Windows Vista Recovery and Windows 7 Recovery

Updated: May 24, 2012 Rogue 13 Comments

Windows Vista Recovery is a rogue program created to install itself when Vista environment is detected. Similar thing will execute by Windows 7 Recovery malware. In short, this is an OS-based malware that has the ability to detect Windows version of the target computer.

Windows Vista Recovery and Windows 7 Recovery are bogus system utility software that will be drop on computers by a Trojan. Windows Vista Recovery may come into the computer uninvited when user visits harmed web site that runs a malicious script to infect visitor’s PC. At first stage, this unwanted program will launched a remote scan that will detect a number of troubles on the computer. An advice to fix these errors followed while recommending to download trial version of Windows Vista Recovery or Windows 7 Recovery, defending on victim’s operating system. These trial versions will act as real hard drive utility program so that users may be convince to buy the registration key. Until it is paid in full, Windows 7 Recovery will never stop showing fake alert messages. From time to time, it will remind that a licensed version is required in order to fix hard drive problems.

Simply ignore Windows Vista Recovery and Windows 7 Recovery. Both are rogue programs so never expect that it will bring positive results when run on the computer. Rogue software is developed to deceive users and is sold by employing dishonest tactics. In that case, there is no need to waste your money for buying this crap product.

If any of the fake software appears on the system, it does not mean that buying the full version will bring back computer to its normal state. There is no way that you can heal an ailing PC with fake phony products. The real solution to these dilemmas is to download real anti-malware program and do a thorough scan on the computer. This is the only way you can remove Windows Vista Recovery and Windows 7 Recovery completely.

Screenshot Image:

Fake Antivirus

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows Vista, Windows 7

[cf]regis[/cf] [cf]files[/cf]

How to Remove Windows Vista Recovery and Windows 7 Recovery

1. Stop Windows 7 Recovery process by pressing Ctrl+Alt+Del on your keyboard. It will open Windows Task Manager. Look for the following and click on End Process.
(random characters).exe

2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.
3. Run a full system scan. You must clean all detected files. If cleaning is not possible, you may delete or quarantine the item.

4. Edit your Windows registry. Find and delete Windows 7 Recovery entries as shown in the registry section. [how to edit registry]
5. Exit registry editor when you are done.

6. Remove Windows 7 Recovery start-up entry by going to Start > Run. Type msconfig on the "Open" dialog box. System Configuration Utility will open. Go to Startup tab and remove the check mark on the following items.
(random characters).exe
7. Click Apply and restart Windows.

Windows Vista Recovery and Windows 7 Recovery Removal Tool

Removing Windows Vista Recovery and Windows 7 Recovery manually requires some knowledge in computer troubleshooting. System files may be wrongfully deleted and if it happens, computer will be unstable. For non-technical users, we recommend to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Alternative Removal Method for Windows Vista Recovery and Windows 7 Recovery

Option 1 : Use Windows System Restore to return Windows to previous state

If Windows Vista Recovery and Windows 7 Recovery enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Windows Vista Recovery and Windows 7 Recovery infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Windows Vista Recovery and Windows 7 Recovery manual uninstall guide

IMPORTANT! Manual removal of Windows Vista Recovery and Windows 7 Recovery requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Windows Vista Recovery and Windows 7 Recovery.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Windows Vista Recovery and Windows 7 Recovery files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Windows Vista Recovery and Windows 7 Recovery.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:

File Location for Windows Versions:

%AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\

%UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.

%Temp% refers to C:\Windows\Temp\.

Added Registry Entries:

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Windows Vista Recovery and Windows 7 Recovery payment refund or lost serial key, kindly check the FAQ for rogue program first.

13 Comments

Renat
May 29, 2011 @ 17:45:31

That crap happened to me just couple hours ago :D it actually scared me for the first time by saying that my HDD stopped working, and my ram is on critical stage :D formatting windows helped alot :D and this trojan is working in safe mode though, but well i was able to see my files, but not all of them. so its tricky one
Unca Alby
May 31, 2011 @ 02:56:39

That happened today on my wife’s computer, and it SHOULD scare you.

That piece of crap actually destroys files on the machine. If you don’t get rid of it, you WILL lose important stuff.
Myles
May 31, 2011 @ 18:00:39

I just got that on my laptop. Problem solved, though.
How: Had 3 profiles. 1 was infected and had Parental Controls enabled. 1 was administrator. Deleted the infected profile. No more virus. I’m actually not joking.
Pros: NO VIRUSES
Cons: There goes my three years of hard work :(
TonyTronic
Jun 01, 2011 @ 05:51:57

Same here able to stop and clean the Vista Recovery virus program. I’ve un hidden my files but can’t seem to get my shortcuts for office back. System will open Office documents, but I want the shortcuts under the office program folder. Any ideas??

Can we sue this company for messing up our computers?? Seems people have paid them I want to know where is the money going too?? Contact info on these people. LOIC these bastards, where’s anonymous!!!!
sb
Jun 01, 2011 @ 14:28:44

You can use the inherent windows system recovery facility to restore your system to a previous configuration of your system files. Boot your PC and access the system recovery thorugh the PC start-up sequence before windows itself is launched (usually F8).

It worked for me as far as getting my icons back and getting rid of the hoax pop-ups. I still have tolocate the actual trojan files themselves, though.
Joe Harmony
Jun 02, 2011 @ 18:17:07

I used a program called unhide.exe and it recovered all of my documents. SO F**KING RELIEVED!! Thanks for the advice on this though, you saved months of work
Jeannie
Jun 05, 2011 @ 22:28:35

This software loCked up my entire computer. It would not let me do anything but pay them $90.50! I hope that is all they took. Now nothing works right. Internet explorer lost Facebook Icon & others. No more favorites. . No printer icons. Can’t even print these instructions!
Chris
Jun 07, 2011 @ 08:46:53

This virus does not delete files it hides them.
Jumper
Jun 07, 2011 @ 12:16:01

Microsoft has identified this malware and has published a fix. The fake tool is a variant of Win32/Winwebsec.

Here is the link

http : //support.microsoft.com/kb/2540100

I followed the steps within the document and cleared the fake tool.
Bill
Jun 08, 2011 @ 00:53:27

How do u find hidden files? Lost my desktop icons, favs, artwork, the works..thank
Tom
Jun 08, 2011 @ 01:29:37

I got this piece of garbage the other day from a food recipe link on Google! I knew right away that it was a rogue site and tried to close it, but the Windows Vista Recovery window came up and took over. It said 30% of the sectors on my HD had failed, my RAM was at 87 degrees celsius, and a bunch of other scare tactics. Fortunately, I had read about it on this and other sites and was able to neutralize it before it could do much harm.
This program will hide everything, including your desktop and background image. It’s probably very frightening to someone who doesn’t know that it’s scareware. Unfortunately, some will pay for the “cure”.
I almost thought that I had lost years of work, but everything was still here. If you are missing files, icons, favorites, etc., I highly recommend the unhide.exe program. It quickly brought everything back. After that, I downloaded a better anti-malware program and scanned the hell out of my computer.
I wish I could find the scumbags who are responsible for this crap.
Agorius
Jun 08, 2011 @ 06:07:38

1)In Windows Task Manager End Process Tree of two processes, such as 38657784.exe and XbseryrwndJUIlo.exe *.32 These names are generated at random and may be different.

2) In Search programs and files run (as an Administrator) msconfig and under Startup flag disable the above two processes.

3) Run unhide.exe and reboot the computer

4) Write to your congressman to stop spending billions on wars and to pursue with equal vigor these swines (sorry porcines) who write viruses like this.
Paragon
Sep 03, 2011 @ 01:58:52

Where can i find the program “unhide.exe”?? All i can access is the Windows Task Manager, under the tab Applications i can start a New Task and browse for things but i can’t find anything that’s helped, even did a system restore but that did nothing, also tried to mess with Parental Controls, still nothing……