Christian Mairoll 227 Report post Posted September 15, 2011 The Emsisoft malware research team has discovered a new outbreak of the Data Recovery adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DataRecovery. Data Recovery is a rogue application, another variant of System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AllUsersProfiles%Application Data~%random%r %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random% %AllUsersProfiles%Application Data~%random% %UserProfile%DesktopData Recovery.lnk %UserProfile%Local SettingsTempsmtmp %UserProfile%Local SettingsTempsmtmp1 %UserProfile%Local SettingsTempsmtmp2 %UserProfile%Local SettingsTempsmtmp4 %UserProfile%Start MenuProgramsData Recovery %UserProfile%Start MenuProgramsData RecoveryData Recovery.lnk %UserProfile%Start MenuProgramsData RecoveryUninstall Data Recovery.lnk Create/modify registry entries: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemDisableTaskMgr: 0×00000001HKEY_CURRENT_USERSoftware75fa38b7-8b94-4995-ad32-52e938867954:BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainUse FormSuggest: “Yes”HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnonBadCertRecving: 0×00000000CertificateRevocation: 0×00000000HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktopNoChangingWallPaper: 0×00000001HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop: 0×00000001HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociationsLowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;”HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachmentsSaveZoneInformation: 0×00000001HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun%random%: “%AllUsersProfile%Application Data%random%.exe”HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownloadCheckExeSignatures: “no”HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedHidden: 0×00000000HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedShowSuperHidden: 0×00000000Screenshots: How to remove the infection of Data Recovery (Adware.Win32.DataRecovery)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: System Recovery Adware Removal Instructions PC Repair Adware Removal Instructions Master Utilities Adware Removal Instructions HDD Repair Adware Removal Instructions System Repair Adware Removal Instructions View the full article Quote Share this post Link to post Share on other sites
RedHammer 2 Report post Posted September 18, 2011 Activation Keys to help make removable a little easier. Data Recovery, HDD Repair, & System Repair E-mail: you can type anything you want here Key: 8475082234984902023718742058948 Master Utilities E-mail: you can type anything you want here Key: 1203978628012489708290478989147 Quote Share this post Link to post Share on other sites
Christian Mairoll 227 Report post Posted September 18, 2011 Thanks RedHammer, we'll add that information to the blog article too. Quote Share this post Link to post Share on other sites
