exit registry editor.
6. Clean startup of Windows XP Recovery as follows:
Start > Run, type msconfig on the “Open” dialog box. 'Windows System Configuration Utility' will launch. navigate to the Startup tab, un-check the following Start-up item(s):
(example: 2354568.exe (typically some random characters).exe

7. Click Apply, reboot

Windows XP Recovery Removal Tools:

To completely remove the Windows XP Recovery, download and run Malwarebytes Anti-Malware. In the event Windows Xp recovery blocks the installation of Malwarebytes Anti-Malwar (MBAM). You will need to download it on another computer, and rename the EXE extension to anything other than exe. Copy it to USB and run it on the infected computer.

Portable (USB) SuperAntiSpyware:

A thorough scan can be run from USB with SuperAntiSpyware Portable Scanner

Windows XP Recovery Registry Edits

Windows XP Recovery Malware Entries
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random].dll
%UserProfile%\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Recovery\
%UserProfile%\Desktop\Windows Recovery.lnk
%AllUsersProfile%\Application Data\.exe
%AllUsersProfile%\Application Data\.dll
%Programs%\Windows XP Recovery\Windows XP Recovery.lnk
%Programs%\Windows XP Recovery
%Desktop%\Windows XP Recovery.lnk
%TempDir%\dfrgr
%TempDir%\dfrg
%TempDir%\[random characters].exe
%TempDir%\[random characters]
Windows XP Recovery Registry Entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “[random characters].exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“