How To Uninstall / Remove Windows Restore Virus ( Removal Guide )


05.04.2011

How To Uninstall / Remove Windows Restore Virus ( Removal Guide )

Windows Restore is a bogus PC application, mainly it is a virus program, that poses as a PC optimizer and analyzer. It gets into computers via Trojans hosted on suspicious URL addresses that you accidentally or not manage to visit. You will be notified via online pop-ups that your computer’s hard drive has errors and that you should scan it for problems. When you click the OK button, the Windows Restore virus download and installation will begin and you can’t block it.

Windows Restore takes control over all your computer’s applications and it blocks all executable so that you won’t be able launch not even a single and real antivirus program to remove the malware. This virus application will load before Windows manages to load all other files and desktop icons. After that your computer will start to show various fake alerts whenever you try to open programs or when you try to delete files and folders. After those false alerts will be shown, you will be asked to scan the PC and when the scan will be completed and you click on Remove, the Windows Restore will tell you that you have to purchase its full version, if you want to get rid of all those malware files. All the messages and recommendations are fake and you should avoid clicking them, and do not even  think about buying the Windows Restore product. In case you were tricked into purchasing Windows Restore malware, you need to call your credit card company and explain them that you were the victim of a scamming fraud and that you wish to know if there is a chance for you to get your money back.

Another thing that Windows Restore changes about your PC, is the addition of a fake Safe Mode menu, which appears after you allow the malware program to defrag your PC and scan it for errors. That defrag program will tell you that in order for it to find and solve all the errors of your system, it needs to run in Safe Mode, but instead of using the normal Windows Safe Mode menu, it install it own interface and you will be shown a fake defragging tool and the only thing that you can do is to wait for the scan to be completed, when you will be told that errors were found and you need to purchase its full edition in order to fix them.

Windows Restore is a Ransomware type of virus, which means that it will try to steal money from the users that got their systems infected with it. It tells you that in order to get rid of the virus you need to purchase the Windows Restore software. Also, this message will be displayed whenever you try to launch an executable, that Windows Restore consider it to be a threat to its integrity and thats why such error is displayed every time you try to launch a web browser or the antivirus software. This is a self protecting action, that Windows Restore takes in order to keep away all the anti-malware applications.

It disables all the web browsers, such as Firefox, Chrome, Opera, Internet Explorer, Safari etc so that you won’t be able to use them for downloading an anti-virus program that could be used to remove the Windows Restore malware infection. However, this happens to selective computers as the web browsers aren’t disabled on various computers and if that is the case for your PC, it means that you will be able to download the applications required to remove the virus directly on the infected PC, without using another one to download, then to transfer to antivirus application on it, in order to start the virus removing process.

Windows Restore along with other similar malware programs, managed to infect thousands of computers worldwide and because of this, there are users that purchased the Windows Restore software thinking that by doing this, the virus will go away, but they couldn’t be more wrong because the money sent will be lost and the malware will remain on the infected PC.

To remove this virus completely, you will have to carefully read all instructions and respect all the steps and at the end of this removal guide, hopefully you have managed to remove the Windows Restore virus.

Windows Restore uses numerous fake alerts to trick users and below you can find some of them:

  • “Critical Error. Hard Drive not found. Missing hard drive.”

  • “ Critical Error! Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.”

  • ”  Activation Reminder. Windows Restore Activation. Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.”

  • “System Restore. The system has been restored after a critical error. Data integrity and hard drive integrity verification required.”

  • “Windows – No Disk. Exception Processing Message 0×0000013″

  • “Low Disk Space. You are running very low disk space on Local Disk (C:)”

  • “Windows Restore Diagnostics. Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?”

  • “Fix Disk. Windows Restore Diagnostics will scan the system to identify performance problems. Start or Cancel.”

  • “Windows Restore Diagnostics. Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?”

  • “Critical Error. A critical error has occurred while indexing data stored on hard drive. System restart required.”

  • “Critical Error! Damaged hard drive clusters detected. Private data is at risk.”

  • “Requested registry access is not allowed. Registry defragmentation required. Read time of hard drive clusters less than 500 ms. 32% of HDD space is unreadable. Bad sectors on hard drive or damaged file allocation table. GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash. Drive C initializing error. Ram Temperature is 83 C. Optimization is required for normal operation. Hard drive doesn’t respond to system commands. Data Safety Problem. System integrity is at risk. Registry Error – Critical Error”

  • “Critical Error. Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.”

These errors will pop-up from all your computer’s hidden corners, from the taskbar, dialog boxes etc. Your computer will display security alerts, warnings, errors that are all fake and you should ignore and then get to the first step of the Windows Restore virus removal guide and so you will learn how to get rid of this infection fast and without worrying too much about the fact that data on your PC has been affected.

In case you find troubles removing this virus, then you should post your questions and concerns in this post’s comments field and we will gladly help you. Remember that in case you consider that you don’t possess advanced PC skills, you need to read the instructions twice before applying them, because no one wants to repeat the steps in the removal guide more than once, but if at the end of the removal you see that the virus wasn’t removed, then you should try and repeat all steps and see where you did wrong.

Windows Restore virus uses numerous tactics to mislead you into thinking that the applications that you need to use for the removal process are virus infections and you should ignore such alerts because the only malware present on your system is Windows Restore and you should only concentrate on how to successfully remove it from your PC.

Windows Restore will change the contents of some of your system files by making them hidden such as the ‘System32′ Windows folder, which now appears as it has no files or folders. It does that in order to make you think that your computer has problems and that only by using Windows Restore’s tools you will manage to fix it. However, all those files are hidden, not a single one is hidden and you should leave the folders in their current state and get to the virus removal guide instructions. The info on how to restore this files to their unhidden state is listed at the end of this post. Now, before we get to the first step of the virus removal guide, you need to prepare your system so that you wouldn’t be forced to repeat all steps. Below you can find such instructions.

Prepare your PC for the virus removal process

Before we start removing the Windows Restore virus, you need to know this:

  • print out the info in the removal guide, because at some point you will have to terminate all the opened applications. Alternatively, you can open this web page on a nearby computer and follow the instructions from it.

  • it is possible that the Windows Restore disabled the download features of your PC, in which case you will be forced to download the virus removal tools on another PC. After that you need to move them to the infected PC using a CD / DVD or a USB flash drive.

That’s all that you need to do in order to properly prepare yourself for the removal process.

Windows Restore Virus / Malware Removal Guide
  1. Download iExplore.exe from here. This application will terminate and close all the Windows Restore malicious processes from running. Place the virus process terminator on your desktop.

  2. Launch iExplore.exe and wait for it to close all the malicious processes. iExplore.exe will close automatically when all the malware programs have been closed. DO NOT RESTART the computer; get directly to the next step.

  3. Download Malwarebytes’ Anti-Malware from here. Malwarebytes’ is the best virus removal application. Place its setup installer on the infected PC desktop. When the download is complete, you need to close all the running applications.

  4. Launch Malwarebytes’ installer and wait for the installation process to reach the last screen. When you see the last screen of the installation process, you have to be sure that the ‘Launch Malwarebytes’ and ‘Update Malwarebytes’ options are both selected. Now you can click Finish. DO NOT RESTART the PC.

  5. Malwarebytes’ will launch automatically and it might ask you to update it, but considering that it already performed an updating task, you can click Ok and MBAM will take you to its main Scanner screen.

  6. Now, select ‘Perform Full Scan’ option and hit the SCAN button.

  7. The scanning process is now in progress and you simply have to wait for MBAM to complete it. When the scan has been completed, you will be notified by Malwarebytes’ via a dialog box. Click OK.

  8. Malwarebytes’ opened the Scanner menu once again, but  now you need to click ‘Show Results’.

  9. Now you should see all the Windows Restore virus files found by MBAM. Select all of them for removal and then click ‘Remove Selected’. Now the removal process is in progress and Malwarebytes’ will do the rest. Please note that MBAM might ask you to restart the PC, allow it to do so. When Windows resumes desktop it will continue with the removal process.

  10. When Malwarebytes’ completed the removal process, you will see that Notepad opens up and it contains the scanning log. Review it and when you’re done, close it.

  11. Close Malwarebytes’ Anti-Malware.

These were all the steps that you had to take in order to get your system free of the Windows Restore virus.

As I’ve told you before, Windows Restore managed to hide some files from you and in order to un-hide them you will have to download he following application:

  • Unhide.exe, download it from here. When the download is complete, simply launch it and Unhide will take care of the rest.

That’s it, now you’re computer is clean of all Windows Restore malware files. If you wish for your computer to stay free of malware you need to purchase and install a powerful antivirus program or you can upgrade the Malwarebytes’ Anti-Malware program to its PRO edition.

Upgrading Malwarebytes’ to is PRO edition means that your computer will be protected against the worst malware threats. Also, periodically you should configure it to scan your PC for malware and keeping MBAM updated to the last virus revisions, you will be sure that not even the newest virus software will get into your system.

Also, in order to stay away from viruses, you shouldn’t visit any more suspicious websites that are hosting worms and trojan infections. A worm or a trojan is an infection that gets into your system because you visited malware web pages, that Windows Restore used to trick you into clicking the bogus online scanning ads, that triggered the installation of Windows Restore on your computer. These trojans are staying in dormant state and after some time they will start automatically and you will notice that errors and security warnings are appearing out of the blue on your PC.

I hope that you managed to easily understand the instructions in this post, but in case you have any questions please use our comments field for posting them. Remember that if you have any other problems with your PC, you can use our search box to find the proper guide.

To be sure that the virus has been removed you should use Malwarebytes’ to scan the PC again and if this displays an empty list of found malware infections, then it means that the Windows Restore virus has been successfully removed. However, if MBAM delivers a negative search and the malware is still present on your system, then you should repeat all steps in Safe Mode with Networking and this might do the trick and remove it. In case not even this solution works then the only option you have, is to format the entire hard drive, but this should be taken into consideration only as a last resort, because formatting the HDD means that all data stored on it, will be lost for ever and there is nothing that you can to restore it.

Softsailor contains numerous other how to guide that you can use to remove other malware infections and to find them you need to use the search box, which is located in upper right hand side of it. Also, browsing our website you will find other how to guide that are helping you download, install and use various applications, such as Photoshop, Microsoft Office etc. There are multiple guides on how to jailbreak, downgrade and update your iPhone, iPad, iPod Touch, Android, Windows Phone 7 devices. Now that I’ve told you everything about how to remove the Windows Restore virus and what it does, you should warn your friends and family about what websites to browse and if they ever get past  such malware, they can access our website to learn how to remove such infections from their computers.

Tags: windows, restore, virus, malware, removal, hard, drive, download, system, should, malwarebytes, remove, process, guide, scan, order, computer, files, errors, detected, find, data, applications, disk, software, launch, click, because, program, case