Fake Windows Restore

From Wiki-Security, the free encyclopedia of computer security

Fake Windows Restore Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<

SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:

If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

What is The Fake Windows Restore?

Windows Restore is a rogue anti-spyware application that introduces itself as a real computer analysis and optimization program.

As a rogue security application, Windows Restore is a scam that functions like scareware, in order to scare and bully Windows Restore's victims into willingly and unsuspectingly providing their personal and financial information to the cyber criminal masterminds hidden behind their creation.

Though Windows Restore claims otherwise, Windows Restore does not possess the capability to detect PC problems or defragment computer systems; rather, Windows Restore, itself, is a dangerous and harmful PC security threat. Windows Restore is a dangerous rogue security application, and if you find that your computer system has been compromised by Windows Restore, you should take the necessary steps to remove Windows Restore from your system as soon as possible.

Windows Restore is a Dangerous Rogue Security Application

Windows Restore is a convincing Windows component impersonator. Windows Restore is a rogue anti-spyware program meant to be a counterfeit look-alike of an authentic component of Windows.

Like most other rogueware applications, Windows Restore secretly enters into users' systems through the employment of seditious and harmful Trojans, which gain access and slip past PC security programs, and then display security warnings and false error messages on systems that Windows Restore targets. Once Windows Restore has securely established itself in targeted PC systems, via Windows Restore's corresponding Trojans, this rogue security application begins to reveal itself by systematically attacking the systems Windows Restore has managed to infect – not stopping until Windows Restore has successfully accomplished Windows Restore's sole intent of robbing the infected systems' users blind.

The presence of Windows Restore often goes unnoticed by users, and the following lists a few of the distinctive capabilities that a Trojan bundled with Windows Restore can utilize in victims' systems:

– Blocks exe files from being launched.
– Restricts access to various programs.
– Runs fake scans for hard drive corruption, and displays conclusive lists claiming 'corruption'.
– Displays annoying alert messages and restriction alerts.
– Causes erratic system function and majorly decreased overall PC performance.

As with other rogue security programs of this kind, Windows Restore's process – of infecting and spreading – begins by spamming you with bogus, fabricated PC alerts that state that there is something wrong with your PC's hard drive. At this point in Windows Restore's process, the rogue security program begins to suggest that you download and install Windows Restore's quick fix program. A few examples of the alerts generated by Windows Restore are:

Critical Error!
Damaged hard drive clusters detected. Private data is at risk.

Critical Error
Hard Drive not found. Missing hard drive.

Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can't find hard disk space. Hard drive error.

Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Activation Reminder
Windows Restore Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

Low Disk Space
You are running very low disk space on Local Disk (C:).

Windows – No Disk
Exception Processing Message 0x0000013

Once Windows Restore has been allowed to install itself, Windows Restore will begin automatically when you launch Windows – meaning, every time you reboot, log into, or start up your PC.

Windows Restore will spam you with a ton of error messages whenever you try to launch programs and/or delete files. When you attempt to open and run a program, Windows Restore will generate pop-up alerts that will generally read as follows:

Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.

After you are forced to exit and close the program, Windows Restore will present you with yet another alert message that will state:

Fix Disk
Windows Restore Diagnostics will scan the system to identify performance problems.
Start or Cancel

If you choose to press start and allow Windows Restore to do so, Windows Restore will begin running a bogus scan of your computer's hard drive, and will, ultimately conclude, that there is something wrong with your PC. This final, conclusive message, will boldly state that:

Windows Restore Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified [sic] software to fix the detected hard drive problems. Do you want to download recommended software?

The entirety of this application is absolutely and completely bogus – from start to finish, Windows Restore is a scam designed to scare users. Windows Restore's scary threat-detection alerts are one-hundred percent generated, and solely meant to stir up panic and horror amongst Windows Restore's victims, in order to convince users that their system is majorly compromised; Windows Restore's promises and guarantees as a solution to a compromised PC system are empty.

Each one of these factors is utilized by Windows Restore as a means to successful accomplished Windows Restore end intent, that is to gain an authoritative, administrative position; thus, allowing the rogue security application to advance and encourage users to buy 'a full version' of Windows Restore's useless, rogue security software – in effect, providing cyber-criminals complete access to their personal and financial information.

Signs and Symptoms of Windows Restore

It has been noted that Windows Restore's Trojan behavior and destructive effects may manifest by:

– Blocking exe files from being launched.
– Restricting access to essential, fundamental operations programs.
– Restricting users' abilities to delete various files.
– Causing erratic system function and majorly decreased system performance.

Furthermore, in Windows Restore persistent attempts to convince you of your computer's various problems, the Trojan associated with the rogue security application will make it so that a myriad of folders on your PC display no contents; and thus, in lieu of contemplating the regular list of files inside the affected folders, the Trojan will display either the wrong folder's contents or no contents at all. The Trojan uses this technique to convince you to buy into Windows Restore's claims that your hard drive has been corrupted, which is why you cannot properly view your PC's files and folders.

Even worse, if the Trojan is able to take control of your PC, the Trojan can make it so that you will be prevented to open any of your PC's programs. The Trojan will do so by terminating the given program, right after Windows Restore has been launched, and then stating that the program has been terminated because your hard drive has been corrupted. Well-crafted Trojans utilize this particular symptom as a technique to evade your PC's security program. By restricting access to your PC's programs, the Trojan makes your computer virtually unusable – therefore, further convincing you about the necessity of purchasing the rogue security software – as well as protects itself from any anti-virus programs that may attempt to run on your PC.

To check your computer for Fake Windows Restore, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Fake Windows Restore and other threats. If you detect the presence of Fake Windows Restore on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Fake Windows Restore.


Detection of Fake Windows Restore (Recommended)

Fake Windows Restore is difficult to detect and remove. Fake Windows Restore is not likely to be removed through a convenient "uninstall" feature. Fake Windows Restore, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Fake Windows Restore and other spyware, adware, trojans and viruses on your computer.

Run a Fake Windows Restore scan/check to successfully detect all Fake Windows Restore files with the SpyHunter Spyware Detection Tool. If you wish to remove Fake Windows Restore, you can either purchase the SpyHunter spyware removal tool to remove Fake Windows Restore or follow the Fake Windows Restore manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Fake Windows Restore. Fake Windows Restore can come bundled with shareware or other downloadable software.

Another method of distributing Fake Windows Restore involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Fake Windows Restore on your system. Fake Windows Restore installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Fake Windows Restore, use this SpyHunter Spyware dectection tool to detect Fake Windows Restore and other common Spyware infections. After detection of Fake Windows Restore, the next advised step is to remove Fake Windows Restore with the purchase of the SpyHunter Spyware removal tool.


Fake Windows Restore may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Fake Windows Restore from your computer.

Remedies and Prevention

Fake Windows Restore, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Fake Windows Restore along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Fake Windows Restore, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Fake Windows Restore and other types of spyware.

Remove Fake Windows Restore manually

Another method to remove Fake Windows Restore is to manually delete Fake Windows Restore files in your system. Detect and remove the following Fake Windows Restore files:


  • %AppData%\Microsoft\[RANDOM CHARACTERS].exe
  • %AllUsersProfile%\[RANDOM CHARACTERS].exe
  • %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].exe
  • %Temp%\internetexplorerupdate.exe


  • %AllUsersProfile%\[RANDOM CHARACTERS].dll
  • %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dll

Other Files

  • %UserProfile%\Start Menu\Programs\Windows Restore\Windows Restore.lnk
  • %UserProfile%\Desktop\Windows Restore.lnk
  • %UserProfile%\Start Menu\Programs\Windows Restore\Uninstall Windows restore.lnk
  • %UserProfile%\Start Menu\Programs\Windows Restore\
  • %AllUsersProfile%\~[RANDOM CHARACTERS]
  • %AllUsersProfile%\~[RANDOM CHARACTERS]r
  • %AllUsersProfile%\Application Data\~[RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\~[RANDOM CHARACTERS]r

Registry Keys

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments"SaveZoneInformation" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'

External links

If you believe your computer is infected with spyware,
Wiki-Security highly recommends SpyHunter's spyware detection tool to detect the latest spyware threats.

Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Fake Windows Restore or its creators in any way. This website does not advocate the actions or behavior of Fake Windows Restore and its creators. Our objective is to provide Internet users with the know-how to detect and remove Fake Windows Restore and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Fake Windows Restore in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.