Stay away from Data Recovery virus

Data Recovery is fresh version of fake defragmenters that resurfaced with new skin. This program should be removed at once because it won’t do anything good but scare you about various pc problems. The Data Recovery defragmenter installs from attachments in spam messages and comes with other parasites. It will hide your files and folders, stop programs from running and mess up your PC.
Each time you boot your PC you will see tons of S.M.A.R.T. Data Recovery popups. If you click on one of these, your PC will start a “scan” which will show forged messages about hardware problems that should be fixed. The scan is imitation only. Data Recovery cannot detect ANYTHING for real. Everything it shows is a bunch of lies and you should delete it from your PC.
You might wonder why your antivirus has not detected this scam. Data Recovery installs with specific parasite that blocks execution of legitimate removal programs thus it is quite difficult to remove it with antivirus installed on PC. In most cases you will need another anti-malware program or remove it manually.
For the full removal instructions visit the Data recovery virus removal guide on 2-viruses.com


Fake information presented by Data recovery malware:

  • Hard drive rotational speed decreased by 20%
  • Drive C initializing error
  • Disk drive C:\ is unreadable
  • System files are damaged. System is unstable.
  • GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system failure
  • The problem may cause errors while loading your operation system
  • RAM memory speed decreased significantly and may cause a system failure
  • Hard drive does not correspond to system requests
  • Damaged hard drive clusters detected. Private data is at risk. Restore is required
  • C:\System32\drivers is damaged. This problem may cause a system failure
  • Hard drive rotational speed exceeds system limits and may cause a system failure
  • Boot sector of the hard drive is damaged
  • Hard drive space less than technical limits
  • RAM Memory temperature is 83

The following fake error messages normally popup in the right-bottom part of user’s desktop. No doubt, they all should also be disregarded by you.

  • Critical Error!
    HDD clusters are partly damaged. Segment load failure
  • Critical Error!
    Windows OS can’t detect a free hard disk space. HDD error
  • Critical Error!
    Damaged hard drive clusters detected. Private data is at risk.
  • Critical Error!
    Hard Drive not found. Missing hard drive.
  • Critical Error!
    RAM memory usage is critically high. RAM memory failure.
  • Critical Error!
    Windows can’t find hard disk space. Hard drive error
  • Critical Error!
    Windows was unable to save all the data for the file \System32\496A8312. The data has been lost. This error may be caused by a failure of your computer hardware.
  • Critical Error!
    A critical error has occurred while indexing data stored on hard drive. System restart required.
  • System Restore
    The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
  • Activation Reminder

    Data Recovery Activation
    Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

  • Low Disk Space
    You are running very low disk space on Local Disk (C:).
  • Windows – No Disk
    Exception Processing Message 0x0000013

Data Recovery system amendments:

Data Recovery files added:

  • %CommonAppData%\[random].exe
  • %AppData%\Microsoft\Internet Explorer\Quick Launch\Data recovery.lnk
  • %Desktop%\Data recovery.lnk
  • %StartMenu%\Programs\Data recovery\
  • %StartMenu%\Programs\Data recovery\Data recovery.lnk
  • %StartMenu%\Programs\Data recovery\Uninstall Data recovery.lnk
  • %Temp%\smtmp\
  • %Temp%\smtmp\1
  • %Temp%\smtmp\1
  • %Temp%\smtmp\2
  • %Temp%\smtmp\3
  • %Temp%\smtmp\4

Data Recovery registry entries added:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’

Leave a Reply

Your email address will not be published. Required fields are marked *