System Recovery

Call Toll Free in the US and Canada!

Remove System Recovery. Description and removal instructions

Title: System Recovery
Type: Malware
Severity scale:  (80 / 100)

System Recovery is a fake system optimisation utility and a rogue disk defragmenter. Real system optimisation utilities help increasing windows operating system performance. This is not the case with System Recovery: It will mess Windows PC so users believe that they got serious hardware and software problems and then will ask for a payment to fix it.

Additionally, System Recovery uses trojans to propagate. These trojans infect computer systems and download additional malicious software to earn money from their victims. System Recovery malware will display lots of faked alerts and warnings to scare users. It will display allerts like this:

Critical Error
Windows can’t find hard disk space. Hard drive error


Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

and so on. All these messages are false – neither can System Recovery detect such errors, neither there are any on your PC. It is purely malware infection. 

It will also prevent antivirus software from launching. However, you will be able to launch all kinds of software if you try enough times or scan with your antivirus in safe mode.

You should remove System Recovery from your PC and clean all the trojans that come with it. For that, we recommend killing System Recovery processes first, and then scanning your PC with our recommended software to identify its files and folders. This malware uses random file names, however, in most cases they will be in Application Data folder of active user or All Users.

NOTE: You should not clean temporally files before fully restoring your PC. System Recovery moves your program shortcuts to temporally files folder. If you clean temporally files, you loose all the shortcuts to your daily programs. 

To unhide files that are hidden by System Recovery try this command : 

attrib -h “C:\Documents and Settings\[username]\*.* ” /s /d 


where username is your username. 

Discuss System Recovery in
spyware removal forum

Automatic System Recovery removal:

remover for System Recovery

System Recovery manual removal:

Kill processes:

how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32astvisitedmru “mrulist”

how to remove registry entries

delete files:

how to remove harmful files