Monday, May 16, 2011

Windows Vista Recovery Removal Guide

Windows Vista Recovery Removal Guide
Windows Vista Recovery is a fake disk defragmenter program. Windows Vista Recovery will start automatically when Windows boot once it is installed in the computer. Windows Vista Recovery will SURELY produce fake report on Windows Registry, system memory and hard drive in order to scare the user. Windows Vista Recovery may also deliver malwares on the social networks, such as Twitter, My Space, Facebook, etc., and via spam emails. Windows Vista Recovery will urge the user to buy the full version of Windows Vista Recovery so that to solve the problems stated. Windows Vista Recovery can be removed by stopping all the processes which filename is formed by random. After, the files should be deleted.

Windows Vista Recovery will display fake "critical error" message stating that the hard drive is unreadable or damaged. In fact, if the hard drive is unreadable, how can the program run (as the program is in the hard drive too)? Windows Vista Recovery also prevent the user from running other Windows programs or downloading any software from internet!

Windows Vista Recovery should be removed immediately!

Windows Vista Recovery Removal Guide
Kill Process
(How to kill a process effectively?)
[random].exe
filename of any processes with name hdddoctor

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM]"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[random].exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes

Remove Folders and Files
%CommonAppData%\exe
%UserProfile%\Desktop\Windows Vista Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
%UserProfile%\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
%CommonAppData%\~[random]
%CommonAppData%\[random]
%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

No comments:

Post a Comment