System Restore malware discussed previously in several of our direct and indirectly related posts has probably become the rogue number one in the present world of cyber PC vulnerability. Regretfully, no one is fully protected against this fake hard drive defragmenter infiltration. The saddest thing is not the very infiltration but the decisions that some people make to purchase it. What a terrible damned day it really is when one decided to support the crooks who elaborated this cyber skunk. Do you know what skunk is? Well, one thing is to know but the other thing is to smell its nasty odor. This is the exact story about System Restore virus. When this parasite infiltrates the computer users finally start realizing what a horrible pest lives inside of their machines. Initially, judging by the results of its malicious activities and system modifications, it might seem that this parasite would make a permanent dwelling in somebody’s computer. However, there are remedies on how to expel it from your PC world. Even such annoying malady tool as this one can be easily eradicated and eliminated by the healing powers of GridinSoft Trojan Killer program. Keep in mind, however, that running Trojan Killer is not enough in the case with System Restore hoax. There are several other additional tools which are mandatory to be run by you. Below please find the list of them.
Programs for successful removal of System Restore malware:
What are the above-mentioned tools about and what are their purposes? Kaspersky TDSS Killer is intended to kill TDSS rootkit which is directly connected to spreading System Restore malware. It is quite possible that after GridinSoft Trojan Killer successfully removes this fake HDD virus the hoax can be resurrected due to TDSS rootkit presence. For this purpose it is highly recommended to run Kaspersky TDSS Killer to have this rootkit removed in order to prevent further spread of the rogue. GridinSoft Unhider is used to help users to see their desktop icons, files and folders back. As you know, their hidden state is caused by SystemRestore rogue program. Finally, GridinSoft Restore helps you to restore your applications relocated by the virus to other temporary folder.
The last but not the least, please keep in mind that the virus we are talking about is regularly updated. This is why it has new versions and modifications nearly every day. It is highly recommended by us that if you experience any problems removing this virus or similar malwares to contact our customer support team, describing your problem in more details. We will do all our best to assist you in such issues.
It is also strongly recommended that you run Kaspersky TDSS Killer after you’ve run GridinSoft Trojan Killer.
GridinSoft Unhider download link:
GridinSoft Restore download link:
System Restore removal video:
System Restore manual removal:
Delete System Restore files:
- %StartMenu%\Programs\System Restore\
- %StartMenu%\Programs\System Restore\System Restore.lnk
- %StartMenu%\Programs\System Restore\Uninstall System Restore.lnk
- %UserProfile%\Desktop\System Restore.lnk
Delete System Restore registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"