Data Recovery is fresh version of fake defragmenters that resurfaced with new skin. This program should be removed at once because it won’t do anything good but scare you about various pc problems. The Data Recovery defragmenter installs from attachments in spam messages and comes with other parasites. It will hide your files and folders, stop programs from running and mess up your PC.
Each time you boot your PC you will see tons of S.M.A.R.T. Data Recovery popups. If you click on one of these, your PC will start a “scan” which will show forged messages about hardware problems that should be fixed. The scan is imitation only. Data Recovery cannot detect ANYTHING for real. Everything it shows is a bunch of lies and you should delete it from your PC.
You might wonder why your antivirus has not detected this scam. Data Recovery installs with specific parasite that blocks execution of legitimate removal programs thus it is quite difficult to remove it with antivirus installed on PC. In most cases you will need another anti-malware program or remove it manually.
For the full removal instructions visit the Data recovery virus removal guide on 2-viruses.com

Fake information presented by Data recovery malware:

• Hard drive rotational speed decreased by 20%
• Drive C initializing error
• Disk drive C:\ is unreadable
• System files are damaged. System is unstable.
• GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
• The problem may cause errors while loading your operation system
• RAM memory speed decreased significantly and may cause a system failure
• Hard drive does not correspond to system requests
• Damaged hard drive clusters detected. Private data is at risk. Restore is required
• C:\System32\drivers is damaged. This problem may cause a system failure
• Hard drive rotational speed exceeds system limits and may cause a system failure
• Boot sector of the hard drive is damaged
• Hard drive space less than technical limits
• RAM Memory temperature is 83

The following fake error messages normally popup in the right-bottom part of user’s desktop. No doubt, they all should also be disregarded by you.

• Critical Error!
  HDD clusters are partly damaged. Segment load failure
• Critical Error!
  Windows OS can’t detect a free hard disk space. HDD error
• Critical Error!
  Damaged hard drive clusters detected. Private data is at risk.
• Critical Error!
  Hard Drive not found. Missing hard drive.
• Critical Error!
  RAM memory usage is critically high. RAM memory failure.
• Critical Error!
  Windows can’t find hard disk space. Hard drive error
• Critical Error!
  Windows was unable to save all the data for the file \System32\496A8312. The data has been lost. This error may be caused by a failure of your computer hardware.
• Critical Error!
  A critical error has occurred while indexing data stored on hard drive. System restart required.
• System Restore
  The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
• Activation Reminder

  Data Recovery Activation
  Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

• Low Disk Space
  You are running very low disk space on Local Disk (C:).
• Windows – No Disk
  Exception Processing Message 0×0000013

Data Recovery system amendments:

Data Recovery files added:

• %CommonAppData%\[random].exe
• %AppData%\Microsoft\Internet Explorer\Quick Launch\Data recovery.lnk
• %Desktop%\Data recovery.lnk
• %StartMenu%\Programs\Data recovery\
• %StartMenu%\Programs\Data recovery\Data recovery.lnk
• %StartMenu%\Programs\Data recovery\Uninstall Data recovery.lnk
• %Temp%\smtmp\
• %Temp%\smtmp\1
• %Temp%\smtmp\1
• %Temp%\smtmp\2
• %Temp%\smtmp\3
• %Temp%\smtmp\4

Data Recovery registry entries added:

• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′

Another example of fake anti-viruses today has the new name – Windows Foolproof Protector. It appeared about several hours ago, but it has already infected quite many computers around the globe. Surely, users must be aware of this scam, but, regretfully, some have already mistakenly effected the payment for this malicious application.

Continue reading →

It has become quite typical for the malwares of the latest period of time to change their names once a day. So, meet Windows Component Protector – a new name in the huge family of similar rogue anti-spyware tools. Surely, you must be warned of this scam lest you put your trust into it. This is the goal of the scam – to persuade you in its supposedly decent intentions and later on to convince you to effect the payment for its useless and helpless license. So, be careful if you see this malicious application in front of your computer. If you aren’t aware of this hoax the chances are that you will fall into the trickery prepared by the online fraudsters. So, keep reading the story on this fake anti-virus program and the ways it can be deleted from your infected system.

Continue reading →

Windows Cleaning Tools malware appeared just a few hours ago today, having already infected many PCs in various parts of the world. So, it is important to have a clear understanding about this rogue application because the chances are that it might attack your computer as well. Nobody can be 100% confident that his/her PC will not escape the impact of the malware attacks that has to do with this junkware tool. So, you must be on guard lest you actually put your trust into this hoax.

Continue reading →

The very fact of Windows Shielding Utility badware’s unauthorized installation onto your system is the evidence of a serious gap in the security of your system. This means that you need to reconsider your already installed AV software and probably switch to another anti-spyware application that would be more powerful to resist the attacks of the most severe contemporary malwares.

Continue reading →

You never know when to expect Windows Warding System badware to attack your PC. Being a rogue anti-spyware tool, this online pest surely knows no barriers for entry into your computer. With this information becoming quite clear we face the challenge of removal of this Trojan horse from the infected system. No doubt, the very elimination must be effective and complete. Otherwise the malicious roots of this pest may bring other infections into your system.

Continue reading →