Windows Repair virus – how to get rid of fake WindowsRepair manually

Windows Repair is another fake system optimization and security software. Windows Repair belongs to rogue virus family that tries to scare users with fake warning messages and alerts telling user that his computer is infected and has some serious problems with hard drive or system RAM.
fake windows repair virus Windows Repair virus   how to get rid of fake WindowsRepair manually

It may display messages like:

“Registry defragmentation required”

“GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash”

Purpose of this fake tricky messages is to scare user and convince him that his computer has serious problems and Windows Repair should be used to get rid of these errors. Once user is agree to install and use Windows Repair, it would ask the user to pay for the full version to get rid of viruses. Never let Windows Repair swindle your money away, do not buy this bogus software as it is totally fake and useless.


Windows Repair is a dangerous threat for your system, it has no ability to detect and remove viruses and windows problems. But it is a virus itself which may bring new malwares to your system. It may also steal your personal data like credit cad info for miss-use. Immediately remove Windows Repair from your computer upon detection.

How to get rid of Windows Repair virus manually:

To remove this virus manually, complete the following set of tasks. Do not forget to create a backup before getting started to the manual removal guide.

Stop Windows Repair processes:
[random word].exe

Remove Windows Repair Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1?
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1?

Remove Windows Repair files:
%Documents and Settings%\All Users\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random].exe
%Documents and Settings%\All Users\Application Data\[random].dll

Auto Removal

To remove this virus Automatically, We suggest following tools:

Malware Bytes Anti-Malware (Download)


StopZilla Anti-Spyware (Download)

Comments

  1. JD Stone says:

    I was able to successfully clean the Windows Repair virus off my computer with MB Anti-Malware, but there was no data in the Users files, ie: Documents, Photos, etc. I checked the size of all the visible data on my C: drive (program files/Windows files) and it came to only 9 gig, which tells me the data in Users is still there since it says I have 72 gig available on a 150 gig drive. Does Windows Repair block the ability to see your files and since it was removed, wouldn’t the data reappear? I downloaded Chrome again to my desktop and was going to cut and paste in the supposedly empty Download file in Users, but the system said the file was already there. Is there a way to be able to see all those files again? (It also hid all desktop doc and photo files as well it seems).

  2. Ken says:

    Nasty bug! Ran malwarebytes to remove it. Ha me thinking my hdd was dying

    To view files again you will need to go into dos prompt and use ‘attrib * -h /s’

  3. Alex says:

    Hey So i had the same thing and all my files like music, photos, papers ect… they were all “hidden” but they are all there just look for them

  4. Alexi says:

    JDSTONE: There is a way of seeing those files: In Windows Explorer, go to the Tools > Folder Options menu. Under “View” and in “Advanced options”, Files and Folders > Hidden Files and folders, check “Show hidden files and folders”

  5. Srini says:

    Hi JD

    I was able to successfully clean Windows repair virus using MB Anti-Malaware.Coming to files not displayed issue….The faker virus just hid all the files…so go to drive and select all the files and click on Property…Uncheck hidden checkbox and it will take time to change depending on number of files…

  6. JD2005 says:

    RE:JD Stone The exact same thing happened to us about the same time yesterday. We havent got rid of the windows repair thing as of yet but was just curious as to weather you also got the XP security center virus as well? Everything was deleted from the desktop here also.. Did you eventually recover anything you had lost?

  7. FS says:

    JD, I used combofix from bleeping computer site and fixed the problem so that I could see the files and folders again.

    Otherwise, you can always go to tool, then folder options, then click on view tab. go down to hidden folders option and click show hidden folders. But I am not sure if this is the best way to solve this problem.

  8. Mike says:

    Same thing here, any solution?

  9. Ken says:

    Look for the folders holding the vaious items you are missing in windows explorer, or even the file itself. Once explorer locates it, right click on the file or folder and click on properties. You should see a check box labeled ‘hidden file’ or ‘hide file’. Windoews Repair checks this and thus hides the file or folder. Uncheck the box and your probelm should be solved.

  10. A. Mutch says:

    It seems like the program simply hides all your folders and documents and pictures to make it seem like they are damaged or missing. All my files were gone, but still taking up space like you, turns out they were just hidden.

  11. Khaze says:

    I have the same problem JD Stone is describing. I can still see how much of my hard drive space I have used (100gb of 150gb), and I can even type a path in when I go to start -> run and find it, but I cannot see my files or folders in explorer and all the icons except for a few (like my computer and recycle bin) on my desktop have disappeared.

  12. Josh says:

    @JD Stone – I just got the same thing. It seems that the malware went in and hid all the files. Try right clicking the folder and going to properties. You will notice that the “Hidden” box is checked as well as the “Read Only” box. Uncheck both and hit apply. Then, if it asks, apply to all subsequent folders.

  13. Ryan says:

    Thank you so much for the help with finding the files again!

    One thing though, I didn’t have any luck removing the Windows Repair Virus with Malwarebytes. It might have been because the virus disabled my wireless connection somehow and I couldn’t update Malwarebytes. Either way, Super Anti-Spyware (also free) worked amazingly after that without any internet connection. I was a little nervous at first cause the name sounded kinda bogus, but it is awesome! I highly recommend it if Malwarebytes can’t do the job.

  14. Shawn says:

    I had this hit me last week and as of yet I have not been able to get it removed, I have no access to IE or Firefox to download an auto fix and I do not know enough about DOS and prompt commands to do it manually.

  15. John says:

    I have been trying to run the malwarebytes to remove the WindowsRestore virus but my computer keeps aout restarting before the scan is complete. I read that the auto restart is part of the virus, can this be stopped?

  16. Deek says:

    I have been fooling with this since 8:00PM last night and NOTHING has worked. Get a message before Malwarebytes is finished. Cannot do anything in safe mode. Cannot seem to get McAfee to see it. Cannot get to my C: drive to attempt a manual remove. Has anyone found a quick fix?

    Also:
    1) Will a complete wipe and restore of Windows get rid of this?
    2) Is there anything out there to keep this from coming through?

  17. Peggy says:

    I had to tweak Ken’s command to include the directories. attrib /D * -h /s

  18. Fook-Chuen says:

    I have removed the virus manually but I am unable to view any files in my [Document and settings] folder. In the Start Menu all the shortcuts for old programs are missing. otherwise I am able to view all other folders and the virus is now inactive.
    I have tried both the ‘attrib * -h /s’ command and also set all the folder to show hidden files but to no avail. The PC has also been resetted twice.

    If anyone can help this would be most appreciated.

  19. Balint says:

    So a few minutes ago it attacked my computer.
    I kill it with Norton Power Eraser, but i still had the problems with hidden files etc. if u search for your files (be sure u checked the “search in hidden files or folders”) u can see them. I can make my desktop files visible and programs menu visible (go windows explorer and make the main folders unhidden) but i think after i save my data to other partitions i do a format!

  20. sarb says:

    i had the same problem but getting it under control thanks for info

  21. Miriam says:

    So I couldn’t get online and I have no knowledge on command prompts, so I used the hidden file knowledge (i was wondering what happened to them!) you guys talked about and found what file the virus was in. Then I went to safe mode, went to tools and made it so it shows all the hidden files, found the hidden file called ProgramData with the virus in it, and deleted all the files having to do with the virus.. It worked great! sorry if this is confusing… I’m really not good with computers. Thanks for the help though!

  22. alicia says:

    so far nothing has removed it. super antispyware removes it but it comes right back. trying malwarebytes now hope this works. resetting the setpoint in msconfig got all my files back instantly.

  23. Kennster says:

    I got this today- Seem to be removing it gradually:I nearly have my desk top back and can see all my files and task manager is working Can’t get online though and super spyware and malwarebytes cant see it.
    spent 12 hours trying to remove this
    Its a learning curve methinks:)

  24. Kaarl says:

    works a treat thanks for the manual removal advice

  25. Carol says:

    I got this end of March and used Trojan killer to remove. The website had an instructions Enter command attrib.exe -h SysDisk:\*.* /s /d (SysDisk – system disk, for example C:\)
    Then I could see everything! Hope this helps!

  26. Lucia says:

    Thank you all for the helpful tips! I got this yesterday and was so devastated that all my pictures and files were gone that I couldn’t sleep. I was able to get rid of the virus by downloading McAfee Total Protection (currently on sale for $49.99, I think), but even after restarting my PC I haven’t been able to locate my files. I’ll try locating it through hidden files and will try the command information provided.

    Thank you so much!!

  27. al says:

    thanks very much. I followed your directions and it worked like a charm.
    Cheers to you!

  28. presley says:

    I just got the damn virus and got rid of it a few mins later thx to this site,my internet is hijacked but i plan to fix that soon,as for the hidden files i just went into each file and hid and then unhid all the “files” and everything showed back up where it was suppose to me,most annoying virus ive ever gotten,ill make sure i kick the moron who made it in the balls lol

  29. Caleb says:

    I just picked up and removed Windows Repair virus. It’s quite an intimidating virus and didn’t even require me to click anything or install to get it, while running Firefox… Anyway, all I did to get rid of it was Start > Msconfig to Safe boot, Start > Restore computer to earlier time, restart. Once System Restore does its thing you will have random files hidden from you, part of the footprint of the virus. Go to C: highlight everything, right-click, uncheck Hidden, click OK. All should be well after that.

  30. bostonblah says:

    my friend got this ,and he is a drooling retard when it come to computers,so of course i have to fix it
    i hope malware bytes will get rid of it
    but how and where do you think this got picked up from?
    oh and i cant believe i see so many people here touting mcafee ,its the biggest POS ever,you people may want to do yourselves a huge favor and get rid of mcafee cause it sucks shizz,if you have comcrap cable internet get the free norton they offer it can be had for free and installed on uo to 5 computers for free with a comcrap cable internet subscription,and it is much better crapafee ,or i hear kapersky is godd too, but just m=not mcafee,anything but that POS,it used to pop up this huge warning window and have no way of closing it and it would block by whole screen,and there was no way to get rid of it,even closing all mcafee processes in taskmanager didnt work,mcafee SUCKS

  31. Cooper says:

    I had the windows repair virus. My desktop was black and some of the icons were missing. After much research on the internet, I learned how to remove it manually. I was able to restore my icons by showing hidden files, however my
    desktop icons are ghostlike. The graphics are not solid in appearance, they opaque. I thought I removed the windows repair as well as all the little hijackers that came along with it. Is there a way I can restore my desktop back to normal? Is there a location other than Documents and Settings that I may have missed? Please advise if you’ve experienced this problem. Thanks.

    John

  32. Ilango says:

    I tried with above mentioned procedure, it worked for me.
    Thanks.

  33. Kocacz says:

    Hello,
    for all of you, who has still the problem with this fuc*ing fake program.
    There is a simple solution.

    Just download this free program SUPERAntiSpyware Free Edition
    Install it and then simply begin the quick controll.
    Wait for the result and reboot the system, then everything is allright ;)

    ps. I didnt have a problem with the hidden files, so thats all from me.

  34. john says:

    For all the people looking to restore the icons and hidden files, it’s simple. There is a free program called unhide. google it.

  35. rumer says:

    thanks john,…unhide worked great and did the job!!

  36. Virgil says:

    Thanks to everyone for the advise. I was ready to pay someone to remove this Crap off of my machine else buy another program (I currently run Norton 360.)

    Here’s a tip…I used my real “System Restore” command in XP Media Center Edition running in “Safe Mode” and restored to a known good point a week ago, then used the display hidden files advice found here and everything appears to be working fine.

  37. Jeff says:

    Yes, thanks for the expert advice. I did what Virgil did and it worked great. I showed hidden folders/files, and could see and use them, but they were grayed out. Then I unchecked the hidden file and read only boxes and everything was fixed. Kudos to the righteous folks! Death to the New World Order!

  38. Rob says:

    I got it to don’t know from where but used CA antivirus to remove it and Ccleaner to fix the damage it did to the registry. ALL 799 issues it made. Nasty little booger. I think i picked it up off a web page but right when it happened i shut down my connection to the net and wiped any private files i had. they can’t be replaced and that sucks but i hope they were not stolen. (risky photos of wife for calender i was making for myself) i do not want to find her on the net… anyone know of what kind of files they try to gain access to? or how long it pokes around the system before it pops up with that repair jazz? So far i have only seen how to correct the problem but i need more. i want to retrace my steps get re-infected and report the source. any info or advice to help bring this scumbag down is appreciated. thank you for your time and help.

  39. Ryan says:

    Virus is gone. You guys have saved me again. I can’t thank you enough

  40. Pat says:

    I just got this virus a few hours ago. I got the computer to show hidden icons but it’s blocking any connection to the internet and access to my manual superantispyware program. I was able to start it in safe mode once and I tried to download superantispyware. The virus was blocking it sending me to other sites. Same happended when I tried to load other spyware. Now the virus is blocking me from starting it in safe mode again.I have tried system restore and it’s blocking that. Does anyone have a suggestion on how to proceed before this drives me nuts. Nothing complex please.

  41. Milan says:

    some files are important and if they are virus infected than we need to repair tha…To do this type of thing which tool i need????

  42. Barbara says:

    Ok so I just got this nasty virus today , all my Files seem to have been wiped away and all folders empty. My desktop icons are all gone and I’m left with nothing but a black screen. I have macafee and done a virus scan and said there were no viruses yet this virus is still on my pc .. Every time I log on it justs pops up and won’t let me close it. If my Internet security isn’t picking it up as a virus how am I supposed to delete it?? And I can’t log on to the Internet I have no Internet explorer or any web access applications because it’s all been deleted .. HELP :( :(

  43. jake says:

    my photos are hidden and my programs/documents are missing. how do i find the files?

  44. Phill says:

    In case of Hidden files that cannot be seen at all, There is a program named Unhide, Google it! it could be suspicious, but it worked PERFECT for me.

    PS: if you have hidden files that you’ve hided yourself, it is a 35% chance for them to be deleted

  45. Phill says:

    Sorry for Double-comment, In case of Un-fixing virus, try 3 methods,
    1. Google it.
    2. Download programs like Malwarebytes’ or Hitman pro 3.5
    3. Mess up with the registers.

    PS: from method 3, you should google and do after tutorial or, just get sure that the Task Manager is set on =1

    Thanks.

  46. Micki Franke says:

    HELP PLEASE!!! I know this is bogus as I’ve been hit with the Antispyware Soft and can’t execute a darn thing!