Windows XP Restore

Windows XP Restore is a fake program that will pretend as system optimization application in order to deceive computer users. Windows XP Restore virus is distributed by means of Trojans and malicious files uploaded on different servers such as web sites and file-sharing networks. It is also sometime sent through email as an attached file to spam messages. Typically, Windows XP Restore will be installed on computer without the full knowledge of the user. Since it is a deceiving application, so many believe that it is needed to fix any computer-related issues. When loaded on to victims computer, Windows XP Restore will start generating fake diagnostics of the system. It will prompt an advise to fix it by having the paid version of this useless program.

Windows XP Restore was originated from a large group of rogue program developers. It was just a mimic of other variants that has already infection millions of computers world-wide. Protecting a computer from these kind of application can be accomplished by a full version of anti-malaware of anti-virus programs that has a full function of real-time scanning. If infected, remove Windows XP Restore using only trusted application and purchasing the registered version of the rogue software is not recommended. Ignore Windows XP Restore including its fake alerts and messages.

Screen Shot Image:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Windows XP Restore Removal Procedures

1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) here and save it on your Desktop.
2. After downloading, double-click on the file to install the application.
3. Follow the prompts and install as “default” only
4. If it prompts to update the database after installation, please proceed.

5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished, click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart the computer.

Note: MALWARE may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows XP Restore”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows XP Restore Virus.
4. Registry entries created by Windows XP Restore must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Windows XP Restore start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

Technical Details and Additional Information:

Malicious Files Added by Windows XP Restore:

- For Windows XP System
C:\Documents and Settings\All Users\~[restore] C:\Documents and Settings\All Users\~[restore]r
C:\Documents and Settings\All Users\[restore].dll
C:\Documents and Settings\All Users\[restore].exe
C:\Documents and Settings\All Users\[restore] C:\Documents and Settings\All Users\[restore].exe
C:\Documents and Settings\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows XP Restore
C:\Documents and Settings\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows XP Restore\Uninstall Windows XP Restore.lnk
C:\Documents and Settings\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows XP Restore\Windows XP Restore.lnk
C:\Documents and Settings\<Current User>\Desktop\Windows XP Restore.lnk

Windows XP Restore Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”

Change Log and Updates:

Alternative Removal Method for Windows XP Restore

Option 1 : Use Windows System Restore to return Windows to previous state

If Windows XP Restore enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Windows XP Restore infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.