Select Your Country


Post your Question and Get answer by an expert..

Virus Malware

How to File Restore" Malware Removal
Posted On 27/02/2013 09:14 PM   Posted By: Administrator
Virus - Malware      Article ID: 00375
    I like it

"File Restore" is a bogus disk cleaner and privacy protection tool. We've written about such fake repair tools before. However, only one was actively promoted, called File Recovery. It remains unclear whether this new malicious program will completely replace the previous one. It could be that cyber crooks will promote both programs at the same time hoping to generate more money. Well see. 


Suddenly appearing "Serious Disk Error" pop-ups and fake system notifications are the main symptoms of "File Restore" malware sales program infection. There are many variations of fake security alerts such as:"hard drive controller failure", "device initialization failed" and many more. Clicking on fake alerts opens up only the "File Restore" program which you obviously didn't install. The rogue repair tool has this amazingly fast auto-scan mode which detects and displays non-existent had drive reading errors, RAM failures and other supposedly critical system errors. After an auto-scan, "Repair 7 issues" opens up a convenient means to order a fix from this service or to "activate" the repair by purchasing the bogus program. 

What is more, to motivate purchase, all icons and shortcuts have been wiped from the Start Menu, Desktop and from the list if most recently used programs. Now comes the important part, 
DO NOT delete files from your Temp folder or use any temp file cleaners. I know most of you guys use file cleaners to remove malware remnants and unnecessary files. But this time, DON'T! The rogue program moves certain fails to Windows Temp folder, specifically %Temp%smtmp. Normally, you'll see something like this in your Temp folder. Note, that this folder is hidden. 

Quick "File Restore" malware removal:

1. Use the activation key given below to register your copy of File Restore malware. This will allow you to download and run recommended malware removal software and automatically restore hidden files and shortcuts. Don't worry, you're not doing anything illegal and it won't make the situation worse. Select 
"Trial version. Click to activate" (at the bottom right hand corner of the fake scanner screen).

Associated "File Restore" files and registry values:

Windows XP:

  • %AllUsersProfile%Application Data[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%Application Data[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%DesktopFile Restore.lnk
  • %UsersProfile%Start MenuProgramsFile Restore
  • %UsersProfile%Start MenuProgramsFile RestoreFile Restore.lnk
  • %UsersProfile%Start MenuProgramsFile RestoreUninstall File Restore.lnk

%AllUsersProfile% refers to: C:Documents and SettingsAll Users
 refers to: C:Documents and Settings[User Name]

Windows Vista/7:

  • %AllUsersProfile%[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%DesktopFile Restore.lnk
  • %UsersProfile%Start MenuProgramsFile Restore
  • %UsersProfile%Start MenuProgramsFile RestoreFile Restore.lnk
  • %UsersProfile%Start MenuProgramsFile RestoreUninstall File Restore.lnk

%AllUsersProfile% refers to: C:ProgramData 
 refers to: C:Users[User Name]

Registry values:

  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'Yes'
  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = "Yes"
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "CertificateRevocation" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop "NoChangingWallPaper" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoDesktop" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "<random>.exe"
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "<random>"
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "Hidden" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "ShowSuperHidden" = '0'


Member Login

Email ID

New Member, Register here


 Malware Category

No Category found.

Related Article

Most Read Article