File Recovery virus aka File Recovery “virus” is a new version of Fake HDD malware. This version is likely to replace Data Recovery and will infect PCs through various vulnerabilities or social engineering. Differently from its predecessor, they dropped word “Smart” from their name. These parasites use various exploit kits usually, that are capable of infecting PCs having older versions of Java, Flash or PDF reader versions. The infections are more or less silent and do not require user intervention. Additionally, File Recovery might use trojans for distribution, disguised as system or program updates, drivers or codecs. That is why it is extremely important to have antivirus and firewall protection.
Once your PC is infected by this fake File Recovery virus, you will start noticing your PC acting weird. First, there will be alerts and warnings about PC malfunction – Hard disk failures, Ram, registry and GPU problems. The scareware will try to make you believe that alerts are real and emulate some of the problems. For example, your programs might disappear, or your start menu will display warnings instead of programs. You should not believe File Recovery alerts and fix your PC for real.
Typical File Recovery alerts will look like this:
System blocks were not found
This is most likely occurred because of hard disk failure.
This may also lead to a potential loss of data.
Hard Drive Boot Sector Reading Error
During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on boot device.
If you click on them, the File Recovery Check window will launch and detect pre-set errors. Many of these errors cannot be solved by software, although the parasite claims it can do that. This is a sure sign of a scam. The “Repair” function will request money for performing repairs. As it is fake one, you should not pay a dime for makers of this malware.
To remove File Recovery scam you should do the following :
1. First, I recommend killing the malware process and scanning against rootkits, accompanying File Recovery scareware. This can be done using Process Explorer, Spyhunter installer, or rkill. If you can’t launch IE, use Win+E hotkey and enter https://www.2-viruses.com/downloads/spyhunter-i.exe there.
2. Second, run anti-rootkit scan. Spyhunter or Hitman Pro has quite good generic scanners together with anti-rootkit ones. In other cases I recommend TDSS Killer.
3. Then delete the File Recovery files. This can be done either automatically or manually .
4. You should unhide all the documents and files. Start->run, enter attrib -h %Documents%\*.*
If you can’t download any program, you can try fake-register File Recovery malware with key 56723489134092874867245789235982. This will not remove parasite, but simplify the removal process.
Video instructions on fake File Recovery removal
Automatic Malware removal tools