Written by Tomas Meskauskas
Damage level: High
What is "Data Recovery" virus and how to remove it?
Data Recovery is a rogue program, which attempts to scare PC users into believing that their computer hardware has malfunctioned and the situation could lead to potential data loss. This is an updated version of previously discovered bogus software of the same name - Data Recovery. Do not mistake this rogue program for a legitimate computer optimizer - it is a scam developed by Internet criminals. The creators of this fake program hope you will fall for the trickery employed by Data Recovery, and that you will purchase a license key in order to repair computer hardware errors that do not actually exist. This fake computer optimizer is distributed using misleading websites and fake program updates. When installed on your computer, this bogus program starts imitating a computer check-up and reports that your PC has serious hard disk drive issues.
The scan process is named Smart Check and the results window, Smart Repair. Do not be impressed by the professional appearance of this software - it is merely an imitation of a genuine computer scanner and does not have the required functionality to perform an effective security scan. Data Recovery uses falsely-generated scans and warning messages in order to scare you into believing that you could lose your stored data.
Examples of fake messages generated by Data Recovery:
Hard drive boot sector reading error. During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on the boot device.
Your computer is in a critical state. Hard disk error detected. This can lead to hard disk failure and potential loss of data. It is highly recommended that you repair all found errors to prevent loss of files, applications and documents stored on your computer.
To further intimidate you into believing that your computer hard drive has malfunctioned, Data Recovery hides your desktop icons and other information. It moves your shortcuts, and you will be unable to launch any programs from your Start Menu. This process of hiding your information, combined with fake computer scans and warning messages, is performed with the intention selling you a license for Data Recovery - a license that will supposedly eliminate the 'detected' hardware errors. Do not buy this program - in reality none of the hardware errors found by this rogue software actually exist on your PC; this program 'detects' identical errors on every computer it infects. Do not panic about your missing data, as this fake program does not actually remove anything - it merely hides some of the information in order to make its fake warning messages appear authentic. Previous variants of this malicious software were called Smart HDD. Do not trust this program or any variants and ignore any warning messages reporting that your hard drive has errors. Eliminate this fake computer optimizer from your PC immediately.
Screenshot of a rogue system optimizer "Data Recovery":
Data Recovery virus removal:
After the fake system check performed by Data Recovery, click 'Repair 7 Issues', and in the opened window, choose 'I already have an activation code. Click here to activate', and then enter this information:
Registration E-mail: mail (at) email.com
Activation Key: 08869246386344953972969146034087
You can now download and install the spyware remover, which will completely remove this fake system optimizer from your computer.
If you cannot download or run the spyware remover, try running the registry fix (link below). It enables execution of programs. Download the registryfix.reg file, double click it, click YES, and then OK.
Data Recovery virus removal instructions (on infected computer):
If you were unable to remove Data Recovery using the removal tools, you can follow these removal instructions to perform some steps manually and help the removal process.
1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Here is a video demonstrating how to start Windows in "Safe Mode with Networking":
Windows XP users:
Windows Vista / 7 users:
Windows 8 users:
2. Open Internet Explorer, click Tools and select Internet Options. Select "Connections".
3.Click LAN settings, if 'Use a proxy server for your LAN' is checked, uncheck it and press OK.
4. Download legitimate anti-spyware software to fully remove Data Recovery from your computer.
6. After removing Data Recovery, reset your Hosts file. Do not skip this step, since this fake program modifies your Hosts file and you will encounter browser redirect problems.
The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious websites, despite observing legitimate URLs in the address bar. It is difficult to determine if a website is genuine when the Hosts file is modified. To fix this, please download the Microsoft FixIt tool that restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
Complete these steps if after removal of Data Recovery virus your Desktop icons or files are hidden:
This Infection Hides most user files. If you cannot see your files, do not panic - the files are simply hidden. When the downloaded spyware remover removes the infection, please download and run this tool to 'unhide' your files (Link below). It is important to run this tool only when the infection has already been removed from your computer. This 'unhide files' tool is useless if run on an infected computer.
When the 'unhide files' tool finishes, your Windows desktop icons may still be missing. To fix this, download this .REG file. Double click when downloaded, click Yes, and then click OK. Reboot your computer, and your desktop items should now be visible.
Reboot your computer to check if everything is OK and that the Data Recovery rogue spyware is gone. Check if you can find your files. If some files remain missing, open My Computer, Click Tools, then select Folder Options... and under View tab, select the radio button "Show hidden files and folders", press OK. Now you should see your hidden files and folders. To unhide them, Right click on the file or folder, then select Properties and uncheck the "Hidden" Check box.
That's it! You're done.
Other tools known to remove Data Recovery: