Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Saturday, April 28, 2012

How to Remove Data Recovery (Uninstall Guide)

Tell your friends:
(Update: Saturday, April 28, 2012) Data Recovery is scareware masquerading as computer repair and optimization program. It pretends to scan your computer for hard drive, RAM and Windows registry errors and displays fake warnings. None of this is really surprising, or at least it shouldn't because it's a typical scareware. Cyber crooks behind Data Recovery just want to trick as many internet users as possible into paying for bogus computer repair program. This scareware is usually installed by the user when visiting infected/malicious websites or opening infected attachments. Malware authors use social engineering and drive-by downloads to distribute this malicious software too. Once installed, you may be requested to pay to fix supposedly detected critical hard drive errors and RAM failures. Just ignore those fake warnings and notifications about non-existent problems and uninstall Data Recovery from your computer. Of course, it's easier said than done, so to remove this malware from your computer, please follow the removal instructions below.

Data Recovery 2012 GUI:



Old GUI:


When running, Data Recovery will report the following problems on your computer:
  • Hard drive rotational speed decreased by 20%
  • Drive C initializing error
  • Disk drive C:\ is unreadable
  • System files are damaged. System is unstable
  • GPU RAM temperature is critically high
  • The problem may cause errors while loading your operating system
  • RAM memory speed decreased significantly and may cause a system failure
  • and many more...
It detects 14 errors on each infected computer. It doesn't matter whether is a brand new PC or and old laptop. All the errors and warnings are predetermined, so don't get spooked. Data Recovery is more annoying than dangerous, however, there's one this that shouldn't be overlooked. The rogue program hides certain files, usually shortcuts and Desktop icons, and moves other files to Windows %Temp%\smtmp folder.




Do not delete any files from your Temp folder; otherwise you'll have to use Windows CD/DVD to restore your system. Thankfully, you can unhide your files rather easily. Just follow the removal instructions below. It is also worth mentioning that Data Recovery executable drops a rootkit from the TDSS family. If you don't remove the rookit the rogue application will be re-installed.

Fake Data Recovery warnings:
Windows detected a hard disk problem A potential disk failure may coss loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced.

Critical Error RAM memory reliability is extremely low. This problem may cause system failure


Additionally, you can activate the rogue program by entering this registration code 15801587234612645205224631045976 08869246386344953972969146034087and any email as shown in the image below. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.



That's probably the most easiest way to remove Data Recovery malware: enter the code and then run a full system scan with recommended anti-malware software (direct download). You can also remove malicious files manually. One way or another, please follow the steps in the removal guide below. And of you have already purchased this bogus computer repair program, please contact your credit card company immediately and dispute the charges. Next time purchase software from reputable vendors only and keep it up to date. If you need help removing Data Recovery, please leave a comment below or email us. Good luck and be safe online!

Related malware:

Quick removal:

1. Use debugged registration key and fake email to register Data Recovery malware. This will allow you to download and run any malware removal tool you like and restore hidden files and shortcuts. Choose to activate "Data Recovery" manually and enter the following email and activation code:

mail@mail.com
08869246386344953972969146034087 (new code!)

mail@mail.com
1203978628012489708290478989147 (old code, may not work anymore)



2. Download TDSSKiller and run a system scan. Remove found rootkits as shown in the image below. Reboot your computer if required.

3. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.


Alternate Data Recovery removal instructions:

1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.



At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again.



If you still can't see any of your files, Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter explorer and hit Enter or click OK.



2. Open Internet Explorer. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK.

Open Internet Explorer and download TDSSKiller or Backdoor.Tidserv Removal Tool. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller or Backdoor.Tidserv Removal Tool to remove the rootkit.



3. Finally, download recommended anti-malware software (direct download) to remove this virus from your computer.

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Alertane Data Recovery removal instructions:

1. First of all, you need to unhide the files and folders. Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter cmd and hit Enter or click OK.



At the command prompt, enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders. NOTE: you may have to repeat this step because the malware may hide your files again.



2. The rogue application places an icon or your desktop. Right click on the icon, click Properties in the drop-down menu, then click the Shortcut tab.



The location of the malware is in the Target box.



On computers running Windows XP, malware hides in:
C:\Documents and Settings\All Users\Application Data\

NOTE: by default, Application Data folder is hidden. Malware files are hidden as well. To see hidden files and folders, please read Show Hidden Files and Folders in Windows.

Under the Hidden files and folders section, click Show hidden files and folders, and remove the checkmark from the checkbox labeled:

- Hide extensions for known file types
- Hide protected operating system files

Click OK to save the changes. Now you will be able to see all files and folders in the Application Data directory.

On computers running Windows Vista/7, malware hides in:
C:\ProgramData\

3. Look for suspect ".exe" files in the given directories depending on the Windows version you have.

Example Windows XP:
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
C:\Documents and Settings\All Users\Application Data\ixgPHgbBMPf.exe

Example Windows Vista/7:
C:\ProgramData\6DSS92c31Apgjk.exe
C:\ProgramData\ixgPHgbBMPf.exe

Basically, there will be a couple of ".exe" file named with a series of numbers or letters.



Rename those files to 6DSS92c31Apgjk.vir, ixgPHgbBMPf.vir etc. For example:



It should be: C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.vir

Instead of: C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe

4. Restart your computer. The malware should be inactive after the restart.

5. Open Internet Explorer and download TDSSKiller or Backdoor.Tidserv Removal Tool. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.



6. Download recommended anti-malware software (direct download) to remove this virus from your computer

NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.


Associated Data Recovery files and registry values:

Files:

Windows XP:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\Data Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\Data Recovery\
  • %UsersProfile%\Start Menu\Programs\Data Recovery\Data Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk
%AllUsersProfile% refers to: C:\Documents and Settings\All Users
%UserProfile% refers to: C:\Documents and Settings\[User Name]

Windows Vista/7:
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\Data Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\Data Recovery\
  • %UsersProfile%\Start Menu\Programs\Data Recovery\Data Recovery.lnk
  • %UsersProfile%\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk
%AllUsersProfile% refers to: C:\ProgramData
%UserProfile% refers to: C:\Users\[User Name]

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
Share this information with other people:

105 comments:

Anonymous said...

this is really nice. it works!!! thx alot!

Anonymous said...

Just wanted to sincerely thank you for this posting!! You saved my life, I truly appreciate you doing this for us newbies. :)

Tom said...

My thanks as well. I was able to get rid of the malware too. An additional comment to others is that in my case the files in my Temp folder (as described above) were taken from the Start Menu Programs folder from both my personal profile and the All users profile. Hope this helps.

Anonymous said...

I can't connect to the Internet to browse anything. I have disabled the proxy on Firefox, and the wifi saying (local). I'm using Vista. Any suggestions? Thanks!

Anonymous said...

can't connect to the Internet wifi saying 'local' after entering the activation code. i'm using vista. any suggestions? thanks

Anonymous said...

Thanks very much for this post. I couldn't find anything on this -ware because it was so new. I searched for the 6DSS92c31Apgjk.exe on Google and found this. I'll check this blog out more often.
Cheers!

Also, for those that cannot connect to the internet on wi-fi, try plugging into the wireless router, make sure you are connected locally (On the status bar, bottom-right, near the clock, right-click the symbol for the internet connection and click on "Open Network Connections [This is for XP users...sorry Vista, etc. users]) and make sure that your local connection is good).

If you cannot connect, you might want to connect to the internet using another computer. (And if you're trying to use the activation code, I hope someone else can help).

Good luck, all!

Anonymous said...

Hello, a few days ago, I got the Data restore thing on my computer. I followed the alternate removal instructions, and I think it might be gone, but I'm not sure. SuperAntiSpyware didn't find it, so I had to download MalwareBytes and it removed a few trojans, hijackers, and brought all my desktop icons back after restarting.

I'm scared though, because I still see a text document called Data Restore License.txt, and the inactive Data Restore icon on my desktop, quick launch, start menu, and 5 files in the hidden Application Data folder named ~6DSS92c31Apgjk, ~6DSS92c31Apgjkr, 6DSS92c31Apgjk, 6DSS92c31Apgjk.lic, 6DSS92c31Apgjk.vir. Does this mean the program is still there? I'm on XP. Thanks!

Admin said...

Hi,

Just delete those files. They are not malicious and there's no reason why you should keep them. Also, I think you should scan your computer with TDSSKiller. Just Google TDSSKiller. It's a great tool developed by Kaspersky. Good luck!

Anonymous said...

Hi again, I used TDSSKiller as you said to. It found a rootkit and removed it immediately. Thanks so much!

This blog has saved my computer!

Anonymous said...

Thanks. You and your blog helped me! I had a new exe file (bPxedpkqwSG.exe), but I renamed files, run TDSSKiller, MalwareBytes, and my system is back! THANK YOU!

I have to change the screen-resolution, and un-hide the files.

I have a daily updated NOD Internet Security, so I'm very upset! :S

Anonymous said...

Probably a stupid question... but is this something McAfee would pick up?? Total rookie here obviously..

Anonymous said...

Hi,
Thanks alot for the solution.
I have follow all the steps but when i tired to use TDSSKILLER.exe to kill the rootkit, i was prompt with the following:

1 thread found: Locked file, Service: sptd.

If i follow the default action which is skip, i will be prompt with the thread message every i tried to scan the pc.

Can i just delete the file away?

Lastly,i would know whether this malware transmit our data out while our pc is infected?

Thank you very much :)

Anonymous said...

"1 thread found: Locked file, Service: sptd. "
As for this problem , I had the same and I tried to remove it manually(in the section "alternate data recovery removal instruction") and it worked. And then I donwloaded one of the anti-malware software which is mentioned above then I let it scan my computer ,it removed all of the malwares.

Lisa said...

Hi - what do I do when my laptop just shuts off completely part way through a scan?? I am ready to scream. I dl'd the superspyware and renamed it. It shut off again. Now what?? Thanks.

Admin said...

Hi, I think the rogue program came bundled with a rootkit. Please run TDSSKiller by Kaspersky first. If you can't run it in Normal Mode, please reboot your computer in Safe Mode.

Anonymous said...

I just want to say ,thankyou .this scareware really scared me .I tested RAM and spu and I saw that they are ok and I was surperised that from where these scary massage com from .I was lucky that I found this webpage and just by intering activecode my problem has been solved.

Anonymous said...

Thank you!!!!!!! Very clear instructions... saved my laptop for sure.

Samantha said...

Thank you for your clear and long instructions! Unfortunately, I am unable to change the .exe file to .vir so the TDSSKiller will not detect it. Here is a screen shot (I am using Windows Vista): http://s495.photobucket.com/albums/rr318/savvy770/Thanks/?action=view&current=exe.jpg
Is there any way to fix this?
Thank you very much.

Anonymous said...

Thank you so much for this! This is indeed what I have. Unfortunately, I cannot get past the windows screen. It just keeps restarting. What can I do to get past this. It won't start in any mode at all... she is stuck in a restarting loop!! I would appreciate any help with this.

john said...

hello,

I am having trouble getting the files for my start menu back in place. The virus also knocked out the options above the shut down button on the start menu. I am completely new to all of this and I didn't understand this section of your guide:
" %AllUsersProfile%\[SET OF RANDOM CHARACTERS]
%AllUsersProfile%\[SET OF RANDOM CHARACTERS].exe
%UsersProfile%\Desktop\Data Recovery.lnk
%UsersProfile%\Start Menu\Programs\Data Recovery\
%UsersProfile%\Start Menu\Programs\Data Recovery\Data Recovery.lnk
%UsersProfile%\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk
"

john said...

Hello,

I understood and followed the entire review successfully, so thank you very much for this review.
However I do have a lingering question. Very much like Tom on Sept. 17th the virus took all of the program shortcuts and every other executable from the start menu (by this I mean that the folders for the programs are still there but the contents are gone). I cannot figure out how to restore them without uninstalling and reinstalling each program. I checked in the "User\Start Menu\Programs" directory and a lot of program folders are missing or empty, I can only guess that this is the source of my trouble but I still don't know how to fix it.

I really appreciate your help,
John

Admin said...

Please download and run Unhide.exe. Hopefully, it will restore most of your icons and shortcuts.

Download link: http://mcaf.ee/xocqt

john said...

Hello Admin,
You are THE MAN. I cannot thank you enough, that program revealed everything!
All the menu programs have been restored.
Once more, YOU ARE THE MAN!
John

Admin said...

You are welcome :) Happy Halloween!

cam said...

i have this virus too but it made all my icons and programs disappear even in safe mode, i dont know what to do! somebody please help i cant open any programs to download anything.

Admin said...

Cam, download and run Unhide.exe http://mcaf.ee/xocqt

cam said...

thanks alot admin, that program did help restore some icons, hopefully i can start getting it all fixed now.

Anonymous said...

Admin,

To repeat someone above, you are THE MAN.

Thanks for the fixes.

Luke

Anonymous said...

Pretty cool posting. One thing that would be helpful is to describe how to restore those files put into %temp%\smtp.

Anonymous said...

A HUGE THANK YOU FROM AUSTRALIA.

Anonymous said...

THANK YOU SO SO MUCH.
I downloaded the link and got most of my desktop icons back, etc. But not everything.
What exactly do I do after that to make sure everything is gone?
Also, Im still missing the parts of the start menu which say "My Documents" "My Computer" etc. Any help? I have Windows 7 on an HP.

Anonymous said...

Such a helpful blog. Thank you. Not quite there yet but reassuring to know the files are still there, just hidden. Will keep trying to sort...

Anonymous said...

Hello.

Well, I guess it was the Canadian Pharmacy e-mail i received and opened, too ignorant to know what i had done to myself.

I lost all icons on my Desktop, I don't have access to the command prompt, not even with Control +R, nothing is appearing on my Drive C, and there is no Windows key on my laptop. Thus, I can't perform any of the suggestion and solutions being so generously shared here. I did get IE back on my Start Menu, but not Firefox, which I pefer. When I reboot, Yahoo Messenger does open.

Being on a fixed income, I just can't afford to buy any additional software. What can I do? Your help is appreciated. Thank you.

Al

Anonymous said...

This was very helpful! Thanks for the detailed steps

Anonymous said...

THANK YOU THANK YOU THANK YOU!!

Dinesh said...

Hi,

I recovered my file. but still something going wrong.

after i restart the system, its showing error popup
"there was an error creating the microsoft office trusted locations configuration file


error (57) the file "config.xml already exists"

This is coming whenever i start the syste. Please suggest.

why like this type of error coming. Please reply

Anonymous said...

Hi,

I downloaded TDSSKiller from Kaspersky and it did not find anything. Any suggestions?

Anonymous said...

i'm having trouble getting my computer to "run". there is no option in the start menu, and when i type "control + r" nothing happens.

please help me

Anonymous said...

hello.

with your help, my laptop is almost back to normal. however, i still can't get any of my All Programs back. what can i do? thank you so much for your help.

al

Anonymous said...

The rogue application on my computer is targeting C:\ProgramData\HJA5GJaUw6QkE8.exe . Do I follow what it says about the ApplicationData and change the .exe to .vir? and then restart my computer?

Admin said...

Yes, you should. You can leave the same file extension, just rename the file to virus.exe or something like that and restart your PC.

Anonymous said...

Seriously mate, I could kiss you. Thanks for this!

Anonymous said...

THANK YOU SO MUCH

Dinesh said...

Please reply for my previous question am stucking like anything

Anonymous said...

legend thank you.....what is it a virus? it still says hard drive clustered but all my stuff is back
thanks again mate

Admin said...

Dinesh, I really don't know why this is happening to you. Maybe you should call Microsoft or create a new thread on their forum.

Caitlin said...

ran the removal kit then did a scan with my antivirus and got the blue screen, but now windows won't start up (it freezes halfway through then starts back over again on its own) - any ideas to fix this?

Unknown said...

in my case i tried combofix from bleepingcomputer.com and it fixed

gmki8llanyc said...

this have by far been the best tutorial ever! thank you so much for your insight on this issue.

Anonymous said...

May I suggest before doing any of the above try to do SYSTEM RESTORE if possible. I tried to remove it manually but yet couldnt get start menu to show up despite trying unhide.exe. The system restore helped me. Thankfully my system was restored to just a day before so didnt lose much of work. Hope it helps!

Anonymous said...

Can u elaborate the procedures related to registry part. I am not understanding what exactly needsto be done. Thanking in anticipation.

Anonymous said...

Thank you so much!!!!!! I got my main workstation back up and running in about an hour because of your help! Thank you, thank you, thank you!

Anonymous said...

I got the hidden icons to show but I still don't have the Run option. Any clue how to get it back?

Thanks,
Karen

Anonymous said...

Thanks But I took the step where i make the System Fix Malware Virus from .exe to .vir but i cant seem to get any backgrounds working thanks
Im 15 and have learnt alot form your forum it's very easy to understand too. thanks alot for your help.Cheers. Any idea on how to get my backgrounds working again?

Anonymous said...

Hi Thank YOU SO MUCH. Cheers You saved my new pc. Your Guide was easy to understand and mainly it worked. THANKS AGAIN

Anonymous said...

should I be doing this in safe mode? I cant figure it out my computer restarts itself after a while. Also I don't have a data recovery icon just keep getting the pop ups I'm running on vista please help me!

Anonymous said...

You are LIVE SAVER! I had a huge paper I was working on when all of a sudden out of nowhere this virus came through and hid all my desktop icons and program links, etc.. After searching around I stumbled upon your guide, by far the easiest to understand and the most effective! Thank you so much you've saved my paper.

Cheers,

RD

Anonymous said...

IT WORKED !!! THANK YOU! THANK YOU! THANK YOU! YOU ARE MY PATRON SAINT!!!

Anonymous said...

When I try rename the files to .vir, one of the other files turns into an application with the same name. What should I do?

Anonymous said...

I can't choose anything. When I click start everything is gone. When I press ctrl+R nothing happens. I can't do anything.

Anonymous said...

I didn't think I was able to resolve this one, but, I followed directions! Installed TDSSKiller & MalwareBytes in Safe Mode, Click Scan and deleted the files it recommended. Then, started in Normal Mode, notice all shortcuts and desktop icons we're gone. Downloaded Unhide.exe, ran the program and BooM! all icon/shortcuts we're back! Fully Restored! Easy!

Anonymous said...

I downloaded all the files that were on this blog and installed them on my computer. They all worked and my computer is fixed, but the overall style of my computer is different. Not only that, but I can't use the internet, I can't play audio files on my computer, I can only open certain files. What do I do? Don't want to take it to the geek squad because I don't feel like spending $80 to get this fixed. Can you help me?

Thomas said...

omg i hate this...... what if i cant find RUN in the start menu or when i type Ctrl + R it doesnt work how else can i fix it.
it also says to open internet explorer but all my files and programs are gone so how am i suppose to download it.
please help me
thanks in advance

Thomas said...

omg i hate this...... what if i cant find RUN in the start menu or when i type Ctrl + R it doesnt work how else can i fix it.
it also says to open internet explorer but all my files and programs are gone so how am i suppose to download it.
please help me
thanks in advance

Anonymous said...

To get your "RUN", right click " Start", and select "Properties", the " Toolbar and Start Menu Properties " window will pop up.

Uncheck the "Start Menu" and select the " Classic Start Menu". Hope this helps.
Good Luck!

Anonymous said...

I have this same problem. But TDSSkiller does not find anything. Spyware Doctor finds low priority staffs and I did not fix it.

I attrib -h /s /d etc. later remove bad.exe programs, but the virus re-generate another .exe file in c:\programdata

Now I am 4 hrs into it without solution, any other hints I can work on?

Anonymous said...

This is what I did to avoid the virus regeneration ( for Windows XP):
1) ...enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders.
2) Then you will find the rogue application places an " system check" icon on your desktop.
3) Right click on that icon, click "Properties" in the drop-down menu, then click the "Shortcut" tab.
4)in that same window, click the bottom left tab " Find Folders" ( sorry I forgot the exact name). You will get a new window " Application Data"
5) check carefully under this "Application Data" window, you'll find some suspicious .exe files,
6)Rename those files by changing the .exe to .vir
Now, you can restart your computer. The malware should be inactive after the restart.

Hope this helps, Good Luck!

Anonymous said...

This is what I did to inactivate the virus ( Windows XP):
1) ...enter attrib -h /s /d and hit Enter. Now, you should see all your files and folders.
2) Then you will find the rogue application places an " system check" icon on your desktop.
3) Right click on that icon, click "Properties" in the drop-down menu, then click the "Shortcut" tab.
4)in that same window, click the bottom left tab " Find Folders" ( sorry I forgot the exact name). You will get a new window " Application Data"
5) check carefully under this "Application Data" window, you'll find some suspicious .exe files,
6)Rename those files by changing the .exe to .vir
Now, you can restart your computer. The malware should be inactive after the restart.

Hope this helps, Good Luck!

Anonymous said...

Hi, I downloaded TDSS killer, and that seems to have worked, however, all my files and shortcuts are still missing or empty. I have read through all the comments above and tried the link you suggested on a couple of occasions, but my computer security programme will not let me onto the site as it classifies it as 'high risk'. I can't find any of my documents, please help!!

Thanks

Anonymous said...

hi , i have the same problem and installed a trojan killer the problem is that you have to buy it i have no money know so im downloading this software but with killer there is an option to restore the system y mean to recover missing files so just wait for me as soon as i get this fix i will be back to share

Anonymous said...

i dont have a data recovery shorcut button...what do i do? i cant find the shortcuts down at the bottom of the screen.

Anonymous said...

Thanks mate! you are LEGEN.... wait for it.... DARY!!

Anonymous said...

ok i already got it , after removing the virus use the unhide program it might take few atempts as soon as you recover your desktop icons then go on the star buton maybe options might be missing jus press right click , go to properties , then go to restablished settings and there ya go xD sorry for my bad puntuation

Anonymous said...

I am an XP user and have tried to use various viruskiller programs recommended on this blog and others - and some have worked (finding something or other) and some havent had much success working at all.

An IT guy I know went into some part of the windows setting program under properties and changed the setting to unhide - or something to that effect- and it seems to have worked ...to an extent.

The usual evidence of this virus has gone- a) Im only receiving about 3 little bizarre popups that are talking jibberish (not the usual ones that I was receiving when the virus first hit) when I startup b) I can see and use all my programs and files via start menu

BUT- there are still problems a) when I am not using the computer the hard disk is working away so this has me a bit concerned about what is going on- when I disabled my wi-fi connection the hard disk activity diminshed b) internet explorer opens but then stops working immediately and needs to be shut down c) my desktop screen is blank white with no icons or anything

When I search for files under C/Docs& Settings/All Users/Application Data ...I do not have any file root tags showing so can not tell if they are .exe files are not, but have the following files that were created about the same time as the virus hit:
~y66CwQgJLbjJQP
~y66CwQgJLbjJQPr
y66CwQgJLbjJQP
Can any one tell me if these are definitely no virus files OR if I can delete them without harm?

I dont think I have finished with this thing yet so any comments you can provide would be helpful

Anonymous said...

I found a 'System Check' file and a 'Startup' file under C; Docs & settings/ UserName/ Start Menu/ Programs.... Could these be virus files? Under 'properties' they both show the same creation times as when the virus hit me.

toshiba_satt said...

Hi, i did all that was said and after i restart its prompting me to insert my windows instal. disc...? please help

Anonymous said...

Hi. Once I've gotten to the properties and try and change the .exe to .vir it says that the name is not correct, and to check the path. HELP please!

Anonymous said...

Thank you so much!!! :)

Edmond said...

Thank you so much!! I almost engage someone to re-store it for me!

Rafael said...

My System Check do not disapears at all.
The TDSSKillir dosen´t found any ifected file?? why??
Im trying everything, but not suceed yet.
I need help, thanks.

Anonymous said...

wish i had seen this before i reinstalled =(

Anonymous said...

Thank you so much!! so grateful!!

Anonymous said...

Thank You So Much!!! just saved my sister's laptop!! =]]... its like 02.36 am right now...

Ailawishes said...

This really worked..thank you. I was getting ready to purchase it or go pay best buy to fix it.

Anonymous said...

this really saved me a lot today...i was panicking seeing the error...ur site is very useful.keep up the great and good work...god bless!

xcaliburs said...

just a quick one for anyone want to try an alternative resolution.

Restart your computer then Press F8 key and then select Safe Mode... let it run

Then, run 'restore' restore options will be listed based on dates - then select your desired restore option - then wait till the process finish.

please note: am running windows 7, after I restored my system it come back to normal except that some files (not really important) has been deleted.

before opening any browsers in my computer i have to do Windows update specially the Security Essentials.

Good luck!

Anonymous said...

I just got hit by this thing hours before an exam was due. Broke into a sweat before I found this page. You saved my life. Thank you.

Anonymous said...

Just removed (I think) from a friend's computer. Still don't have icons on desktop, do have a desktop on the tray that has all the icons listed. Will work on that Monday.

The lnk file was name data_recovery.lnk rather than data recovery.lnk.

Anonymous said...

Awesome - Good work.

Just got hit at work and about to hit the boss up for the money!

Still going through the scan and removing the hidden attributes etc.

Well done.

Gaurav India said...

Thank its work ... thanks for your help really appriciate it ...
You rock !!!!

Anonymous said...

What if you did delete all those files in the TEMP folder?

Anonymous said...

I would honestly kill one of these SOB's for all the time I've lost to crapware like this over the years. I do desktop IT support for my company and regardless of the AV product we use inevitably these things get in anyways.

Anonymous said...

I discovered after quite a bit of frustration that if you can download the Unhide.exe program onto a flash drive in a folder and then insert it into one of your USB ports, you will get the OPEN WITH "box" to come up. You can then go to open the folder at the bottom of the list, click on it and when it opens, click on the unhide.exe program. it takes a bit, but be patient. It will unhide all of your desktop icons so you can go do a system restore. Just make sure you don't restore it on the day you had the malware show up or you will be back to square one. I know..I got a bit hasty and did just that accidently.

Anonymous said...

Thank's a lot! It works with "run" command. My AV software captured the malware files in the quarantine, so my job was to run "attrib -h /s /d" on all my disc drives and all returned to normal.

Anonymous said...

Another grateful person!!! Thank you!! Happy to see these obnoxious creators of these time wasters don't get their extorted money.

Anonymous said...

this is great help thank you for posting it

ameet said...

thanks very much.. you did a wonderful job you just saved my 100 dollars :) many blessings for u

Anonymous said...

So, should I delete the Associated Data Recovery files and registry values?

andy wooler said...

This has been incredibly helpful -thank you so much!
I have one residual problem in that I now have directories (including documents and settings) that are locked - I have admin rights but stillcan't resolve that -any ideas?

Anonymous said...

Mine says that he can't get acces to: C:\Users\GEBRUI~1\AppData\Local\Temp\DataRecovery_RERPAIR.exe

Anonymous said...

the new code dosent work for me it says "The code is invalid. Please, contact the support survice" please help and i have windows 7

Anonymous said...

With the help of this amazing Genuine website i was able to save my computer. Thank you very much :)

Anonymous said...

I tried removing this and after running a malwarebytes scan and running a viurs scan, the computer restarted and now will not boot past the HP splash screen.
I removed the hard drive and connected it to another machine and am able to see the contents of the drive. The only problem is ALL of my documents are missing from the documents folder. Pictures in the desktop folder are still there however. PLEASE HELP!!!!!

raniel said...

DO I HAVE TO GET A LICENSE FOR THE PC TOLLS SPYWARE DOCTOR??@?!?! IN YOUR INSTRUCTIONS ITS THE LAST STEP TO REMOVE THE MALWARE BUT ITS THE SPYWARE DOCTOR IS ASKING ME FOR A LICENSE!?!?!?

Anonymous said...

Use Malewarebytes it did the trick.