HOW TO REMOVE WINDOWS RECOVERY FAKE WARNING VIRUS MALWARE


First off all you deep breath you dont lose anything and you can solve your problem easly if you experienced user its take nearly 5 minute to get everything like before.

 

first you need activate task manager

download and double click

http://windowsxp.mvps.org/reg/EnableTM.reg

or clikc windows +r and type regedit strg+f search for DisableTaskMgr change value to zero 0

if you able to show TASKMANAGER find ram resource and kill application

your files external  harddisk c d are hidden dont worry about that click and run Unhide.exe

 

Windows-Recovery

Remove Windows Recovery Virus (Fake Windows Recovery Manual Removal Guide)


 

      Windows Recovery Step-by-Step Removal Instructions

1.The associated files of Windows Recovery to be deleted are listed below:

%AppData%\Microsoft\[random].exe

%UserProfile%\Desktop\Windows Recovery.lnk

%UserProfile%\Start Menu\Programs\Windows Recovery\

%UserProfile%\Start Menu\Programs\Windows Recovery\Windows Recovery.lnk

%UserProfile%\Start Menu\Programs\Windows Recovery\Uninstall Windows Recovery.lnk 

2.The registry entries of Windows Recovery that need to be removed are listed as follows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = ‘0’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = ‘0’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = ‘1’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = ‘1’

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = ‘no’

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = ‘yes’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = ‘0’

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0′

 

virus

on my computer Turkish was ProgramData

 

Windows Recovery Description

Windows Recovery is a fake security application which is the same family of Windows Diagnostic and lures users to unknowingly perform corrupt actions on a targeted computer. This fake Microsoft windows recovery program installed without your awareness by a trojan horse that can easily access the targeted system through a backdoor you might not even know about and it won’t let you uninstall it instead of popping up fake security alert. Windows Recovery poses as a so-called security application that displays deceptive warnings and misleading scan results such as suddenly pops up alert in front of the desktop on your computer, announcing that the PC is seriously in risk. It then start scanning and asks for users to purchase it once scanning is completed. But actually it is not true, it just scareware your system to execute certain processes that are nonexistent, it aiming to get your money so you must skip it. Windows Recovery is preventing from scanning by anti-virus and you should remove windows recovery malware completely by manual to make your computer safety.

Windows Recovery Identified as Security Threat by Impressions
    Windows Recovery reputation/ rating online is terrible. Windows Recovery is installed/ run without your permission. The official website of Windows Recovery is poorly built without contact info. The payments website of Windows Recovery is suspicious & claims your OS is unsafe. Poor Performance like highly-consumed system resources is caused by Windows Recovery.

25 thoughts on “HOW TO REMOVE WINDOWS RECOVERY FAKE WARNING VIRUS MALWARE

  1. These guys are genuine. They will bring your files back or make them visible. They will also make it possible for you to work with your Task Manager.

  2. thanks for bringing my files back have 1 major problem i woke up and seen my computer blue screened rebooted and found i had the windows recovery ison on my desktop figured it must be a virus so scaned with malware bytes it found items to remove but when i restart computer it crashes giveing be the blue screen of death then i found your web site witch brought back my missing files thank you much but when i look for traces of the virus in task manager or anywere else cant find any traces i think the virus is being held in wait for malwarebytes to remove at restart is there anything that may allow me shut down computer without causeing it to crash thank you burleyfish

  3. I dont understand regarding the Registry value….
    Should i delete them or change the valkue number (0,1) ??

  4. This is a root kit that needs to be treated like one. Recommend going into safe mode and using tdsskiller by Kaspersky. You’ll have to rename the tdsskiller.exe to explorer.exe to get it to run. You’ll find the tdss root kit on your PC click cure and hopefully you’ll be clean. Good luck.

  5. This walkthrough was pretty helpful, thanks for it. I hope it got everything, as I found all files. I’ll be downloading and running antimalware software after this, and I recommend others to do the same.

    One thing though, you really need someone to read through and rephrase/spellcheck your paragraph. It’s quite hard to follow as is… hence the confusion about whether to remove or edit the registry values. Also, the EnableTM.reg file is missing, but can be created manually by entering the following into notepad and saving as EnableTM.reg.

    –start copy–
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\…
    “DisableTaskMgr”=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft…
    “DisableTaskMgr”=dword:00000000

    —end copy —

    That’s all. I got mine, good luck anons.

  6. Yes, as I thought, this walkthrough missed some files, including a main instance in the All Users folder. I highly recommend a Malwarebytes AntiMalware scan. It picked up 5 extra threats on my infected PC, although it may be not all of them were a result of this virus. So do the scan!

  7. Hell yes, i want sleep down in black and innocent something like this but didnt have time, may i repost this in what way TO REMOVE WINDOWS RECOVERY FAKE portent VIRUS MALWARE « Graphic Design Blog says:
  8. Glad to be here, my name is lewis dsaxt Recently from Iowa, originally from Des Moines and have lived there most of my life.

    I cherish my family,I love to experience all 4 seasons , specially the spring and the life it brings.

    Technology has been a part of my life for the last 7 years and most recently primarily on the Web.

    I love the Internet.

    Things as they are, more and more people are seeking help from people who have walked the walk and can teach others how to benefit from their experience. Just ask if you need to know something from me.

    I am a manager in the field of Engineering project management.

    Learning about new things is one of my passions.

    when possible I volunteer for for valid causes that help the elderly.

    Its great to be a part of this Website and Will learn something new here.

    clarks voucher code 2010

  9. Hi there, I do think your website could be having browser compatibility issues. Whenever I look at your web site in Safari, it looks fine however when opening in Internet Explorer, it has some overlapping issues. I just wanted to provide you with a quick heads up! Aside from that, wonderful site!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s