File Restore

October 19th, 2012
Home » Rogue Antispyware » File Restore
Repair and protect your computer easily. Download File Restore removal tool  

File Restore description

File Restore is a rogue anti-spyware application which spreads via trojan horse and it is the latest malware floating online. It gains to trick users into thinking their system is severely compromised and needs being fixed with its “full” version. This is a fraud.

Once active File Restore starts to imitate computer scans and displays fake warning messages that state about computer infections. Here’s one of many fake messages:

Hard drive boot sector reading error
System blocks were not found
Error while relocating TARE sectors
Error 0 – DATA_BUS_ERROR
Error 0×00000078 – INACCESSIBLE_BOOT_DEVICE
Error 0×00000050 – PAGE_FAULT_IN_NONPAGED_AREA
The storage device has failed a self-test
The self-test procedure of the storage device has detected an irreparable errors.
SMART state is “Out of order” before the disk scan

Do not fall for this blatant scam. It may redirect your browser to misleading web pages that sell the program. The parasite is able to disable your anti-spyware program as well. However Stopzilla tool is imune to this. Do not buy anything File Restore offers because your money will be stolen. Use reputable malware scanner and get rid of File Restore as soon as possible.

Manual File Restore Removal


File Restore registry values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = "Yes"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
Help: How to edit windows registry entries


Other malicious File Restore files:

%CommonAppData%\
%CommonAppData%\.exe
%CommonAppData%\
%CommonAppData%\-
%StartMenu%\Programs\File Restore\
%StartMenu%\Programs\File Restore\File Restore.lnk
%StartMenu%\Programs\File Restore\Uninstall File Restore.lnk
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
%UserProfile%\Desktop\File Restore.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete File Restore, if you are not familiar with deleting malware manually.

Tags:

Trackbacks /
Pingbacks

  1. System Message Write Fault Error removal guide

Leave a Reply