Before the ‘Data
Recovery’ software wreaks havoc and interferes with the smooth operation of
your PC, you need to find out ways to remove the malware completely from your
system. You can follow any of the three procedures given below to easily get
rid of ‘Data Recovery’:
I. Manual Virus Removal Method
The procedure is
recommended for advanced Windows users who can safely play around with the
registry keys. In case you do not have technical knowledge or expertise, you
should skip this step.
~ Follow the steps as described below:
- · Boot your Windows System in Safe Mode with Networking
o
Switch on the computer
and press F8 before the login screen shows up. The ‘Windows Advanced Options
Menu’ screen appears.
o
Choose ‘Safe Mode with
Networking’ option.
- · Create Backup of your Registry and Remove Invalid Registry Entries (added by the tool)
o
Press Windows key +
‘R’ on the keyboard.
o
Type ‘regedit’ and
click ‘OK’.
o
In the Windows
Registry Manager, try to find out the following registry entries and then
delete them.
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
“Hidden” = ’0′
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′
HKCU\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char).exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char)”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKCU\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′
HKCU\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char).exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char)”
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
HKCU\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- · Delete Malicious Files Added by the Threat
Search and delete the
following files from your system:
%StartMenu%\Programs\Data
Recovery\
%StartMenu%\Programs\Data Recovery\Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
%LocalAppData%\(random char)
%LocalAppData%\(random char).exe
%LocalAppData%\~(random char)
%LocalAppData%\~(random char)
%Temp%\smtmp\
%UserProfile%\Desktop\Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
%LocalAppData%\(random char)
%LocalAppData%\(random char).exe
%LocalAppData%\~(random char)
%LocalAppData%\~(random char)
%Temp%\smtmp\
%UserProfile%\Desktop\Data Recovery.lnk
If some of the files
could not be deleted, they must be running in the background. Open ‘Task
Manager’, stop the corresponding processes, and then try deleting the files.
- · Run Anti-Virus Scan on Your System
o
Update database of
your anti-virus program via Internet
o
Run a full computer
scan to check your system for viruses and malware. If some malicious programs
are detected, delete them through the software.
II. Use MalwareBytes Anti-Malware to Delete Data Recovery Virus
Files
·
Download and install
the Malwarebytes Anti-Malware on your computer.
·
During the process of
software installation, select the ‘download update’ option.
·
Once the installation
is complete, the software will start an update. This process will need a
connection to its server.
·
Run the software to
scan the entire system and remove all the threats detected. After the process
is completed, restart your system.
III. Use RogueKiller to Delete Malware Components in Your System
·
Download and install
RogueKiller program that finds and removes malware components from the system.
·
When the software is
launched for the first time, it will run an automatic check on your computer to
find out threats. Complete this scan.
·
In the ‘Options’ pane
on the right side of the application window, select ‘MBR Scan’, ‘Check Faked’,
and ‘AntiRootkit’ checkboxes. In the same pane, click on ‘Scan’. The software
will run a scan against your infected system for invalid registry entries,
drivers, and ffiles.
·
Once the scan is
completed, you will get a list of all threats found by the tool.
·
Select each infected
or malicious component and then click ‘Delete’ in the ‘Options’ pane.
·
After removing all the
threats, restart your system.
E Enjoy it & Put Comments Here...
0 comments:
Post a Comment