Remove System Restore (Uninstall Guide)

Custom Search
Are you interested in any one of this Seminar, Project Topics. Then mail to us immediately to get the full reports, Presentations & PPT.
Email:- 123seminarsonly@gmail.com Advertisement
CS & IT Computer Science And Information Technology Seminars Topics Electronics Electronics Seminars Topics Mechanical Mechanical Seminars Topics Projects Project Topics Electrical Electrical Seminars Topics MBA MBA Seminars Topics Nursing Nursing Seminars Topics Civil Civil Seminars Topics Automobile Automobile Seminars Topics Advertisements

Advertisement

System Restore is a fake computer analysis and optimization program from the FakeHDD family of rogues. This rogue displays false alerts that are designed to make you think that your computer has hard disk problems that have lead to corrupt and missing data. It displays these alerts in order to scare you into purchasing the program so that you can fix these issues. In reality, though, there is nothing wrong with your hardware or data, so these error messages should be ignored. System Restore is installed through hacked sites that exploit vulnerabilities in software that may be installed on your computer or through fake online scanner pages. Once installed, System Restore will display false error messages and security warnings on the infected computer. These messages will state that there is something wrong with your computer's hard drive and then suggests that you download and install a program that can fix the problem. When you click on of these alerts, System Restore will automatically be started.

System Restore will be configured to start automatically when you login to Windows. Once started, it will display numerous error messages when you attempt to launch programs or delete files. System Restore will then prompt you to scan your computer, which will then find a variety of errors that it states it cannot fix until you purchase the program. It will then prompt you to repair your PC, where it will pretend to fix fake problems on your computer and state that it was unable to repair some of them in order to make you feel there is a problem with your computer.

Removal Instructions for System Restore

Reboot your computer into Safe Mode with Networking. To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Eventually you will be brought to a menu similar to the one below:

Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard.

This infection will hide all of the files on your computer. So first we have to fix that issue. For that

Please select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
After this please press the Apply button and then the OK

Press on the key Alt+Crtl+Delete key on the keyboard. Now you will get a new window called Task Manager. Now hold the Ctrl key on the key board and click on File, New Task on the Task Manager. Now you will get a new black window.
Inside that black window type CD/ and hit on enter.
Now type ATTRIB H R S /S /D and hit on enter.

It will unside all of the files on your computer. Now you have to delete all of the infected files from the follwoing location

Associated System Restore Files:

%LocalAppData%\<random>
%LocalAppData%\<random>.exe
%LocalAppData%\~<random>
%LocalAppData%\~<random>
%StartMenu%\Programs\System Restore\
%StartMenu%\Programs\System Restore\System Restore.lnk
%StartMenu%\Programs\System Restore\Uninstall System Restore.lnk
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
%UserProfile%\Desktop\System Restore.lnk

Don't delete the folder
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4

These are the shortcuts in your start Menu.
If you delete these folders you will lose all of the shortcuts in the start menu. First take a back up of these folder

%Temp%\smtmp\

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> for Windows 2000/XP, C:\Users\<Current User> for Windows Vista/7, and c:\winnt\profiles\<Current User> for Windows NT.

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\<Current User>\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\<Current User>\AppData\Local\Temp for Windows Vista and Windows 7.

%LocalAppData% refers to the current users Local settings Application Data folder. By default, this is C:\Documents and Settings\<Current User>\Local Settings\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\<Current User>\AppData\Local.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\<Current User>\Start Menu\, and for Windows Vista/7 it is C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu.

Associated System Restore Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

Related Topics :

Remove System Restore (Uninstall Guide)

Sponsored Links:-

Useful links

Useful links

Like Us