1 of 4
Danger level 8
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Block exe files from running
  • Installs itself without permissions
  • Connects to the internet without permission
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Infection Video System Recovery

System Recovery

Perhaps you have heard before of the FakeHDD nest of dangerous rogue antispyware applications. System Recovery, which derives from the same family of rogues as Windows Restore, is even more dangerous as its predecessors. This fake system optimization application makes it look like you are experiencing serious problems with your computer, and then it wants to make you pay for it. System Recovery says that the only way to get rid of the errors present is to acquire a full version of the program. Unfortunately, if you do that, you will definitely lose your money for good, so you must not follow the instructions given by this computer threat.

Download Spyware Removal Tool to Remove* System Recovery
  • Quick & tested solution for System Recovery removal.
  • 100% Free Scan for Windows

System Recovery can enter your system pretending to be an update to one of the programs that are installed in your computer. Therefore, you must always keep your programs up to date, otherwise you might end up having System Recovery, after a random visit at some dubious internet website. You see, this rogue does not need your permission to enter your computer. It might prompt you, but if it pretends to be an update, you might think nothing of it, and simply allow System Recovery to install itself. This rogue also promotes itself via fake security notifications in hacked sites, which say that there is something with your hard drive and you are urged to perform a quick check. So once you click on these alerts, System Recovery automatically downloads itself.

Once this rogue is in your computer, it is configured to start automatically whenever you boot your Windows. Therefore, once you turn on your computer, you see System Recovery perform a fake system scan, and then this program spams you with fake security notifications such as:

Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.

Even though these messages look scary, you should not hurry and activate System Recovery by giving away your banking information. Think about it – one of the messages says you have a critical hard drive error. But if there really were one, your computer would not be working at all! These messages are obviously fake, and so is the program itself. You will do yourself a favor if you ignore everything comes from System Recovery.

Do not allow this rogue to take over. Protect your money and your computer right now, and remove System Recovery for good. If you are not sure how to do it manually, resort to automatic malware removal, using a reliable antispyware tool. That way you will also protect your computer against similar attacks in the future. Do not wait until it is too late, take care of this infection right now!

Download Spyware Removal Tool to Remove* System Recovery
  • Quick & tested solution for System Recovery removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove System Recovery

Files associated with System Recovery infection:

BvhFlJwnduMa.exe
BvhFlJjjduMa.exe
YvhFlJjjduMa.exe
YvhFlJjjduMa.exe
iMXxHFmRWxGIKn.exe
GyxHFmRWxGIKn.exe
BvhFlJwnduMa.exe
BvhFlJjjduMa.exe
%UserProfile%\Desktop\System Recovery.lnk
%Temp%\smtmp\4
%Temp%\smtmp\3
%Temp%\smtmp\2
%Temp%\smtmp\1
%Temp%\smtmp\
%StartMenu%\Programs\System Recovery\Uninstall System Recovery.lnk
%StartMenu%\Programs\System Recovery\System Recovery.lnk
%StartMenu%\Programs\System Recovery\
%LocalAppData%\[random].exe
GyxHFmRWxGIKn.exe
iMXxHFmRWxGIKn.exe

System Recovery processes to kill:

BvhFlJjjduMa.exe
GyxHFmRWxGIKn.exe
iMXxHFmRWxGIKn.exe
YvhFlJjjduMa.exe
iMXxHFmRWxGIKn.exe
GyxHFmRWxGIKn.exe
BvhFlJwnduMa.exe
BvhFlJjjduMa.exe
%LocalAppData%\[random].exe
BvhFlJwnduMa.exe
YvhFlJjjduMa.exe

Remove System Recovery registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\R
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.