System Recovery

System Recovery is a virus in disguise. More often than not, System Recovery is mistakenly accepted as useful utility software. Without any knowledge that it was solely developed to be sold in fraudulent method, most users who bump onto this rogue software may end up searching for registration code. Some even consume the useless product for a certain amount of money believing that System Recovery will resolve issues detected by the same malware on their machine.

Computer Trojan is mainly used as a tool to spread System Recovery virus. Surely, Trojans are capable of pounding the system and evade installed antivirus product. Lately, Trojans are developed in a more complex mode that cleverly hides presence on the affected unit. Aside from that, System Recovery virus may come bundled with fake Adobe Flash update that flashes on desktop task bar urging users to download a file. A single click on these mentioned courses of actions by fraudster will begin invisible installation of the rogue program.

Visibility of infection begins with extensive pop-up alerts and messages exhibited on desktop. Primarily, these alerts will contain warnings on severe errors and damages found locally. Similar to preceding variants, these alerts seems accurate in the impression of innocent users. However, after several test, it reveals that those are falsified and untrue.

Screen Shot Image:

Image of System Recovery Virus

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

How to Remove System Recovery

System Recovery Removal Tool

For automatic removal of this malware, please click here to download anti-malware tool. There are instances that Trojan will block the downloading of our recommended tool. On this situation, please download the file from a clean computer. Rename the file before installing it on the infected system.

Manual Removal Procedure

1. Unload any running System Recovery process by pressing Ctrl+Alt+Del on your keyboard. This will open Task Manager. Look for the following process and click on End Process.
(random characters).exe

2. If there is an antivirus program installed, connect to Internet and update it to have the latest database and pattern files.
3. Thoroughly scan the computer and clean/delete all infected files. Check if there are remnants of virus-related files, delete if found.

4. Edit Windows registry and delete System Recovery entries. [how to edit registry]
5. Close registry editor, changes will be save automatically.

6. Remove System Recovery start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. System Configuration Utility will open. Go to Startup tab and uncheck these Startup items.
(random characters).exe
7. Click on Apply and reboot the computer for changes to take effect.

Alternative Removal Method for System Recovery

Option 1 : Use Windows System Restore to return Windows to previous state

If System Recovery enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before System Recovery infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : System Recovery manual uninstall guide

IMPORTANT! Manual removal of System Recovery requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to System Recovery.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for System Recovery files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by System Recovery.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Associated Files and Folders:
File Location for Windows Versions:
  • %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %LocalAppData% for Vista/7 refers to C:\Users\<Current User>\AppData\Roaming, while for Windows XP/2000 user it is C:\Documents and Settings\<Current User>\Application Data.
  • %StartMenu% on Vista/7 it refers to C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu while for Windows XP/2000 this is C:\Documents and Settings\<Current User>\Start Menu\.
Added Registry Entries:

Leave a Reply

Your email address will not be published. Required fields are marked *