Sunday, September 4, 2011

Remove System Recovery

System Recovery Removal Guide
System Recovery is a fake disk defragmenter program. System Recovery will start automatically when Windows boot once it is installed in the computer. System Recovery will SURELY produce fake report on Windows Registry, system memory and hard drive in order to scare the user. System Recovery will urge the user to buy the full version of System Recovery so that to solve the problems stated. Do not purchase that license, because it's a scam. System Recovery can be removed by stopping all the processes which filename is formed by random characters. After, the files should be deleted.



System Recovery will display fake "critical error" message stating that Windows can't find hard disk space. In fact, if the it can't find hard drive, how can the program run (as the program is in the hard drive too)? System Recovery also prevent the user from running other Windows programs or downloading any software from internet!



System Recovery provides fake features such as displaying computer status, RAM status, System drive status and system registry status.



System Recovery should be removed immediately!



System Recovery Removal Guide

Kill Process

(How to kill a process effectively?)

[random].exe



Delete Registry

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"



Remove Folders and Files

%LocalAppData%\[random]

%LocalAppData%\[random].exe

%LocalAppData%\~[random]

%LocalAppData%\~[random]

%StartMenu%\Programs\System Recovery

%Temp%\smtmp

%UserProfile%\Desktop\System Recovery.lnk

File Location Notes:



%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] for Windows 2000/XP, C:\Users\[Current User] for Windows Vista/7, and c:\winnt\profiles\[Current User] for Windows NT.



%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\[Current User]\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\[Current User]\AppData\Local\Temp for Windows Vista and Windows 7.



%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\[Current User]\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\[Current User]\AppData\Local.



%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\[Current User]\Start Menu\, and for Windows Vista/7 it is C:\Users\[Current User]\AppData\Roaming\Microsoft\Windows\Start Menu.

No comments:

Post a Comment