1 of 4
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Installs itself without permissions
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
WindowsVistaRecovery

Windows Vista Recovery

If you thought you made a solid investment in the proper functioning of your system, you may be surprised to learn that although it may seem like a legitimate application, Windows Vista Recovery is indeed a rogue defragger. This fake system optimization tool was designed trick users into thinking there are multiple issues with their systems, when in fact there are none, aside from being infected with Windows Vista Recovery.

This rogue will enter your system surreptitiously, and will not alert you to its presence until it is ready to start its attack against the system. Because of this, the user might find it difficult to detect and remove Windows Vista Recovery from the system. Making use of established forms of infection, Windows Vista Recovery will exploit any and all system and browser weaknesses and susceptibilities to gain access to its prospective victim’s system. These tactics could include using browser hijacking websites and rubbish online malware scanners.

Download Spyware Removal Tool to Remove* Windows Vista Recovery
  • Quick & tested solution for Windows Vista Recovery removal.
  • 100% Free Scan for Windows

The Windows Vista Recovery application will be configured to start up automatically each time Windows boots up. The graphical user interfaces appear quite legitimate, and lists various headings designed to convince the user that the application is authentic. Some of these headings include “Computer hard drives”, “RAM Memory”, “Settings & Options”, “System Health” and “Proactive Protection” which claims to offer proactive RAM, HDD and system protection. Of course everything Windows Vista Recovery does is in an attempt to trick the user into thinking it is a legitimate program, and get him to part with his money. Users are urged never to trust any correspondence received from Windows Vista Recovery.

One of the main symptoms associated with this rogue is its ability to hide all of your folders’ contents. This is again another trick used by Windows Vista Recovery to convince you that your PC is running less than optimally. When opening C:\Windows\System32\ or any other similar drive letters, instead of seeing the normal contents of this folder the rogue will make it so that you will see another folder’s contents, or make it seem like the folder is altogether empty. This is done by adding the +H attribute to all of the files which will cause it to become hidden. Average users are unaware of how this clever trick plays out, and is inclined to believe Windows Vista Recovery’s genuine looking bogus notifications. It will also proceed to change the system’s settings to bar you from viewing hidden and system files.

What is more, this rogue will prevent users from executing any program on the system. Should the user attempt to launch any type of executable, Windows Vista Recovery will terminate it and declare that the application or hard drive is corrupted, and cannot execute. This is done in an effort to prevent the user from running an antispyware application which could quickly detect and destroy Windows Vista Recovery from the system.

Some of the messages users will receive when attempting to run a program includes these:

The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

Download Spyware Removal Tool to Remove* Windows Vista Recovery
  • Quick & tested solution for Windows Vista Recovery removal.
  • 100% Free Scan for Windows

and

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

and

Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.

Once the user closes the above alerts, another falsely generated alert will immediately pop up which states that it will attempt to fix the hard drive:

Fix Disk
Windows Vista Recovery Diagnostics will scan the system to identify performance problems.
Start or Cancel

If the user presses start, Windows Vista Recovery will emulate a system scan, and then report that there is something wrong with the system. This message reads:

Windows Vista Recovery Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?

Download Spyware Removal Tool to Remove* Windows Vista Recovery
  • Quick & tested solution for Windows Vista Recovery removal.
  • 100% Free Scan for Windows

It is worth noting all the spelling and grammatical errors contained in Windows Vista Recovery’s fake alerts, as this is another sign that the application is utterly bogus. Some other nonsensical fake alerts generated by Windows Vista Recovery include:

Critical Error
Hard Drive not found. Missing hard drive.

The above fake notification claims that the PC’s hard drive is actually missing. If this was true, Windows would not be able to operate at all. This is only one example of Windows Vista Recovery’s fakeness. Another is a claim that the RAM memory has failed.

The following fake alert claims that the system's RAM memory has failed:

Critical Error
RAM memory usage is critically high. RAM memory failure.

This is impossible. If true, then this would mean that no application, process or OS would be running, yet Windows Vista Recovery is able to run. This is only one of rubbish fake alerts used by Windows Vista Recovery. Another is

Critical Error
Windows can't find hard disk space. Hard drive error

Firstly the term 'hard disk space' is not a validly used term, and secondly Windows will not be able to run and operate should the above be true. This is yet another indication that you are dealing with a bogus application.

Other fake alerts include:

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Download Spyware Removal Tool to Remove* Windows Vista Recovery
  • Quick & tested solution for Windows Vista Recovery removal.
  • 100% Free Scan for Windows

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Activation Reminder
Windows Vista Recovery Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

Low Disk Space
You are running very low disk space on Local Disk (C:).

Windows - No Disk
Exception Processing Message 0x0000013

When all is said and done, Windows Vista Recovery is nothing more than a malicious rogue application out to swindle you out of your money. It does not have the ability to live up to any of its over embellished promises, and will not benefit your PC in the least. You can manually remove Windows Vista Recovery by rebooting your PC in Safe Mode with Networking, but this is only recommended if you are experienced in doing so. If not, it is much safer to invest in a genuine security application which will not only annihilate Windows Vista Recovery from your PC for good, but protect it against similar future attacks.

Download Spyware Removal Tool to Remove* Windows Vista Recovery
  • Quick & tested solution for Windows Vista Recovery removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Windows Vista Recovery

Files associated with infection (Windows Vista Recovery) (Win7, Vista):

%UserProfile%\Desktop\Windows Vista Recovery.lnk
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random].dll

Dynamic Link Libraries to remove (Windows Vista Recovery):

%AllUsersProfile%\[random].dll

Processes to kill (Windows Vista Recovery):

%AllUsersProfile%\[random].exe

Remove registry entries (Windows Vista Recovery):

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.