1 of 11
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Blocks internet connection
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Infection Video Data Recovery

Data Recovery

Data Recovery is a rogue defragmenter which comes forth with a notorious background. It hails from a dangerous family of rogues known as the FakeHDD Family of rogues. These rogues are very adept at stealing money from unsuspecting computer users worldwide. Data Recovery can scare you into believing that your computer is being overrun with errors and that you must make use of Data Recovery to fix these threats. Unfortunately if you follow the instructions given by the rogue, you will only lose your money.

Download Spyware Removal Tool to Remove* Data Recovery
  • Quick & tested solution for Data Recovery removal.
  • 100% Free Scan for Windows

When the rogue urges you to pay for the full version of the program, you are required to fill in the purchase form, and there you must disclose your name, address, credit card number, expiration date, and the CVV2 code. With this information at hand, the people who have created the rogue will be able to perform a lot of illegal operations little by little draining your financial funds. If you happen to have exposed your sensitive information already, contact your bank and inform them about the possible illegal access to your bank account.

Once the rogue manages to ingrain itself in the system, it will edit registry entries so as to allow itself to be launched each time the user logs on to Windows. It will then proceed to initiate a fake system scan which will inform the user that his PC is being overrun with serious errors.

It will shortly after initiating the fake scan start spamming you with numerous fake system messages, informing you of the same thing:

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
Hard Drive not found. Missing hard drive.

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can't find hard disk space. Hard drive error

If you look at the above fake alerts, it is obvious to see that you are dealing with a rogue application. This can be seen by Data Recovery warning you that the Hard Drive is missing. This simply cannot be, as if this was the case then you would not be able to run the PC in the first place.

As a further attack against the PC, it will block the user’s access to the Internet and will not allow the user to launch other applications on the system. This is done to further panic and annoy the user, but also to prevent him from running or downloading an application which may be able to detect and remove Data Recovery from the system. Each time the user attempts to launch an application, he will be presented with the following error messages:

Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

Acquire a good security tool that will terminate Data Recovery for you automatically. Do not hesitate when it comes to dealing with this rogue, because if you allow it stay on your computer for a longer period of time, your system will definitely crash for good.

UPDATE

Unfortunately, a new, upgraded version of Data Recovery has emerged. This “improved” tool now has S.M.A.R.T. Check and S.M.A.R.T. Repair tools, which offer to remove fake HDD issues, and which produce fake hard drives’ diagnostic reports. Alongside these, even more fake pop-up notifications have been noted:

Your computer is in critical state. Hard disk error detected.
As a result, it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of files, applications and documents stored on your computer.

System blocks were not found. This has most likely occurred because of hard disk failure. This may also lead to a potential loss of data.

Windows detected a hard drive problem.
A hard drive error occurred while starting the application.

Luckily, we now can offer you an activation key, which will remove these Data Recovery alerts and will help you restore normal Windows functionality.

Activation key:
08869246386344953972969146034087

Note: to help you remove Data Recovery with installed software, we offer you Internet renewal guide bellow.

Download Spyware Removal Tool to Remove* Data Recovery
  • Quick & tested solution for Data Recovery removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Data Recovery

Files associated with infection (Data Recovery):

Data_Recovery.lnk
VIKqcLAptUym.exe
fjfYYuH67HH.exe
aaqcLbHptUym.exe
aaqcLAptUym.exe
6DSS92c31Apgjk.exe
%UserProfile%\Desktop\Data Recovery.lnk
%Temp%\smtmp\4
%Temp%\smtmp\3
%Temp%\smtmp\2
%Temp%\smtmp\1
%Temp%\smtmp\
%StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\Data Recovery.lnk
%StartMenu%\Programs\Data Recovery\
%LocalAppData%\[random].exe

Processes to kill (Data Recovery):

VIKqcLAptUym.exe
fjfYYuH67HH.exe
aaqcLbHptUym.exe
aaqcLAptUym.exe
6DSS92c31Apgjk.exe
%LocalAppData%\[random].exe

Remove registry entries (Data Recovery):

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
Disclaimer

Comments

  1. Leeds Data Recovery Aug 19, 2014

    Thanks so much for making the Desktop Data Recovery task so easy by sharing such handy updates, please do continue to post more of such articles weekly.

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.