New version of Windows Recovery scam application has been released. How to uninstall Windows Recovery fake system defragmenter

1 Star2 Stars3 Stars4 Stars5 Stars (74 votes, average: 5.00 out of 5)
loadingLoading...

The purpose of this brief post is to draw your attention to the fact that Windows Recovery virus has been lately modified up to the new version. This explains the fact that certain decent anti-virus programs are not able to entirely delete Windows Recovery scam. They indeed get rid of most of key virus files, at the same time, some virus files and registry entries are still available inside of the attacked system. This is why your desktop could be entirely missing (or having black or blank background) and totally idle (you will not be able to change its settings or view your normal icons located on it).


WindowsRecovery virus
Windows Recovery virus

We were able to test the latest version of Windows Recovery malware. The databases of GridinSoft Trojan Killer have been recently updated by us. If your computer has been infected then you may now download and install GridinSoft Trojan Killer and repair your system. However, below please find some extra guidelines showing additional steps that should be accomplished by you if you want your system completely recovered (in the good sense of this word) after Windows Recovery virus attack.

In order to fix missing and empty desktop issue you may undertake the following (optional) steps:

  • Either create new user account of your PC and copy all setting of previous user account to your new user account. With new user account you will be able to renew the normal mode of your desktop, or
  • Download and install the program from this site http://confignt.ixbt.com/download/confignt.zip
    Launch it, go to “Explorer” tab, in the “Desktop” section check the box “Desktop elements displayed (enabled by default)”. Click “OK” button. Afterwards please restart your machine. The issue of missing desktop will no longer be present on your PC.

If you have any further questions or problems please do not hesitate to contact us at any time.

Windows Recovery automatic remover:

1. Download the latest version of GridinSoft Trojan Killer to clear (not infected) computer and install it.

2. Update the virus database.
3. Copy the entire folder “GridinSoft Trojan Killer” to your jump drive (memory stick). Normally it is located at the following path: (C:\Program Files\GridinSoft Trojan Killer). “C” stands for the system disk of your computer. The name of the system disk, however, can be marked with another letter.
4. Open your jump drive (memory stick). Find the folder “GridinSoft Trojan Killer” there. Open it , find the file under the name “trojankiller.exe” and rename it to “iexplore.exe”.
5. Move memory stick to infected PC, open “GridinSoft Trojan Killer” folder and run iexplore.exe. Optional: copy the folder “GridinSoft Trojan Killer” from your jump drive to some other folder created on your PC and run “iexplore.exe”.

The procedure of removal of Windows Recovery virus with GridinSoft Trojan Killer is shown at this video:

Windows Recovery manual removal guide:

Delete Windows Recovery files:
%TempDir%\[random]
%TempDir%\[random].exe
%TempDir%\dfrg
%TempDir%\dfrgr
%Desktop%\Windows Recovery.lnk
%Programs%\Windows Recovery
%Programs%\Windows Recovery\Windows Recovery.lnk

Delete Windows Recovery registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”

3 thoughts on “New version of Windows Recovery scam application has been released. How to uninstall Windows Recovery fake system defragmenter

  1. I was unable to check the Desktop elements displayed (enabled by default) It would not accept the check. Any suggestions?

  2. Ok! Sono riuscito a rimuoverlo da solo, senza l’uso di software; ma come faccio a ripristinare la funzione “ripristino configurazione di sistema”?

    Ah, per chinon lo sapesse: le cartelle non sono vuote, perché i files sono semplicemente nascosti.

Leave a Comment

*