FrEn

E-mail Print

Removal Tool to uninstall (Remove) System Recovery
Written by Administrator  |  Saturday, 03 September 2011 05:53
AddThis Social Bookmark Button
System Recovery is another spyware from the HDD repair, HDD Tools, HDD Low... family. System Recovery is not a legit program; it's a fake, a counterfeit. System Recovery claims to fix your system, but not, do not trust on it. Do not believe in the scan results of this pretentious, it's a scam, and the only flaw in your system is this System Recovery. System Recovery is just another fake Antispyware whose purpose is to trick you to pay this useless program. Uninstall System Recovery immediately from your system.

System Recovery

To remove System Recovery (Uninstall System Recovery)

  • Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
  • Choose Start computer in SAFE MODE with network support (This removal tool should work under normal mode as well)
  • Download this free removal tool for System Recovery
  • Extract it
  • Launch
  • Click on the delete button

System Recovery will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

  • [random].exe

Files :

  • %Temp%\smtmp\[NUMBER]
  • %AppData%\[random]
  • %AppData%\[random].exe
  • %AppData%\~[random]
  • %StartMenu%\Programs\System Recovery\
  • %StartMenu%\Programs\System Recovery\System Recovery.lnk
  • %StartMenu%\Programs\System Recovery\Uninstall System Recovery.lnk
  • %UserProfile%\Desktop\System Recovery.lnk

Registry

New registry keys created

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

New registry values created

  • HKEY_CURRENT_USER\Software
    • 12B79064-EB17-4f82-9DFE-B975BD26D1DC = ""
  • HKEY_CURRENT_USER\Software\Microsoft
    • BootData = 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00 6E 00 64 00 20 00 53 00 65 00 74 00 74 00 69 00 6E 00 67 00 73 00 5C 00 41 00 6C 00 6C 00 20 00 55 00 73 00 65 00 72 00 73 00 5C 00 41 00 70 00
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    • Use FormSuggest = "Yes"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    • WarnOnZoneCrossing = 0x00000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    • LowRiskFileTypes = ".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
    • SaveZoneInformation = 0x00000001
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • [Random].exe = "%CommonAppData%\[Random].exe"
    • [Random] = "%AppData%\[Random].exe"

Download

 

Remove System Recovery Software manually :

  • Restart your computer in safe mode :
    • Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
    • Choose Start computer in SAFE MODE
  • Open the infected account
  • Open explorer, paste into the address bar the text %Temp% then press enter, it will open C:\Documents and Settings\Christian\Local Settings\Temp on my computer
  • Remove all .exe files and all random folders under this path
  • Open explorer, paste into the address bar the text %AppData% then press enter, it will open C:\Documents and Settings\Christian\Local Settings\Application Data on my computer
  • Remove all .exe files and all random folders under this path
  • Remove System Recovery.lnk from your desktop
  • Remove System Recovery.lnk from your start menu
  • Click on the start menu button then click on run
  • Type msconfig and press enter
  • Go to the Startup tab
  • Uncheck all random character keys in it and click on the OK button
  • Restart your computer in normal mode
This will solve the problem but you can run the removal tool to remove the other registry keys and values.
 

Add comment


Security code
Refresh

Related articles
Latest posts

  • Free malware removal tool for Guard Online

    Written by %s admin 10/10/2011
    Guard Online is a another rogue Antispyware from the OpenCloud and AV Guard Online familly, it's a malware that pretends to be an Antivirus. Guard Online conducts a fake scan of your system; you are…
    Read more...

  • Free malware removal tool to remove AV Guard Online

    Written by %s admin 05/10/2011
    AV Guard Online is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. AV Guard Online conducts a fake scan of your system; you are warned by a…
    Read more...

  • Free removal tool to remove Security Guard 2012

    Written by %s admin 05/10/2011
    Security Guard 2012 is a another rogue Antispyware from the OpenCloud familly, it's a malware that pretends to be an Antivirus. Security Guard 2012 conducts a fake scan of your system; you are warned…
    Read more...

  • Free removal tool for Advanced PC Shield 2012

    Written by %s admin 01/10/2011
    Advanced PC Shield 2012 is a another rogue Antispyware, it's a malware that pretends to be an Antivirus. Advanced PC Shield 2012 conducts a fake scan of your system; you are warned by a fake alarm…
    Read more...

  • Security Sphere 2012 Free Removal Tool

    Written by %s admin 01/10/2011
    Security Sphere 2012 is another spyware from the Security Tool family. Security Sphere 2012 is not a legit program; it's a fake, a counterfeit. Security Sphere 2012 claims to fix your system, but…
    Read more...
.
Information | Contact

© All Rights Reserved. net-studio.org 2009