Not all Data Recovery products are worth trusting for. This claim is supported by the proof that Data Recovery virus produces damages to affected system.
While conducting diagnosis on malicious URL’s, there is one that stands out to be a host for malicious application. Unlike any other fake software, this file needs personal download and execution. After installation, it was determined that the program is Data Recovery, a program that disguises to be a system optimization tool.
It closes all running application on the minute it launch a scan. All folders and files on the compromised computer are set hidden. Program files from start menu are mysteriously disappeared and only way to run any application is by being familiar with location and filename. There’s no harm in the process on displaying back missing folder and files. It’s not much complicated; it can be done with simple folder options. The trickiest part in removing Data Recovery is how to run anti-malware scan if it can easily close any application. Never attempt to use task manager in ending the virus process, it won’t work. Date Recovery disables the function so as other tools it sense can be useful in manual threat removal.
Running a removal tool once in safe mode may have done the trick. On this method, Data Recovery has no chance to get loaded on its own. Thus, security program clearly identifies files and registry entries belonging to Data Recovery virus and performs instant removal. That gives us an idea on the importance of Windows safe mode.
Update: May 18, 2012
There is a new version of Data Recovery malware. Mostly, people may see it as S.M.A.R.T. Repair. The new version now carries a much more perilous rootkit Trojan. It may deeply conceal its presence on the infected computer, which makes the malware difficult to remove. Below is the screen shot of Data Recovery that was released this year (2012).
This new version of Data Recovery is using a fake USPS (United States Postal Service) emails to reach its target. This fake email contains the following information:
Subject: Your postal label is available.
We couldn’t deliver your parcel.
Status/Postal code isn’t valid.
The label of your parcel is enclosed to the letter.
Print your label and show it in the nearest post office of USPS.
As you can see, the fake email from USPS confer about fake delivery of your package. It wants you to execute the attached file by pointing out that it contains full information. Some users who mistakenly open the attached file have suffered from Data Recovery infection. Refer to the fake USPS email image below.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Technical Details and Additional Information:
As an added strategy to deceive its victims, Data Recovery virus will display intriguing task bar alert containing the following text:
HDD critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems.
Video Tutorial (Data Recovery Removal)
This video tutorial is a self-help guide in removing Data Recovery using various method to tweak Windows settings. The process demonstrates the use of MalwareBytes’ Anti-Malware to automatically find and delete files associated to Data Recovery.
How to Remove Data Recovery Virus
Activating the Rogue Program
Data Recovery virus will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.
1. To activate the program, click on "Trial version. Click here to activate.," located on lower right part of Data Recovery virus interface.
2. It will prompt for registration code and email, you may use the following:
Activation Code: 15801587234612645205224631045976
Email Address: Use any email like email@example.com
3. Once activated, downloading of necessary program to scan and remove Data Recovery virus is now possible. You may proceed with automatic removal using the tool or perform manual procedure by following the guide below.
Data Recovery virus Removal Tool
In order to remove the threat completely, you need to download and run Malwarebytes Anti-Malware. This is a free malware removal tool. If Trojan infection blocks the downloading of this program, get it using a clean computer. Rename the executable file before executing on the infected PC. Once the tool is installed, update the database. Usually, it update itself when it sense that new database is available.
1. After installing and updating the tool, next thing to do is to reboot the computer in Safe Mode with Networking to avoid Data Recovery virus from loading at start-up. You may want to print this procedure as we have to restart the computer to complete the removal process.
2. Restart the computer.
- Before Windows begins to load, press F8 on your keyboard.
- It will display an Advanced Boot Options menu. Select Safe Mode with Networking.
- Windows will now start in Safe Mode.
3. Open Malwarebytes Anti-Malware and perform a complete scan. Delete all detected threats.
How to Unhide Files and Folders
To avoid manual execution of programs and files, Data Recovery virus will hide files and folders on the infected computer. Most victims think that files and folders are deleted, but it is not. The malware simply changed the attributes to hide the data. Follow this guide to show all hidden files and folders if it remains hidden after activating Data Recovery virus.
1. Open My Computer or Windows Explorer.
2. On top menu of upper left corner, click on Organize, then choose Folder and Search Options.
3. Folder Options dialog box will appear. Select the View tab.
4. On Advance Settings, mark “Show hidden files, folders and drives."
5. Click OK to save the settings. You can now view the folders and files, though, they are still concealed because Data Recovery virus sets the attributes to hidden.
6. While still on Windows Explorer, click on the drive (C: or D:). On right pane, mouse over on the folder or file you wanted to unhide. To select all folder, you may use the keyboard shortcut Ctrl+A. Right-click, then select Properties .
7. On the Attributes area, remove the check mark on Hidden . This will change the attributes of affected files and folders. Click OK to save the settings.
Alternative Removal Method for Data Recovery Virus
Option 1 : Use Windows System Restore to return Windows to previous state
If Data Recovery Virus enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Data Recovery Virus infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Option 2 : Data Recovery Virus manual uninstall guide
IMPORTANT! Manual removal of Data Recovery Virus requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Data Recovery Virus.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Data Recovery Virus files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by Data Recovery Virus.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.