Computer Virus Removal

Some best way of Virus removal.

Windows Restore is a rogue Antispyware, Now a days most of the malware that pretends to be an Antivirus. Windows Restore is not very easy job it is  a wolf in sheep’s clothing. Many of the anitvirus It conducts a fake scan of your system; after scanning they will inform and warned by a fake alarm telling that some files are affect by malwares on your system. Some time It may be true indeed, may be there is really a malware in the system but we think the only malware will affect on your system is this Windows Restore. When Windows Restore invites you to purchase a license for this bogus program to remove malwares, do not try to buy that, it’s a scam, Because many of the virus are giving link to update there patch in your system at the same time they are giving  license for a malware? This way update makes Antivirus tries to scam you. So Uninstall Windows Restore as soon  from the system. With This removal tool for Windows Restore.

To remove Windows Restore (Uninstall Windows Restore)

Restart your computer and as soon as your computer turns on hit the F8 key (repeatedly) until a screen comes up
Choose Start computer in SAFE MODE with network support
Open Internet Explorer
Go to Tools => Internet Options => Connections Tab => LAN Settings
Uncheck “Use a proxy server”
Recheck “Automatically detect settings”
Download this free removal tool for Windows Restore
Extract it
Launch
Click on the delete button
Windows Restore will be removed from your system in 10s. Restart your computer when it’s finished.

Processes :

[Random].exe
Files :

%CommonAppData%\[Random].exe
%CommonAppData%\[Random]
�sktop%\Windows Restore.lnk
%Programs%\Windows Restore\Uninstall Windows Restore.lnk
%Programs%\Windows Restore\Windows Restore.lnk
Registry

Registry values created

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Use FormSuggest = “Yes”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnZoneCrossing = 0x00000000
WarnonBadCertRecving = 0x00000000
CertificateRevocation = 0x00000000
Registry values modified

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
1601 =
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
State =

Remove Windows now and Restore manually :

First Restart your computer in safe mode :
After Restart your computer and  turns on hit the F8 key (repeatedly) until a screen comes up
Choose  option to Start computer in SAFE MODE
Open the infected account login
Open I-explorer, paste into the addressbar shell :- Common AppData then press enter, now it will open the dir C:\Documents and Settings\Christian\Local Settings\Temp on my computer
Remove all .exe files there and all random folders under this path
Remove Windows Restore.lnk (Short Cut) from your desktop (Computer)
Remove Windows Restore from your Start menu then Programs
Click on the start menu button then click on run
Type msconfig (From Run) and press enter
Now Go to the Startup tab
After that ,Uncheck all keys that point to an .exe files under the %Temp% or %CommonAppData% folder and click on OK NOW YOU ALMOST COMPLETED THW WORK.

Get ready to Restart your computer in normal mode

now This will solve the problem but you can run the removal tool to remove the other registry keys and values.

About Author

Leave A Reply