File Recovery virus aka File Recovery “virus” is a new version of Fake HDD malware. This version is likely to replace Data Recovery and will infect PCs through various vulnerabilities or social engineering. Differently from its predecessor, they dropped word “Smart” from their name. These parasites use various exploit kits usually, that are capable of infecting PCs having older versions of Java, Flash or PDF reader versions. The infections are more or less silent and do not require user intervention. Additionally, File Recovery might use trojans for distribution, disguised as system or program updates, drivers or codecs. That is why it is extremely important to have antivirus and firewall protection.
Once your PC is infected by this fake File Recovery virus, you will start noticing your PC acting weird. First, there will be alerts and warnings about PC malfunction – Hard disk failures, Ram, registry and GPU problems. The scareware will try to make you believe that alerts are real and emulate some of the problems. For example, your programs might disappear, or your start menu will display warnings instead of programs. You should not believe File Recovery alerts and fix your PC for real.
Typical File Recovery alerts will look like this:
System blocks were not found
This is most likely occurred because of hard disk failure.
This may also lead to a potential loss of data.
Hard Drive Boot Sector Reading Error
During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on boot device.
If you click on them, the File Recovery Check window will launch and detect pre-set errors. Many of these errors cannot be solved by software, although the parasite claims it can do that. This is a sure sign of a scam. The “Repair” function will request money for performing repairs. As it is fake one, you should not pay a dime for makers of this malware.
To remove File Recovery scam you should do the following :
1. First, I recommend killing the malware process and scanning against rootkits, accompanying File Recovery scareware. This can be done using Process Explorer, Spyhunter installer, or rkill. If you can’t launch IE, use Win+E hotkey and enter https://www.2-viruses.com/downloads/spyhunter-i.exe there.
2. Second, run anti-rootkit scan. Spyhunter or Hitman Pro has quite good generic scanners together with anti-rootkit ones. In other cases I recommend TDSS Killer.
3. Then delete the File Recovery files. This can be done either automatically or manually .
4. You should unhide all the documents and files. Start->run, enter attrib -h %Documents%\*.*
If you can’t download any program, you can try fake-register File Recovery malware with key 56723489134092874867245789235982. This will not remove parasite, but simplify the removal process.
Video instructions on fake File Recovery removal
Automatic Malware removal tools
8 responses to “File Recovery (virus)”
Thank you for your post, it was useful for me to remove this malicious code.
Thanks! I caught this just visiting a song lyric. It’s bad.
Your fake activation code and unhide worked.
I have McAffee installed, and up to date, and still got this drive by!
Many thanks for taking the time to help out people caught out by this insidious trogan.
Same story as Travis ….got caught looking for song lyrics to Tinkerbelle to sing to the grandchildren
I tried this and it bricked my PC. I guess SpyHunter killed some critical OS files while it was taking out the File Recovery stuff and now it hangs at starting cmain()…
Use this method with extreme caution.
David: has to be new version of rootkit. Try booting in safe mode, and use system recovery. Also, Spyhunter has free decent support.
use any email address
use the code: 56723489134092874867245789235982
activate the software. click ‘reapair’
The virus has changed! In Norwegian XP the programfile and uninstaller has chaged name. Right click the links in Start menu and find new names of the exe files and delete them. I hope this will work for me.
Can I use someone’s email address and password who left comments on this site please I don’t want to register and have to pay for this program in order to fix
threats that were discovered…