Jump to content

Data Restore Adware Removal Instructions


Recommended Posts

The Emsisoft malware research team has discovered a new outbreak of the Data Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.DataRestore.

Data Restore is a rogue application, another variant of Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase.

Create new files:

  • %AllUsersProfiles%Application Data~%random%r
  • %AllUsersProfiles%Application Data%random%.exe
  • %AllUsersProfiles%Application Data%random%.exe
  • %AllUsersProfiles%Application Data%random%
  • %AllUsersProfiles%Application Data~%random%
  • %UserProfile%DesktopData Restore.lnk
  • %UserProfile%Local SettingsTempsmtmp
  • %UserProfile%Local SettingsTempsmtmp1
  • %UserProfile%Local SettingsTempsmtmp2
  • %UserProfile%Local SettingsTempsmtmp4
  • %UserProfile%Start MenuProgramsData Restore
  • %UserProfile%Start MenuProgramsData RestoreData Restore.lnk
  • %UserProfile%Start MenuProgramsData RestoreUninstall Data Restore.lnk

Create/modify registry entries:

  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
    DisableTaskMgr: 0×00000001
  • HKEY_CURRENT_USERSoftware
    75fa38b7-8b94-4995-ad32-52e938867954:
    BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00…
  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain
    Use FormSuggest: “Yes”
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings
    WarnonBadCertRecving: 0×00000000
    CertificateRevocation: 0×00000000
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop
    NoChangingWallPaper: 0×00000001
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
    NoDesktop: 0×00000001
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations
    LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;
    .mp3;.m3u;.wav;.scr;”
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments
    SaveZoneInformation: 0×00000001
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
    %random%: “%AllUsersProfile%Application Data%random%.exe”
  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload
    CheckExeSignatures: “no”
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
    Hidden: 0×00000000
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
    ShowSuperHidden: 0×00000000

Screenshots:

Adware.Win32.DataRestore

Adware.Win32.DataRestore

Adware.Win32.DataRestore

To register and uninstall this rogue application, you can try one of the following serial number, and enter any email:

12039786280124897082904789891478475082234984902023718742058948

How to remove the infection of Data Restore (Adware.Win32.DataRestore)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.



View the full article
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...