System Restore

October 10th, 2011
Home » Rogue Antispyware » System Restore
Repair and protect your computer easily. Download System Restore removal tool  

System Restore description

System Restore is a dubious application. The main purpose of the rogue is to gain user to buy its fake registered version. The application usually is promoted on deceptive websites. They provide mass of information about supposed legitimacy of the program.

Malware spreads via trojan which enters the system through its vulnerabilities. Trojan makes a perfect background for the parasite to sneak in. once installed System Restore starts its imitations of computer scan and displays numerous pop-ups that state about PC’s infections. For example:

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
Hard Drive not found. Missing hard drive.

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can’t find hard disk space. Hard drive error

Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Activation Reminder
System Restore Activation

Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

Low Disk Space
You are running very low disk space on Local Disk (C:).

Windows – No Disk
Exception Processing Message 0×0000013

Critical Error
Hard drive clusters are partly damaged. Segment load failure.

Malware will definitely offer to purchase illegal version of the tool which in fact is incapable to remove security threats. This is a scam and all information it shows should be ignored. You have to use decent malware remover and delete System Restore immediately.

Manual System Restore Removal


System Restore registry values:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
Help: How to edit windows registry entries


Other malicious System Restore files:

%LocalAppData%\
%LocalAppData%\.exe
%LocalAppData%\~
%LocalAppData%\~
%StartMenu%\Programs\System Restore\
%StartMenu%\Programs\System Restore\System Restore.lnk
%StartMenu%\Programs\System Restore\Uninstall System Restore.lnk
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4
%UserProfile%\Desktop\System Restore.lnk

The manual removal of files and registries should be performed by experienced users. A system can be badly affected if any error is done during the manual removal. We recommend using automatic removal tools to delete System Restore, if you are not familiar with deleting malware manually.

Leave a Reply