Data Repair scam (also known as DataRepair) is the next virus application introduced into the World Wide Web by the cyber hackers. It should be, of course, mentioned that Data Repair is typically the same malware product as Data Recovery virus of which we told you recently. It even has the same main process running, being named as 6DSS92c31Apgjk.exe . This process 6DSS92c31Apgjk.exe cannot be easily terminated by user due to the Task Manager being blocked by the a.m. malware. Thus, in other words, both of these applications are typically very similar when it comes to their GUI and the range of all the malicious activities they perform on the contaminated computers. The removal of this virus, DataRepair, is not really easy thing to do for a regular user is he/she wants to do it manually. This goal is more feasible for powerful anti-virus products, malware and trojan killers. It should be also noted that not all real-time anti-virus programs (even the most decent ones) are capable of detecting this malware on a timely basis. Some of them actually are not updated as often as they should be (either by the fault of their developers of by the fault of the users who are not cautious enough to keep their anti-virus software databases up-to-date). Whatever the case might be, when Data Repair trojan files are brought into the contaminated computer the user would not recognize the machine at all. There are plenty of modifications introduced by this rogue, below please find some of them.
- Hiding the Desktop. This means that the desktop is either empty (missing) or black (blank). Moreover, the user cannot use the desktop in the normal mode.
- Due to Data Repair scam the icons at the desktop are also all missing (except for the few ones). Of course, the icon of Data Repair fake HDD program would remain. Sometimes the icons are first highlighted, and then, within some time, totally disappear.
- Hiding the majority of files and folders, especially the system ones.
- Annoying you with plenty of fake system error messages and notifications.
- Considerable slowdown of your computer.
This list is not complete, of course. But it is quite enough for you to realize that indeed Data Repair is not the program you want to have on your computer. However, the malware tries to imitate the features of some decent system defragmenter, even though this is just the pack of lies without any grounds to believe into. Here is another screenshot of Data Repair scam (click the picture to retrieve the full-size image):
Indeed, some users get really horrified when they encounter the huge range of problems supposedly detected by Data Repair program inside of your system. It would tell you about your hard drive missing or unreachable, memory problems and other issues of the similar manner. Remember that all such facts stated by this malware application are totally take and should not be trusted by you. Here is how the error report of the rogue program we are talking about looks like (click the picture to retrieve the full-size image):
When the fake system scan of Data Repair malware is completed it would give the following list of errors (the so-called Result Report):
As you see, the rogue tells you that the huge number of your files have been lost. Obviously, the user can be really frustrated by such reports, but the fact is that they are all untrue. The files have remained, they have not been deleted. They have been relocated by DataRepair virus to other folders. Here is the whole bunch of fake notifications presented by this scam.
Fake information presented by Data Repair malware:
- Hard drive rotational speed decreased by 20%
- Drive C initializing error
- Disk drive C:\ is unreadable
- System files are damaged. System is unstable.
- GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
- The problem may cause errors while loading your operation system
- RAM memory speed decreased significantly and may cause a system failure
- Hard drive does not correspond to system requests
- Damaged hard drive clusters detected. Private data is at risk. Restore is required
- C:\System32\drivers is damaged. This problem may cause a system failure
- Hard drive rotational speed exceeds system limits and may cause a system failure
- Boot sector of the hard drive is damaged
- Hard drive space less than technical limits
- RAM Memory temperature is 83
The following fake error messages normally popup in the right-bottom part of user’s desktop. No doubt, they all should also be disregarded by you.
- Critical Error! HDD clusters are partly damaged. Segment load failure
- Critical Error! Windows OS can’t detect a free hard disk space. HDD error
- Critical Error! Damaged hard drive clusters detected. Private data is at risk.
- Critical Error! Hard Drive not found. Missing hard drive.
- Critical Error! RAM memory usage is critically high. RAM memory failure.
- Critical Error! Windows can't find hard disk space. Hard drive error
- Critical Error! Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
- Critical Error! A critical error has occurred while indexing data stored on hard drive. System restart required.
- System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
- Activation Reminder Data Repair Activation Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.
- Low Disk Space You are running very low disk space on Local Disk (C:).
- Windows - No Disk Exception Processing Message 0x0000013
The main goal of Data Repair is to make you purchase its activation code in order to insert it into the respective field and to have the fake problems fixed in such a manner. However, purchasing the rogue and its useless activation code will not help you. The problems would remain persistent, opening the doors for further malware aggression. You need to stay away of purchasing the activation code and to entirely disregard the fake payment processing page of Data Repair virus.
Data Repair automatic removal milestones:
- Download GridinSoft Trojan Killer and run full scan with it.
- Download Kaspersky TDSS Killer from this link http://support.kaspersky.com/viruses/solutions?qid=208280684
- Download and run GridinSoft Unhider and GridinSoft Restore tools.
GridinSoft Unhider download link: www.trojan-killer.net/download/unhider.exe
GridinSoft Restore download link: www.trojan-killer.net/download/restore.exe
Data Repair manual removal:Delete Data Repair files:
- %StartMenu%\Programs\Data Repair\
- %StartMenu%\Programs\Data Repair\Data Repair.lnk
- %StartMenu%\Programs\Data Repair\Uninstall Data Repair.lnk
- %UserProfile%\Desktop\Data Repair.lnk
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"