Friday, May 20, 2011

Remove Windows 7 Recovery bad optimizer

WinHDD malware clones are now version specific. Windows 7 Recovery (Win 7 Recovery) is one of such malicious tools.
However, the only essential program interface changes of a Windows version specific fake system optimizers is integration of stolen Windows logos and modifying the aware popups to make them similar to Windows notifications.   
Get rid of Windows 7 Recovery, for the program is but another fake system defragmenter. A fake system defragmenter is a software product usually obtained by means of modification of System Defragmenter fake system optimizer.
Obscure and tricky methods are widely applied to spread copies of the parasite among computer users. It is important to perform a good time Windows 7 Recovery removal, because the pretended system optimizer badly deteriorates computer systems. Click here to proceed to free scan and fake system defragmenting tool eradication.

Windows 7 Recovery screenshot:


Windows 7 Recovery remover:

Windows 7 Recovery manual removal guide:
Delete infected files:
%AllUsersProfile%\~
%AllUsersProfile%\~r
%AllUsersProfile%\.dll
%AllUsersProfile%\.exe
%AllUsersProfile%\
%AllUsersProfile%\.exe
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk
%UserProfile%\Desktop\Windows 7 Recovery.lnk
Delete infected registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'


1 comment:

Anonymous said...

Does Download_7.0.0.538f-sdasetup-regnow201-AVP.exe remove "Windows 7 Recovery" SpyWare?