fake System Restore

Call Toll Free in the US and Canada!

Remove fake System Restore . Description and removal instructions

Title: fake System Restore
Type: Malware
Severity scale:  (80 / 100)

System restore is a legitimate Microsoft Windows program that restores windows functionality when needed. However, there is a fake System Restore as well – a rogue system optimizer. This corrupt optimization program displays various warnings that  PCs hard disk, video card or registry is in bad state and requires repair with a help of System Restore program. While actual System restore can repair software errors after unsuccessful installation, the rogue version of System Restore claims to be able to fix hardware errors. This is simply not true.

System Restore will try to prevent user from running legitimate software. Each executable is blocked randomly explaining that it resides in bad part of hard disk. Eventually, they will launch. Additionally, some internet pages might get blocked. This is done to prevent downloading programs that assist in System Restore’s removal.

To remove System Restore, we recommend launching the application and leaving it running while you open browser windows to download anti-malware programs. We recommend downloading process explorer first, and killing System Restore processes. Then download legitimate anti-spyware program to identify actual System Restore’s files and delete these. These files should reside in AllUsers Application Data folder.

Discuss fake System Restore in
spyware removal forum

Automatic fake System Restore removal:

remover for fake System Restore

fake System Restore manual removal:

Kill processes:

how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ” .exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ” “
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’

how to remove registry entries

Delete files:
[random].exe from AllUsers\AppData

how to remove harmful files