What is Data Recovery and how to remove it?
Data Recovery is a rogue program which tries to scare PC users into believing that their computer's hardware has malfunctioned and that this situation could lead to a potential data loss. This is a renewed version of a previously discovered bogus software which had the same name - Data Recovery. You shouldn't mistaken this rogue software to a legitimate computer optimizer, this software is a scam which was developed by Internet criminals. People who are behind this fake program are hoping that you will fall for the trickery shown by Data Recovery and you will purchase it's licence key in order to repair your computer's hardware errors that doesn't actually exist. This fake computer optimizer is distributed using misleading websites and fake program updates, when installed on your computer this bogus program will start imitating a computer check-up and will state that your PC has serious hard disk drive issues.
The scan process is named Smart Check and the results window is called Smart Repair. You shouldn't be impressed by the professional looks of this software, its only an imitation of a real computer scanner which doesn't have required features to perform any of the scan that it does. Data Recovery uses generated scans and warning messages to scare you into thinking that you could loose all your stored data.
Examples of fake messages generated by Data Recovery:
Hard drive boot sector reading error During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on the boot device.
System blocks were not found. This has most likely occurred because of hard disk failure. This may also lead to a potential loss of data.
Error 0x0000002E - DATA_BUS_ERROR The Stop 0x2E message is typically caused by failed or defective RAM (including motherboard, Level 2cache, or video memory), incompatible or mismatched memory hardware, or when a device driver attempts to access an address in the 0x8xxxxxx range that does not exist (does not map to a physical address)
Your computer is in critical state. Hard disk error detected. As a result it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of files, applications and documents stored on your computer.
To further scare you into thinking that your computer's HDD has malfunctioned Data Recovery will hide your desktop icons and other infomation, it will also move your shorcuts and you won't be able to launch any programs from your Start Menu. This process of hiding your information combined with fake computer scans and warning messages serves the goal of selling you a licence for Data Recovery which would supposedly eliminate all the detected hardware errors. Needless to say that you shouldn't buy this program - in reality none of the hardware errors that are found by this rogue software actually exist on your PC, this program detects the same errors on every computer that it infects. You shouldn't panic about your disappeared data, this fake program doesn't remove anything - it hides some of the information to make it's fake warning messages appear more realistic. Previous variant of this malicious software were called Smart HDD. You shouldn't trust this program, ignore all the warning messages stating that your HDD has errors and eliminate this fake computer optimizer from your PC.
Screenshot of a rogue system optimizer "Data Recovery":
Data Recovery removal:
After the fake system check performed by Data Recovery click "Repair 7 Issues", in the opened window choose "I already have an activation code. Click here to activate" and enter this information:
Activation Key: 08869246386344953972969146034087
Now you can download and install the spyware remover which will completely remove this fake system optimizer from your computer.
If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.
Data Recovery removal instructions (on infected computer):
If you were unable to remove Data Recovery using removal tools, you can follow these removal instructions to do some steps manually and help the removal process.
1. Start your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
2. Open Internet explorer, click Tools and select Internet Options. Select "Connections".
3.Click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.
4. Download a legitimate anti-spyware software to fully remove Data Recovery from your computer.
6. After removing Data Recovery reset your Hosts files. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems.
Hosts file is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
This Infection Hides almost all user files. If You can't see your files don't panic. The files are not missing. They are just hidden, but still here. When downloaded spyware remover removes the infection, please download and run this tool to unhide your files (Link below). It is important to run this tool only when infection is already removed from your computer. This unhide files tool will be useless running it on infected computer.
When unhide files tool finishes, your windows desktop icons may still be gone. To fix missing desktop items after spyware infection download this .REG file. Double click when downloaded, click yes and then click ok. Reboot your computer, your desktop items now should be visible.
Reboot your computer to check if everything is OK and Data Recovery rogue spyware is gone. Check if you can find all your files. If some files are still missing, open My Computer, Click Tools, then select Folder Options... and under View tab select radio button "Show hidden files and folders", press OK. Now you will see all hidden files and folders. To unhide them Right click on the file or folder, then select Properties and uncheck "Hidden" Check box.
That's it! You're done.
Other tools known to remove Data Recovery:
Additional information, related to Data Recovery:
Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.
If you can't access Internet:
Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.
Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.
After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.
Manual Data Recovery removal
If you are unable to remove Data Recovery using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)
End these Data Recovery processes:
Remove these Data Recovery registry entries:
HKEY_USERS\S-1-5-19\Control Panel\Desktop, Wallpaper
HKEY_USERS\S-1-5-20\Control Panel\Desktop, Wallpaper
HKEY_USERS\S-1-5-18\Control Panel\Desktop, Wallpaper
Delete these Data Recovery files:
C:\Documents and Settings\user\Start Menu\Programs\Data Recovery\Data Recovery.lnk
C:\Documents and Settings\user\Start Menu\Programs\Data Recovery\Uninstall Data Recovery.lnk
Please note: as the malware constantly changes it's behaviour, these registry keys might be slightly different on your computer, depending on the Data Recovery version.
Other tips, that might help to remove Data Recovery
- If you can't download anti-spyware software: Click on the download link, when the save dialog opens change the file name (example: when downloading mbam-setup.exe rename it to iexplore.exe).
- If you have installed anti-spyware program but you can't run it do the following steps:
- Click Run, type %ProgramFiles% and press Enter. Open folder of your anti-spyware program, search for executable file and rename it. (example: Open Malwarebytes’ Anti-Malware folder, right-click on the main executable file (mbam.exe) then click rename. Rename the mbam.exe file to iexplore.exe, winlogon.exe firefox.exe or other known executable file.
- If you can't access your anti-spyware software, try creating a new user account:
Click Start -> Settings -> Control panel.
Click User Accounts and create a new account.
Reboot your computer and log in using a newly created user account.
After this procedure you should be able to access your anti-spyware programs. Update and run a full system scan.