File Recovery (virus) - How To Remove?

Type: Rogue application

File Recovery virus aka File Recovery “virus” is a new version of Fake HDD malware. This version is likely to replace Data Recovery and will infect PCs through various vulnerabilities or social engineering. Differently from its predecessor, they dropped word “Smart” from their name. These parasites use various exploit kits usually, that are capable of infecting PCs having older versions of Java, Flash or PDF reader versions. The infections are more or less silent and do not require user intervention. Additionally, File Recovery might use trojans for distribution, disguised as system or program updates, drivers or codecs. That is why it is extremely important to have antivirus and firewall protection.

Once your PC is infected by this fake File Recovery virus, you will start noticing your PC acting weird. First, there will be alerts and warnings about PC malfunction – Hard disk failures, Ram, registry and GPU problems. The scareware will try to make you believe that alerts are real and emulate some of the problems. For example, your programs might disappear, or your start menu will display warnings instead of programs. You should not believe File Recovery alerts and fix your PC for real.
Typical File Recovery alerts will look like this:

System blocks were not found
This is most likely occurred because of hard disk failure.
This may also lead to a potential loss of data.

Hard Drive Boot Sector Reading Error

During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on boot device.

If you click on them, the File Recovery Check window will launch and detect pre-set errors. Many of these errors cannot be solved by software, although the parasite claims it can do that. This is a sure sign of a scam. The “Repair” function will request money for performing repairs. As it is fake one, you should not pay a dime for makers of this malware.
To remove File Recovery scam you should do the following :
1. First, I recommend killing the malware process and scanning against rootkits, accompanying File Recovery scareware. This can be done using Process Explorer, Spyhunter installer, or rkill. If you can’t launch IE, use Win+E hotkey and enter there.
2. Second, run anti-rootkit scan. Spyhunter or Hitman Pro has quite good generic scanners together with anti-rootkit ones. In other cases I recommend TDSS Killer.
3. Then delete the File Recovery files. This can be done either automatically or manually .
4. You should unhide all the documents and files. Start->run, enter attrib -h %Documents%\*.*
If you can’t download any program, you can try fake-register File Recovery malware with key 56723489134092874867245789235982. This will not remove parasite, but simplify the removal process.

Video instructions on fake File Recovery removal

Automatic File Recovery (virus) removal tools

Note: Reimage trial provides detection of parasites and assists in their removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.  We might be affiliated with some of these programs. Full information is available in disclosure

Manual removal


Important Note: Although it is possible to manually remove File Recovery (virus), such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Reimage or other tools found on


File Recovery (virus) screenshots


About the author

 - Main Editor

I have started in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.

July 12, 2012 21:37, July 17, 2012 11:18

8 thoughts on “File Recovery (virus)

  1. Thanks! I caught this just visiting a song lyric. It’s bad.
    Your fake activation code and unhide worked.
    I have McAffee installed, and up to date, and still got this drive by!
    Thanks again.

  2. Many thanks for taking the time to help out people caught out by this insidious trogan.
    Same story as Travis ….got caught looking for song lyrics to Tinkerbelle to sing to the grandchildren

    Thanks again


  3. I tried this and it bricked my PC. I guess SpyHunter killed some critical OS files while it was taking out the File Recovery stuff and now it hangs at starting cmain()…

    Use this method with extreme caution.

  4. The virus has changed! In Norwegian XP the programfile and uninstaller has chaged name. Right click the links in Start menu and find new names of the exe files and delete them. I hope this will work for me.

  5. Can I use someone’s email address and password who left comments on this site please I don’t want to register and have to pay for this program in order to fix
    threats that were discovered…

Leave a Reply

Your email address will not be published. Required fields are marked *