This malwares named Windows Restore or WinRestore belongs to the commonly known fake programs of rogue virus family. it is also known as WindowsRestore and has a clone named System Restore virus. It is 100 percent sure and confirmed that it is not a legitimate and useful computer software but a bogus and piece of fraud tools and a part of scam which offers the restoring services of your windows and system to normal and healthier state if you pay some fee for it. You might be thinking how can it be a part of scam. The Answer is that Windows-Restore virus is a fake software developed by hackers. They just want to sell this product to innocent computer users and swindle their money. To get this program purchased, They drop it into computers over internet using malicious websites ,worm and trojans. After Windows restored virus is placed in your computer, it will try to scare you with fake warnings and alerts and it will force you to buy its full version to get rid of viruses. And if unfortunately, you use your credit and buy this useless crap, It wont remove viruses and spyware from your computer but it will mess your system more and more. And there will be no way to get back they money you paid for its non-existing services.
This program is named Windows Restore, which means it offers windows restoration services. But as it is fake, you can never get your windows restored using this malicious software. Which is a sign of its being corrupt tool.
Pleaser Remember! All these warnings, alerts and virus removal offers made by Windows Restore virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.
How to remove Windows Restore virus manually:
To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.
Stop Windows Restore processes:
[random].exe
Remove Windows Restore Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policie \Associations “LowRiskFileTypes” = ‘{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
Remove Windows Restore files:
%AppData%\Microsoft\[random].exe
%UserProfile%\Desktop\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\
%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk
Auto Removal
To remove this virus Automatically, We suggest following tools:
Malware Bytes Anti-Malware (Download)
StopZilla Anti-Spyware (Download)
I tried malware bytes and it seemed like the problem was gone but the virus deleted all my pictures and whenever I try to go to a normal website it redirects me to a bogus search engine .. Please help !! I had lots of memories
It didn’t delete those files it just made them “hidden”, and did the same with desktop shortcuts
I to tried antimalware but it caused my windown not to load back in the orginal screen. it has hidden my business file and it sux.PLEASE SOME ONE TELL HOW I CAN GET RID OF THIS AND DONT COST THE BUYING OF MORE SOFTWARE
If I am not mistaken, the virus “hides” all of your folders and everything and so all you have to do is open your folder options within any window and “Folder and Search options” should be the one to pick. Under that there is a view tab and within are a bunch of radial buttons, there is a folder called “Hidden Files and Folders”, checkmark the one that says “Show hidden files, folders” and after you hit apply and everything, you should see all of your folders back to where they are.
Alex this your recommendation worked great for brining my files back. Do you have a suggestion for getting Picasa photos back. YOu saved me on my files after I spent too much money with a company to help me fix and they could not find my files.
Alex, I found my photos. Although they are no longer viewable within Picasa they are all in my folder for pictures. Thanks again..I paid alot to get help and you fixed the problem.
Alex, I followed your directions on removal and didn’t have any luck. It will not let me get to the website to download any anti-malware removal product. I have tried in Safe Mode as well. What can I do?
Mike, you may have to download a virus removal separately onto a external USB, from another computer. Here is the link; www. precisesecurity.com/tools-resources/free-antivirus/virus-scan-kaspersky-usb/. This will show you how to download, install, and implement the USB drive. The files are not big, so you don’t need to spend lots of money on a larger USB. Also Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, rename the executable file before executing on the infected computer. (Download from a clean computer) Hope this helps. On another note, I have not been successful in reverting all of my files and folders. When I go to desktop themes to change the picture the selection is faded out and can’t be accessed. Also not all shortcuts on the start up menu has been re-populated. (I tried the unhidden files and folders trick already, and manually deleted all the registry changes) If anyone can advise it would be greatly appreciated. Thank you in advanced!!
Good advice but…..
Remove the virus? Really? I’d of never thought of that. What was the point of this srticle if you don’t tell anyone how to actually do these things. Looks like somebody had a deadline and need to write something quick.
Alex, you are awesome! I cleaned malware from my girlfriends computer but tried to recover the “deleted” files with registry editors and the like. You were right, the virus was gone but it had hidden the files! I followed your instruction, selected “show hidden files,” and they all reappeared! How happy were we? They were all “ghosted” until I selected the folders, hit “properties” and unchecked the “hidden” attribute, applied to all folders and sub-folders and hit “apply.” They are back and just like they were! You are awesome!
Friend of my wife had this on her laptop. Very nasty little thing. Looks legit but I knew it wasn’t. I took her hard drive out and popped it into an external 2.5 enclosure and hooked it up to my windows 7 machine and ran AVG against it and it went away. Can see files now. Wow. I am just glad she did not try to purchase it.
I have a seven year old dell desktop and this virus just effected my compute yesterday i want to try to remove it without buying something expensive i cannot enough open anything this screen comes up as soon as you turn on the computer with no inetrnet access when i get home i am at work right now
I was able to remove virus and restore some files the way described but not all came back. Many folders say empty by them.
Does this mean my info is gone? I was going to try system restore to a previous date but I can’t get into that either.
I also tryed in safe mode but it wont allow and says to restart computor and try again. That did not work.
Any ideas?
I’m I going to have to reboot?
Hey Joe (an others) I have just removed this program by restoring my computer to a previous point with the ‘real’ system restore. When you log in just click start then search for restore and it should have an icon of a little blue flag with something like restore to previous point then its just follow the instructions and it worked!
Alex, thank you so much!! I thought I lost everything including my wallet
lol Thanks again
Alex I tried going to Folder options, and it did work to get back my folders. My only concern is that it seems to be in the background, and not on the actual desktop. Has any one experienced this, the icons showing up just very faint on the desktop. I would appreciate any help with this
Also, I am not very computer savy can some one give me some steps on how to get to the portion of my computer to delete these files.
%AppData%\Microsoft\[random].exe
%UserProfile%\Desktop\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\
%UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk
%UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk
I have this virus and my computer is cripped. Even when I hit start, all programs, it says “empty.”
I don’t know much about computers. I see the “HKEY” stuff above, but where am I supposed to type that? How do I get there?