Recovery (1-844-813-5673)

If you constantly have a Blue Screen of Death (BSoD), that suggests you call (1-844-813-5673), then be warned that your computer has been infected with Recovery (1-844-813-5673). This application is nothing short of malicious and its primary objective is to make money for its creators. It is designed to lock your desktop and disable Task Manager so that you would have no other course of action but to comply. However, there is a way you can remove this malware, and you can do that by following the guide provided below. But, if you want to know more about this infection, we invite you to read this description.

Recovery (1-844-813-5673) is a highly malicious application. It is designed to infect your computer by stealth and lock its screen by showing a fake Blue Screen of Death window. Its main executable is named Divyesh.exe and research has shown that it is dropped in %WinDir%\Divyesh\Divyesh. It also features registry keys such as that include HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIVYESH and HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIVYESH, as well as a registry string named Divyesh that is placed at HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. The Divyesh registry string is designed to autostart this malware on system startup. As a result, when you restart your PC you will be greeted by this program’s BSoD window constantly.

Once on your computer, this application will open its borderless fake error window on top of the desktop to give you the impression that a critical error has indeed occurred. The message states that “A component of the operating system has expired.” And, the error points to \windows\system32\winload.efi and the reason for this. The fictitious error message suggests that you need to use a recovery too and if you do not have a disc or an installation image of Windows, then you need to contact tech support by calling 1-844-813-5673. Evidently, this application uses deceptive means to compel you to call this phone number, and it is likely that the people on the other end of the line will try to sell you a PC optimization tool or a fake antimalware application to resolve this manufactured issue. Also, they may charge you a premium rate for the call and make money that way. So, without a doubt, Recovery (1-844-813-5673) is all about making money.

While gathering information about this malicious application we found that it is currently distributed through bundled installers. These installers are said to install Recovery (1-844-813-5673) without your knowledge or consent, and some have been configured to deny you the means to deselect its installation altogether. These installers can mostly be found on shady freeware hosting websites, so if your PC was infected as a result of installing a malicious software bundle, please leave a comment in the comment section below with the address of the website from which you got it. Unfortunately, nothing else is known about this program, except for the fact that it was created by cyber criminals that understandably stay in the shadows because there no denying that Recovery (1-844-813-5673) is a malicious program.

That is all we have to say about this application. To recap, this app is designed to lock your computer’s screen and show you a fake error message that promotes a fake tech support phone number. It disables Task Manager to prevent you from bypassing its lock screen. It is also distributed in a deceptive manner, so, all things considered, you should delete this program as soon as you can. Please follow the removal instructions below carefully as you will need to boot your PC in Safe Mode.

Boot up the PC in Safe Mode with Networking

Windows 10/8.1/8

1. Press the Windows Key.
2. Type Change advanced startup options in the search window and press Enter.
3. Under the Recovery tab, select the Restart now option under Advanced startup.
4. Select Troubleshoot.
5. Select Advanced options and go to Startup Settings.
6. Click the Restart button.
7. Select Enable Safe Mode with Networking by pressing 5.

Windows 7 and Vista

1. Restart the computer.
2. Press and hold the F8 key as your computer restarts.
3. On the Advanced Boot Options screen, use the arrow keys to highlight the Safe Mode with Networking, and then press Enter.
4. Log on to your computer with a user account that has administrator rights.

Windows XP

1. Open the Start menu and click Restart.
2. Press and hold the F8 key while the computer restarts.
3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking and press Enter.
4. Log on to your PC.

Remove Recovery (1-844-813-5673)

1. Simultaneously press Windows+E keys.
2. Enter C:\Windows\Divyesh\Divyesh in the address line and hit Enter.
3. LocateDivyesh.exe, right-click it and click Delete.
4. Go to the Downloads folder and desktop and delete Divyesh.exe if found.
5. Empty the Recycle Bin.

Delete the registry keys

1. Simultaneously press Windows+R keys.
2. Type regedit and click OK.
3. Go to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
4. Delete Divyesh.
5. Then go to HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIVYESH and delete it.
6. Go to HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIVYESH and delete it.