Thursday, February 23, 2012

Remove File Integrity Checker rogue system utility as a generator of endless fake critical errors

File Integrity Checker states it cannot find a memory. It claims hard drive is missing. The program is a puffed-up detector of errors. It is beyond its dignity and technical features to check your PC for errors so that it feeds you with a set of prepared-in-advance errors giving no care to changing at least sequence of their appearance. The aforementioned hard drive related mistake alert would run as follows:
Critical Error
Hard Drive not found. Missing hard drive.
The rogue also delivers the following misleading information titled Critical Error
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
Windows can’t find hard disk space. Hard drive error

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Critical Error
RAM memory usage is critically high. RAM memory failure.
It does not forget reminding of disk space shortage. Such message is familiar to many users as it is a common text of Windows genuine alert that suggests deleting unused entries to free disk space.
Low Disk Space
You are running very low disk space on Local Disk (C:).
The rogue scares its victims further on:
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Naturally the message is all lie as your computer system has definitely not been restarted after error, but the rogue intensively uses the frightful language to get people nervous.
All the above alerts make a background for windows posed as the software menu.
Removal of File Integrity Checker fake alerts, as well as other items of its GUI, is a matter of its components extermination covering both files and registry entries. Remove File Integrity Checker as a fake utility that generates endless strings of deceptive alerts to mislead and annoy users – free scanner available here will complete free memory inspection and proceed to the adware extermination.



Manual removal guide:
Delete infected files:
 %Documents and Settings%\[User Name]\Local Settings\Application Data\[random]
%Documents and Settings%\[User Name]\Local Settings\Application Data\[random].exe
%Documents and Settings%\[User Name]\Local Settings\Application Data\~
%Documents and Settings%\[User Name]\Start Meny\\Programs\Data Recovery\
%Documents and Settings%\[User Name]\Start Menu\Programs\Data Recovery\Data Recovery.link
%Documents and Settings%\[User Name]\Start Menu\\Programs\Data Recovery\Uninstall Data Recovery.lnk
%Documents and Settings%\[User Name]\Desktop\Data Recovery.lnk
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\1
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\2
%Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\3
Delete the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Internet Explorer\Main "Use Formsuggest"='Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCerReving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Association "LowRiskFileTypes" = '/(hq:/s s:/ogn:/dyd:c’u:/bnl:/sdf:/lrh:/iulm:/fhg:/clq:/kqf:/’wh:/lqf:/lqdf:/lnw:/lq2:/12t:/v’w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation"= '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop"= '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"= '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run "[random].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" 


 Rename the remover to "explorer.exe" or try to install from Safe Mode if virus blocks download\installation

No comments: