Data Recovery Virus

By | May 8, 2012 | 5 Comments

Data Recovery is a harmful software. It is a fake hard drive optimization tool where in the primary objective is to fool its victims. Once Data Recovery virus has taken your computer, it will detect a number of hard drive errors. Also, all by itself, it will test the system for similar problems. Later on, the malware will recommend instant removal and forces you to buy the Data Recovery registration key.

Data Recovery virus often infect computer users who visits unknown web sites. It is unknown to them that the web site may run a drive-by-download script that will install Data Recovery without their consent. During its stay, the malware will alter system registry. It aims to get a spot on Windows start-up. Once it is loaded, Data Recovery starts to produce unwelcome detection of hard drive problems.

Now that you know the real thing behind this bogus software, it is about time to keep the computer away from it. When there is a chance that Data Recovery infects your computer, do not follow its recommendations. Instead, download the tool below and start scanning the computer to remove Data Recovery and files and registry values linked to it.

Type Rogue
Sub-Type FakeAV
OS Affected Windows XP, Windows Vista, Windows 7

What are the Symptoms of Data Recovery Virus Infection?

Image of Data Recovery virus

It will modify Windows Registry and add the following entry/entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’
HKCU\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char).exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char)”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
HKCU\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’

The threat will drop the following malicious files:
%StartMenu%\Programs\Data Recovery\
%StartMenu%\Programs\Data Recovery\Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
%LocalAppData%\(random char)
%LocalAppData%\(random char).exe
%LocalAppData%\~(random char)
%LocalAppData%\~(random char)
%UserProfile%\Desktop\Data Recovery.lnk

5 thoughts on “Data Recovery Virus

  1. Alison Charles

    Wow… this site was so helpful. Thanks so much!

  2. E in Ohio

    Thank you so much for this, it was a slow process but I recovered everything and deleted the malware and trojan. Huge huge thank you to this site.

  3. Ruchi

    Alternative way to do this without using any software..
    Just Run MSCONFIG on your PC
    Choose Selective Startup
    Click on the ‘Startup’ tab
    Uncheck all programs
    Click OK and Restart

    Now your PC will start without the annoying File Recovery thing

    Locate the File Recovery Shortcut on the desktop and Go to properties
    Check its target file
    (On my PC it was- C:\Documents and Settings\All Users\Application Data\ttffgdhsjj.exe)
    Go to that location and delete the file(s) with that name
    Go to the Desktop and Delete the File Recovery Shortcut
    Empty you recycle bin

    Nw you can get your original startup setting with MSCONFIG again

    My PC worked fine after that..
    Hope this helps :- )

  4. Neopoints

    Thank you for every other informative web site. Where else could I get that kind of info written in such a perfect means? I have a undertaking that I’m simply now operating on, and I have been at the look out for such information.

Leave a Reply

Your email address will not be published. Required fields are marked *