File Recovery (rogue HDD repair)

File Recovery - how to eliminate it from your computer?

File Recovery is a fake hard disk drive optimization/repair program. This misleading software comes from a relatively new rogue family which instead of displaying fake security scans generates HDD error messages and tries to trick unsuspecting PC users into believing that they could loose their stored information. While the tactics used in File Recovery are different than in most fake programs released by Internet criminals, the outcome is the same. Creators of File Recovery are hoping that you will fall for the trickery shown by this software and you will purchase it's licence key in order to fix the supposedly detected HDD errors.

To make the error detection list appear more realistic File Recovery will hide your files and Start menu items. You shouldn't panic about your missing data - this malicious software doesn't remove any of your files, the process of hiding your files serves the misleading goal of further pushing you into activating full version of File Recovery. You should realize that this bogus program just imitates the the process of scanning your HDD, the "Check" window that is shown by this software is pre-generated and the errors that File Recovery indicates doesn't exist, your computer's hardware is fine. If you click "Remove issues" button in File Recovery's "Repair" window you will be asked to enter your credit card information and purchase this malicious program. Don't buy this scam, you will send your money to Cyber criminals and your computer will still be infected with File Recovery fake HDD scanner. Best way of treating this misleading software is it's elimination from your PC. Follow the provided removal instructions to regain your hidden files.

File Recovery is not unique - it's a renamed variant of Data Recovery and Smart HDD rogues. Internet criminals who are releasing these misleading HDD scanners doesn't bother to change the user interface of their rogue programs, the core elements and deceptive strategy used to trick PC users are also left the same. Most commonly File Recovery is spread through Trojans and malicious websites which uses security vulnerabilities in user's computer. Ignore HDD issues that are detected by File Recovery and use this removal guide to remove this scam and unhide your files.

Fake HDD error detection list entries and fake warning messages generated by File Recovery:

Hard drive boot sector reading error During - I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on the boot device.

System blocks were not found. This has most likely occurred because of hard disk failure. This may also lead to a potential loss of data.

Error 0x0000002E - DATA_BUS_ERROR The Stop 0x2E message is typically caused by failed or defective RAM (including motherboard, Level 2cache, or video memory), incompatible or mismatched memory hardware, or when a device driver attempts to access an address in the 0x8xxxxxx range that does not exist (does not map to a physical address)

Error 0x00000024 - NTFS_FILE_SYSTEM

Error 0x00000078 - INACCESSIBLE_BOOT_DEVICE

Error 0x0000002E - DATA_BUS_ERROR

Error 0x00000050 - PAGE_FAULT_I

Your computer is in critical state. Hard disk error detected. As a result it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of files, applications and documents stored on your computer.

File Recovery removal:

After the fake HDD check performed by File Recovery click "Repair 7 Issues", in the opened window choose "I already have an activation code. Click here to activate" and enter this information:

Registration E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Activation Key: 56723489134092874867245789235982

Now you can download and install the spyware remover which will completely remove this fake HDD optimizer from your PC.

remover for File Recovery

If you can't download or run spyware remover try running registry fix (link below). It enables execution of programs. download registryfix.reg file, double click it, click YES and then OK.

File Recovery removal instructions (on infected computer):

If you were unable to remove File Recovery using removal tools, you can follow these removal instructions to do some steps manually and help the removal process.

1. Start your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

2. Open Internet explorer, click Tools and select Internet Options. Select "Connections".

3.Click LAN settings, if a Use a proxy server for your LAN is checked, uncheck it and press OK.

4. Download a legitimate anti-spyware software to fully remove File Recovery from your computer.

remover for File Recovery

6. After removing File Recovery reset your Hosts files. Don't skip this step, this malware modifies your Hosts files, and you will encounter browser redirect problems.

Hosts file is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:

Complete these steps if after removal of File Recovery your Desktop icons or files are hidden:

Step 1
File Recovery hides almost all user files. If You can't see your files don't panic. The files are not missing. They are just hidden, but still here. When downloaded spyware remover removes the infection, please download and run this tool to unhide your files (Link below). It is important to run this tool only when infection is already removed from your computer. This unhide files tool will be useless running it on infected computer.

When unhide files tool finishes, your windows desktop icons may still be gone. To fix missing desktop items after spyware infection download this .REG file. Double click when downloaded, click yes and then click ok. Reboot your computer, your desktop items now should be visible.

Step 2
Reboot your computer to check if everything is OK and File Recovery rogue spyware is gone. Check if you can find all your files. If some files are still missing, open My Computer, Click Tools, then select Folder Options... and under View tab select radio button "Show hidden files and folders", press OK. Now you will see all hidden files and folders. To unhide them Right click on the file or folder, then select Properties and uncheck "Hidden" Check box.

That's it! You're done.

Other tools known to remove File Recovery:

• iS3 STOPzilla
• Malwarebytes Anti-Malware

Additional information, related to File Recovery removal:

Some malicious software modifies browser settings and disables downloads of spyware and virus removing software. If you have problems downloading anti-spyware software with Internet Explorer, try downloading with Chrome, FireFox, Opera, etc.

If you can't access Internet:

Load your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.

Start Task manager. Press ctrl+alt+del (or ctrl+shift+esc) and end task the processes of rogue program. ( if after this procedure you can't access any programs press ctrl+alt+del, click File, select New Task, and type explorer.exe then press OK.

Open Internet explorer, click Tools and select Internet Options. Select Connections, then click LAN settings, if a Use a proxy server for your LAN is checked, un-check it and press OK.

After this procedure you should be able to access Internet. Now you can download anti-spyware software from our "Top spyware removers" section and run a full scan. Download, install and don't forget to update your selected anti-spyware program. Then run a full system scan.

Manual File Recovery removal

If you are unable to remove File Recovery using the steps above, you can use this manual removal instruction. Use it at your own risk. If you don't have strong computer knowledge you could harm your operating system. Be careful and use it only if you are an experienced computer user. (Instructions on how to end processes, remove registry entries...)

End these File Recovery processes:

random.exe

Remove these File Recovery registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'     
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'

Delete these File Recovery files:

%StartMenu%\Programs\File Recovery\
%StartMenu%\Programs\File Recovery\File Recovery.lnk
%StartMenu%\Programs\File Recovery\Uninstall File Recovery.lnk
%UserProfile%\Desktop\File Recovery.lnk     
%CommonAppData%\<random>
%CommonAppData%\<random>.exe
%CommonAppData%\~<random>
%CommonAppData%\~<random>
%Temp%\smtmp\
%Temp%\smtmp\1
%Temp%\smtmp\1
%Temp%\smtmp\2
%Temp%\smtmp\3
%Temp%\smtmp\4

Please note: as the malware constantly changes it's behaviour, these registry keys might be slightly different on your computer, depending on the File Recovery version.