Posts Comments

How to Remove File Recovery

By dojo on July 31, 2012 Leave a Comment

What is File Recovery?

File Recovery is what’s known as a Scareware infection. It installs and looks like it functions as a real antivirus program, but this is not the case.

 How Did I get infected with File Recovery?

Most infections of this nature are installed by Zero-day exploits. This is an exploit in Java, Flash, or your browser’s security that allows the virus to remotely install and run itself through bogus advertising or hacked websites. You should also be wary of Facebook advertising or Emails that you get that are out of place. If you ever have to question the legitimacy of an email or ad, you probably shouldn’t open it without contacting the sender.

What is File Recovery Doing to My Computer Right Now?

Here are some examples of warning boxes you may get when it is installed.

Hard drive boot sector reading error
System blocks were not found
Error 0x00000024 – NTFS_FILE_SYSTEM
Error 0x00000078 – INACCESSIBLE_BOOT_DEVICE
Error 0x0000002E – DATA_BUS_ERROR
Error 0x00000050 – PAGE_FAULT_IN_NONPAGED_AREA
The DRM attribute value is too small before disk scan

File Recovery

File Recovery

» Download File Recovery Removal Software

You should remove File Recovery as soon as possible. If you have one infection in many cases you will have minor threats or browser toolbars that should be removed. This is why it’s so important to run a full virus scan even if you follow the manual removal guide below. Be sure to run a full virus scan once you have manually removed File Recovery.

File Recovery Manual Removal Procedures

The first step you must take in order to remove File Recovery is to stop the following process. Watch the video for guidance.

  • <Totally Random>.exe Your file trace will be named different Example: xdfasdf34345123.exe.

To Stop this process you can

A. Browse to the file location shown below and re-name the file first and then restart your computer. Then browse to that file location again and delete the file.

B.  Boot into Safe Mode and delete the file

C:  Log-into another users account and see if you can delete the file.

D:  Start the Task Manager the very second you login and terminate the process that way.

The next step in File Recovery removal is to delete the following file:

<Totallyr andom>.exe

Once you have deleted the above executable, File Recovery will no longer be running. At this time you need to run a full virus scan. RUN THE  SCAN!. We recommend SpyHunter . You need to ensure no other viruses are on your computer.  So many people skip this very simple step.  Take an extra few minutes and ensure you have all the viruses removed.

If you find this threat too hard to remove yourself and need an expert we recommend http://www.pcninja.com . They charge far less than others and are great at what they do.

File Recovery Directories:

  • %CommonAppData%\<Totally random>
  • %CommonAppData%\<Totallyr andom>.exe
  • %CommonAppData%\~<Totally random>
  • %CommonAppData%\~<Totally random>
  • %StartMenu%\Programs\File Recovery\
  • %StartMenu%\Programs\File Recovery\File Recovery.lnk
  • %StartMenu%\Programs\File Recovery\Uninstall File Recovery.lnk
  • %Temp%\smtmp\
  • %Temp%\smtmp\1
  • %Temp%\smtmp\2
  • %Temp%\smtmp\3
  • %Temp%\smtmp\4
  • %UserProfile%\Desktop\File Recovery.lnk

File Location Notes:

The smtmp directories will hold your shortcuts and quick launch shortcuts too.

%UserProfile% refers to the current user’s profile folder. By default, this is C:\Documents and Settings\<Current User> for Windows 2000/XP, C:\Users\<Current User> for Windows Vista/7, and c:\winnt\profiles\<Current User> for Windows NT.

%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\<Current User>\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\<Current User>\AppData\Local\Temp for Windows Vista and Windows 7.

%CommonAppData% refers to the Application Data folder for the All Users Profile. By default, this is C:\Documents and Settings\All Users\Application Data for Windows 2000/XP and C:\ProgramData\ for Windows Vista/7.

%StartMenu% refers to the Windows Start Menu. For Windows 95/98/ME it refers to C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\<Current User>\Start Menu\, and for Windows Vista/7 it is C:\Users\<Current User>\AppData\Roaming\Microsoft\Windows\Start Menu.

%CommonAppData% refers to the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it refers to C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.

Filed Under: Virus Removal

Speak Your Mind

*

RemoveVirus.org cannot be held liable for any damages that may occur from using our community virus removal guides. Viruses cause damage and unless you know what you are doing you may loose your data. We strongly suggest you backup your data before you attempt to remove any virus. Each product or service is a trademark of their respective company. We do make a commission off of each product we recommend. This is how removevirus.org is able to keep writing our virus removal guides. All Free based antivirus scanners recommended on this site are limited. This means they may not be fully functional and limited in use. A free trial scan allows you to see if that security client can pick up the virus you are infected with.