Monday, December 31, 2012

Get Rid Of The Windows Restore Virus - How To Remove This Malware From Your PC

Get Rid Of The Windows Restore Virus - How To Remove This Malware From Your PC - The Windows restore virus is a program that looks like it meant to protect and optimize your computer but really it contains malware and does nothing at all to protect your PC or laptop. This malicious program works by tricking you into paying for the full version of this program.

This malware gets onto your computer by using hijacked sites to spread this software via pops and by using scripts which will install it without you even knowing about it. As soon as it is on your computer you will start to get warning messages and error messages telling you that your computer is under attack from malware.

You will see generic messages warning you of the following.

#1 Your hard drive has problems and you need to install this program to fix it.

#2 Files and programs are corrupt and you need to run windows restore to fix the problem.

#3 Your Computer security is as risk or it us under attack.

If you click yes to any of these warnings and download this software, or if it installs without you knowing about it you will need to remove the windows restore virus quickly.

Once this malware gets onto your computer it can be very hard to remove it and it will start up every time you start your computer and keep warning you about problems with your PC. All of these warnings are false but since this malware starts up as soon as you start your computer stopping it and being able to remove the windows restore virus can be difficult.

Once this software is installed it will keep prompting you to run a scan and to upgrade to the full version to remove non- existent threats. The only way to stop this is to get rid of the windows restore virus quickly.

How do you get rid of this malware?

This malware disguises itself by generating random files names so to remove this manually can be tricky but it is still possible to do so. Here is how.

#1 start task manger by right clicking on the windows taskbar and clicking on task manager. Once this starts go to the processes tab and look for a process that is made up of randomly generated numbers and letters. For example gkdhfreth1.exe.

Once you find it click on it with your mouse and select end process at the bottom of the task manager box.
If you cannot do this because task manager is blocked by this virus then you need to start your PC in safe mode and follow this procedure again. To start in safe mode restart your computer, press the F8 key before windows starts and select safe mode with networking from the menu screen.

#2 The next step after you have stopped this malware is to delete all the related files. To do this search for a folder called system restore in the programs folder and then delete the system restore folder and all its contents.

#3 Start the registry editor and do the following.

Search for and delete these entries. Where generated file name is listed this is the same file you found in task manager.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "generated file name.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "generated file name"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'

For the entries below you need to change the values on the entries to the opposite of what is listed below. For example if the value is a one below you need to change it to a zero and vice versa.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"CertificateRevocation" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'

Once you have done this restart your pc or laptop and this malware should be gone for good. If is still there or you are unsure about how to carry out these steps follow the method below.

#1 Start your PC or laptop in safe mode using step #1 above.

#2 Once in safe mode open your web browser and download a system and registry scanner.

#3 Perform a full system and registry scan. Once you have done this you should restart your PC and you will be rid of the windows restore virus for good.

1 comment: