Windows XP Recovery

Windows XP Recovery virus will pretend a legal hard drive tool to attract users and convince them to pay for the licensed version. You must not buy this rogue software.

Windows XP Recovery is a misleading program. Fake security web sites spread this malware and promote it as valid system optimization software. Another approach to circulate the malware is through fake Adobe Flash player update. In certainty, Windows XP Recovery is a virus that penetrates a computer then installs itself to provide false findings. It tries to misinform computer users and urgently recommend acquiring licensed version of the program. If loaded, this fake optimization product launches a performance scan and announced several hard disk drive errors, junk files and folders, registry errors and outdated drives. These alerts seem to make look valid findings but since it came from unknown, we presume them as fake. Identified problems do not really exist on the system.

To persuade computer users into buying the paid version of Windows XP Recovery, the rogue program floods the computer with too much alerts coming from Windows taskbar. Any attempt to fix these errors will refer user to payment web site where credit card account will be processed online. Since Windows XP Recovery belongs to a rogue category, expect that even the paid version will not help fix performance and stability problems. As mentioned, there are no errors needed to be fixed. Most of all, bear in mind that rogue software were developed only to steal money from innocent victims.

Screenshot Image:

Fake Antivirus

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Technical Details and Additional Information:

[cf]regis[/cf] [cf]files[/cf]

How to Remove Windows XP Recovery

Restore Windows Components

If this virus enters your system, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If you have a saved restore point before this virus infiltrates the computer, please restore Windows to previous settings.

Manual Removal Procedure

1. Press Ctrl+Alt+Del on keyboard to stop the process associated to "Windows XP Recovery". When Windows Task Manager opens, go to Processes tab. Find and end this process.
(random characters).exe

2. You need to update your installed antivirus software. Please connect to the Internet and download the most recent database. This is a one-click process from your AV program’s console.

3. Thoroughly scan the computer and remove any threats found by your antivirus program. If delete option is not available, your best next choice is to quarantine the infected file. There is also a need to manually locate and delete malicious files. Please see the file section for items that are relevant to Windows XP Recovery.

4. Next, you need to remove registry entries created by Windows XP Recovery. Please refer to registry section to view entries related to the rogue program.
- (Windows 2000/XP) Go to Start > Run, type "regedit" on dialog box then press Enter on keyboard.
- (Windows Vista/7) Go to Start > Search Program and Files, type "regedit" and press Enter.

5. Exit registry editor when you are done.

6. Get rid of Windows XP Recovery start-up entry by going to Start > Run, type msconfig on the "Open" dialog box. It will launch a new window containing System Configuration Utility. Click on the Startup tab and uncheck the following item.
(random characters).exe

7. Click Apply. You need to restart the computer.

Windows XP Recovery Removal Tool

To remove the threat from your computer completely, we suggest scanning it with Anti-Malware. This is a free tool. Some Trojans will block the downloading of MBAM to avoid removal. If that happens, download the tool from a clean computer and rename the executable file before executing on the infected machine.

Alternative Removal Method for Windows XP Recovery

Option 1 : Use Windows System Restore to return Windows to previous state

If Windows XP Recovery enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Windows XP Recovery infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.

Option 2 : Windows XP Recovery manual uninstall guide

IMPORTANT! Manual removal of Windows XP Recovery requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Windows XP Recovery.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Windows XP Recovery files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section below.
- Close registry editor. Changes made will be save automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Windows XP Recovery.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:
File Location for Windows Versions:
  • %AllUserProfile% for Vista/7 user is C:\ProgramData while for Windows XP/2000 this is C:\Documents and Settings\All Users\
  • %UserProfile% is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %Temp% refers to C:\Windows\Temp\.
  • %Desktop% on Vista/7 user is C:\Users\<Current User>\Desktop while for Windows XP/2000 this is C:\Documents and Settings\<Current User>\Desktop
Added Registry Entries: