Christian Mairoll Posted October 3, 2011 Report Share Posted October 3, 2011 The Emsisoft malware research team has discovered a new outbreak of the Data Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DataRestore. Data Restore is a rogue application, another variant of Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AllUsersProfiles%Application Data~%random%r %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random% %AllUsersProfiles%Application Data~%random% %UserProfile%DesktopData Restore.lnk %UserProfile%Local SettingsTempsmtmp %UserProfile%Local SettingsTempsmtmp1 %UserProfile%Local SettingsTempsmtmp2 %UserProfile%Local SettingsTempsmtmp4 %UserProfile%Start MenuProgramsData Restore %UserProfile%Start MenuProgramsData RestoreData Restore.lnk %UserProfile%Start MenuProgramsData RestoreUninstall Data Restore.lnk Create/modify registry entries: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemDisableTaskMgr: 0×00000001 HKEY_CURRENT_USERSoftware75fa38b7-8b94-4995-ad32-52e938867954:BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00… HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainUse FormSuggest: “Yes” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsWarnonBadCertRecving: 0×00000000CertificateRevocation: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktopNoChangingWallPaper: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociationsLowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachmentsSaveZoneInformation: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun%random%: “%AllUsersProfile%Application Data%random%.exe” HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownloadCheckExeSignatures: “no” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedHidden: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedShowSuperHidden: 0×00000000 Screenshots: To register and uninstall this rogue application, you can try one of the following serial number, and enter any email: 12039786280124897082904789891478475082234984902023718742058948 How to remove the infection of Data Restore (Adware.Win32.DataRestore)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Data Recovery Adware Removal Instructions System Recovery Adware Removal Instructions PC Repair Adware Removal Instructions Master Utilities Adware Removal Instructions HDD Repair Adware Removal Instructions View the full article Link to comment Share on other sites More sharing options...
Recommended Posts