Search this blog

Tuesday, September 13, 2011

Data Recovery virus. How to remove Data Recovery malware

This post aims to tell you about the next fake HDD named Data Recovery. It is the direct successor of System Recovery malware, the viruses of which we told you in several of our previous posts recently. This type of rogue program is very severe, beyond any doubt. Not only it annoys the user with its persistent and permanent fake system warnings and failure notifications but, additionally, it makes the real mess out of your system. Due to the virus aggression of this program all your files, folders, icons and programs in the Start menu appear to be missing. Similarly, the very desktop would turn out to be black or empty. User would not be really able to do anything with his/her computer unless the removal of Data Recovery trojan infection is successfully accomplished. This blog recommends users to use GridinSoft Trojan Killer and we are quite persuaded that this is a great program able to help you delete this scam effectively and completely. But, by the way, to get rid of DataRecovery virus is not enough. What should be also done is to restore the files and folders back to the previous condition. This can be achieved using two additional and actually free programs recommended by us. They are called GridinSoft Unhider and GridinSoft Restore. Both of them are essential to help you fix the problems caused by this threat. In order to instruct you how exactly to uninstall Data Recovery malware we have prepared the video guide with the step-by-step presentation and guidelines. The video is based on System Recovery virus removal, which is the same as that for Data Recovery virus. Don’t forget that GridinSoft Trojan Killer is not a free program. However, if you want to get rid of Data Recovery scam for free then we can recommend you to write to the customer support team of GridinSoft Trojan Killer and they will send you the free trial activation code for their program. The code will be valid for 15 days and you will be able to enjoy all the benefits of this powerful anti-malware application.

Fake information presented by Data Recovery malware:

  • Hard drive rotational speed decreased by 20%
  • Drive C initializing error
  • Disk drive C:\ is unreadable
  • System files are damaged. System is unstable.
  • GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
  • The problem may cause errors while loading your operation system
  • RAM memory speed decreased significantly and may cause a system failure
  • Hard drive does not correspond to system requests
  • Damaged hard drive clusters detected. Private data is at risk. Restore is required
  • C:\System32\drivers is damaged. This problem may cause a system failure
  • Hard drive rotational speed exceeds system limits and may cause a system failure
  • Boot sector of the hard drive is damaged
  • Hard drive space less than technical limits
  • RAM Memory temperature is 83

The following fake error messages normally popup in the right-bottom part of user’s desktop. No doubt, they all should also be disregarded by you.

  • Critical Error! HDD clusters are partly damaged. Segment load failure
  • Critical Error! Windows OS can’t detect a free hard disk space. HDD error
  • Critical Error! Damaged hard drive clusters detected. Private data is at risk.
  • Critical Error! Hard Drive not found. Missing hard drive.
  • Critical Error! RAM memory usage is critically high. RAM memory failure.
  • Critical Error! Windows can't find hard disk space. Hard drive error
  • Critical Error! Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
  • Critical Error! A critical error has occurred while indexing data stored on hard drive. System restart required.
  • System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
  • Activation Reminder
    Data Recovery Activation Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.
  • Low Disk Space You are running very low disk space on Local Disk (C:).
  • Windows - No Disk Exception Processing Message 0x0000013

Data Recovery automatic removal:

malware removal tool

GridinSoft Unhider download link: www.trojan-killer.net/download/unhider.exe

GridinSoft Restore download link: www.trojan-killer.net/download/restore.exe

Data Recovery manual removal:

Delete Data Recovery files:
  • %LocalAppData%\
  • %LocalAppData%\.exe
  • %LocalAppData%\~
  • %LocalAppData%\~
  • %StartMenu%\Programs\Data Recovery\
  • %StartMenu%\Programs\Data Recovery\Data Recovery.lnk
  • %StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
  • %Temp%\smtmp\
  • %Temp%\smtmp\1
  • %Temp%\smtmp\1
  • %Temp%\smtmp\2
  • %Temp%\smtmp\3
  • %Temp%\smtmp\4
  • %UserProfile%\Desktop\Data Recovery.lnk
Delete Data Recovery registry entries:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"

2 comments:

Sean Maverick said...

The thing with most people today is they have this false perception data loss only happens in geeked techy television shows and not in real life. BIG MISTAKE. Usually, when the files go missing, the flow of regrets (and blaming) were a dragging recollection of what-ifs or i-should've-listened-to-that-ad-eventhough-I-can't-stand-the-speaker's-hair. Today's Backup software are available in many formats, each highlighting the need for installation.

Most people would label backups as something for the techy folks. Well, aside from the super easy steps during installation, there are options tailor-made for every user.

Churro said...

wow... si esto de los virus cada vez esta más chungo... justo ahora leía este artículo.. para acojonarse un rato xD Conficker, el ‘gusano’ que podría acabar con internet en 15 minutos

Post a Comment

Search this blog