System Restore virus removal tool. How to download

andy | November 14, 2011

System Restore malware keeps attacking so many PCs all over the world. Being first noticed back in April of 2011, it has been modified this fall slightly. So, now it has a totally new interface, different color scheme, etc. But all these amendments did not really improve it. It remains the useless and fake HDD which is aimed to ruin your system and make you pay for its unreal services. Believe us, this program would not help you at all, no matter how convincing it might sound to you. This is the scam program not able to improve your PC. So, disregards all the fake security notices, warnings and notifications presented by this rogue and remove System Restore hoax as clearly shown in the guidelines provided below.

System Restore virus

System Restore virus

System Restore virus has been recently tested on our test computer. It has come to our attention that this malware has been slightly modified recently, but this minor amendment did its job – users now do not know how exactly to download and install the program which would help them get rid of this spyware tool. The point is that now System Restore fake HDD application hides all the icons, shortcuts, files, folders and programs in the Start menu, leaving nothing but the folder and the icon of System Restore malware at the desktop and in the “Program Files” section. Nothing else is visible except for the files having to do with this malware. The desktop of the computer infected with this rogue is also totally clear, gone and missing (as some users say). So, you do not see any icons on it, the desktop is black as it can be.

Before the modification of this malware took place at least users were able to see the icon “My Computer” at the desktop and in the Start menu. From now on, this malady concoction hides even this shortcut. The point is that before the amendment occurred, by clicking this shortcut, that is “My Computer”, users were able to open Windows Explorer and insert the link for download of some particular anti-virus program into the address field (this is exactly what we recommended them in our video guides). Today, when System Restore rogue attacks the computer, users cannot see “My Computer” icon at their desktop, so they are in despair, not being able to download any particular anti-virus or to run the already available and installed anti-malware program. In order to open “My Computer” we have one piece of advice to share with you. Please press “Windows” key on your keyboard, hold it and then hit and release “E” key. The screenshot clearly shows where these 2 buttons are located. This would open “My Computer”, giving you a chance to download the antivirus of your choice to remove System Restore infection. Please carefully follow the removal guide telling you how exactly to delete this hoax from your computer. The guide will also instruct you on how to restore your files, folders, icons and shortcuts after malware activities on your system.


It is also strongly recommended that you run Kaspersky TDSS Killer after you’ve run GridinSoft Trojan Killer.

GridinSoft Unhider download link:
www.trojan-killer.net/download/unhider.exe

GridinSoft Restore download link:
www.trojan-killer.net/download/restore.exe

System Restore removal video:

System Restore manual removal:

Delete System Restore files:

  • %LocalAppData%
  • %LocalAppData%.exe
  • %LocalAppData%~
  • %LocalAppData%~
  • %StartMenu%ProgramsSystem Restore
  • %StartMenu%ProgramsSystem RestoreSystem Restore.lnk
  • %StartMenu%ProgramsSystem RestoreUninstall System Restore.lnk
  • %Temp%smtmp
  • %Temp%smtmp1
  • %Temp%smtmp1
  • %Temp%smtmp2
  • %Temp%smtmp3
  • %Temp%smtmp4
  • %UserProfile%DesktopSystem Restore.lnk


Delete System Restore registry entries:

  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain "Use FormSuggest" = 'Yes'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "CertificateRevocation" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings "WarnonBadCertRecving" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop "NoChangingWallPaper" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations "LowRiskFileTypes" =
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer "NoDesktop" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ".exe"
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun ""
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "Hidden" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced "ShowSuperHidden" = '0'
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerComDlg32LastVisitedMRU "MRUList"

1 Comment

  1. Jenny says:

    …simply brilliant..3 other security systems couldn’t detect,never mind remove this damn trojan…Trojan-Killer did it in minutes.Yippee!

2 Trackbacks

Leave a comment

*