Not all Data Recovery products are worth trusting for. This claim is supported by the proof that Data Recovery virus produces damages to affected system.
While conducting diagnosis on malicious URL’s, there is one that stands out to be a host for malicious application. Unlike any other fake software, this file needs personal download and execution. After installation, it was determined that the program is Data Recovery, a program that disguises to be a system optimization tool.
It closes all running application on the minute it launch a scan. All folders and files on the compromised computer are set hidden. Program files from start menu are mysteriously disappeared and only way to run any application is by being familiar with location and filename. There’s no harm in the process on displaying back missing folder and files. It’s not much complicated; it can be done with simple folder options. The trickiest part in removing Data Recovery is how to run anti-malware scan if it can easily close any application. Never attempt to use task manager in ending the virus process, it won’t work. Date Recovery disables the function so as other tools it sense can be useful in manual threat removal.
Running a removal tool once in safe mode may have done the trick. On this method, Data Recovery has no chance to get loaded on its own. Thus, security program clearly identifies files and registry entries belonging to Data Recovery virus and performs instant removal. That gives us an idea on the importance of Windows safe mode.
Update: May 18, 2012
There is a new version of Data Recovery malware. Mostly, people may see it as S.M.A.R.T. Repair. The new version now carries a much more perilous rootkit Trojan. It may deeply conceal its presence on the infected computer, which makes the malware difficult to remove. Below is the screen shot of Data Recovery that was released this year (2012).
This new version of Data Recovery is using a fake USPS (United States Postal Service) emails to reach its target. This fake email contains the following information:
Subject: Your postal label is available.
We couldn’t deliver your parcel.
Status/Postal code isn’t valid.
The label of your parcel is enclosed to the letter.
Print your label and show it in the nearest post office of USPS.
As you can see, the fake email from USPS confer about fake delivery of your package. It wants you to execute the attached file by pointing out that it contains full information. Some users who mistakenly open the attached file have suffered from Data Recovery infection. Refer to the fake USPS email image below.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Technical Details and Additional Information:
As an added strategy to deceive its victims, Data Recovery virus will display intriguing task bar alert containing the following text:
HDD critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems.
Video Tutorial (Data Recovery Removal)
This video tutorial is a self-help guide in removing Data Recovery using various method to tweak Windows settings. The process demonstrates the use of MalwareBytes’ Anti-Malware to automatically find and delete files associated to Data Recovery.