System Restore virus – how to get rid of Fake SystemRestore

System Restore is just another fake rogue virus which claims to be a legitimate restoration software. System Restore is a clone of another malware known as Windows Restore virus. Both these tools are totally useless and bogus. they do not help you get your system restored but they mess up your computer just like other viruses.
fake system restore virus System Restore virus   how to get rid of Fake SystemRestore

The virus SystemRestore is a dangerous threat for your pc so it should be treated like malwares. The main sign of system restores`s presence in your system are unwanted popup messages that contains warnings and alerts about your system. These annoying popups are displayed by System Restore on your computer when your system is infected by this virus. The aim of System Restore virus is to scare users with fake warnings telling your that your computer is infected with spywares and you should use System Restore software to get rid of these viruses. once you are convinced and agree to use solutions suggested by System Restore, it,ll ask you to pay the registration fee of full version. That is the goal of this System Restore thing. Do not buy it because this malicious program is a scamware.

Remember! All these warnings, alerts and virus removal offers made by System Restore virus are fake. This program is totally a fake software and it is specially designed to extort your money by selling its fake security products. You should ignore these warnings, avoid purchase of this program, avoid clicking any link within its popups and do not install any component of it promoted. All you have to do is to immediately remove it from your computer upon detection.

How to remove System Restore virus manually:

Stop System Restore processes:
[random name].exe

Disable System Restore DLL files:
[random].dll

Remove System Restore Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1?

Remove System Restore files:
%Documents and Settings%\All Users\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random].exe
%Documents and Settings%\All Users\Application Data\[random].dll
%Documents and Settings%\[User Name]\Desktop\System Restore.lnk
%Documents and Settings%\[User Name]\Start Menu\Programs\System Restore
%Documents and Settings%\[User Name]\Start Menu\Programs\System Restore\System Restore.lnk
%Documents and Settings%\[User Name]\Start Menu\Programs\System Restore\Uninstall System Restore.lnk

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)

Comments

  1. Karen says:

    I’ve just spent about four hours trying to get rid of this virus in windows 7 and restoring windows back to where it was. The two virus programs shown here didn’t work. I downloaded and got rid of four or five different ones before I found one which I’ve since deleted. I was told when it was gone to go to control panel and unhide all my files but that didn’t work. I’ve been restoring each file one at a time. I think I’ve gotten rid of the virus but it’s a tough one. I also couldn’t find the manual instructions above in windows 7.
    Karen

  2. grrrrr says:

    Yeah.. Stopzilla just hijacked my browser.. my perms are still screwed up tho.

  3. Joe says:

    Agree with all Karen said above. Instructions do not apply for Win 7 and I have always used StopZilla and it failed to protect or fix the issue. Most annoyingly, the virus wiped my entire account. All the videos, pictures, music and documents on my computer are gone as are all the “settings files”. Bottomline: I am reinstalling Windows 7 and starting over again.

    Very annoying virus that needs a Win 7 update/fix.

    Joe

  4. Patti says:

    @Joe – did you check to see if the folder that contains all of your documents, pics, music etc. had a “hidden” attribute enabled? To see this, you have to enable the Detail view – then in the attributes column you should see an H. Any folder that has an H you can right click on, click Properties and uncheck the “Hidden” option in the General tab. Hope this helps.

  5. Steve says:

    Don’t re-install – if you have followed the steps above, you are remedidated from the virus. Next thing is to download “unhide.exe” from download.bleepingcomputer.com and run it. Your stuff is there – just hidden.

    I just remediated one machine from it, and while nasty, it is able to be overcome. :)

  6. Steve says:

    I should have specified that I used the manual steps above, not any of the programs.

  7. charles says:

    ok…I go to safe mode w/networking and still everything is blank. what do i do from there????

  8. Jeff says:

    xp 2000home edition, malwarebytes, which i have sworn by worked, first run in safe mode w networking, then run again loaded normal mode. But it left me with a further problem. On boot, I get a Rundll error loading c:\documents, the specified module couldn’t be found. I have unhidden all files and i still don’t have a my documents, my music, my pictures options on the start menu, and the printer is not seen but works. Other than attempting manual instructions, any thoughts before I begin?

  9. Shane says:

    Has anyone figured out how to get rid of this for windows 7? Neither Malware bytes or stopzilla are working

  10. Pending Success says:

    @ Charles, in Safe Mode, you are able to at least access the Task Manager with CTL ALT DEL. From there, you can choose RUN from the File-New Task menu so that you can ru the Reg-Edit. From there…well…I am still working on it. I have not found any physical program files, however, some of the listed registry entries have been removed. This one is a Royal Pain! Oh, and I can’t find Unhide.exe @ bleepingcomputer.com….I will have to look elsewhere.

  11. Billy says:

    I’ve used Malware Bytes now on a pc running XP and on one running 7. It worked on both but I had to run it twice on the windows 7. Then had to do as the others have said and “unhide” the files and settings.

  12. Matt says:

    C:\ProgramData\756Glrujxl5KM9.exe this is a new name that it’s under

  13. sid says:

    I have had this virus, and I’m not sure I’m rid of it yet (it did reappear… but YOUR DOCUMENTS ARE STILL THERE, they are not deleted or moved. I could not find then in the start window, but if you right-click on the taskbar, go to properties -> atart menu -> customize, then everywhere you can, click on display as link, and the documents menu, control panel, etc will return. I still have a problem that the programs, etc on the left hand column are referncing a roaming profile instead of my regular profile, but I think all the progtams are still there as well. I’m still trying to solve other issues from this virus, but before you just do a clean reinstall, PLEASE get a portable hard drive if necessary (or large flash drive), and find your documents and back them up… They are still there, and as far as I can tell, uncorrupted.

  14. Jami says:

    I really need some help with this virus. I have nothing when I click on START…so I am at the total loss as what to do. This also means I am npt ablut to get on the internet. Ease help me.

  15. Hal says:

    Running rkill in safemode, then malwarebytes, then doing it again in regular mode, and then running unhide.exe (so I could see my documents, etc. again), and then customizing the Start Menu through its Properties by checking off the items I wanted to see as links in the Start Menu, fixed all my problems in Windows 7. Thank you all.