File Restore Description

[+] Click Image to Enlarge

• 

File Restore is a fake hard drive defragmentation tool, which is not able to repair system errors and other security issues. File Restore is distributed to the infected computer system by using a Trojan infection and invades your PC without your permission and knowledge. File Restore may create an impression of a reliable security program; however, it’s a malware application, which only attempts to dupe you into thinking there were numerous registry errors detected on your computer system. Then, File Restore tries to convince you to purchase the bogus application to fix found system problems. Once installed, File Restore generates itself to start automatically every time you turn on your computer. Then, File Restore loads a fictitious scanner and pretends to be looking for computer threats and Windows Registry problems. File Restore creates some imaginary hard drive errors and security issues to scare you that your computer is seriously infected. File Restore also displays numerous annoying security warning messages to inform you about hard disk drive errors. After that, File Restore will offer you to buy the imaginary registered license to repair PC problems. Never purchase and believe File Restore because it will destroy your machine and steal money. ESG’s malware researchers strongly recommend you to uninstall File Restore immediately upon detection with a recognized and trustworthy anti-malware program.

Type: Rogue Registry Cleaner

How Can You Detect File Restore?

File Restore Technical Report

As new File Restore details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for File Restore:

The following fake error message(s) appears for File Restore:

System message – Write Fault Error
A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address.

Critical error. Drive sector not found error

This device cannot find enough free resources that it can use

Critical Error. Hard drive conroller failure

Seek error. Sector not found

Device initialization failed

Critical error. Drive sector not found error

This device cannot find enough free resources that it can use

Critical Error. Hard drive conroller failure

Seek error. Sector not found

Device initialization failed

Hard drive boot sector reading error
System blocks were not found
Error while relocating TARE sectors
Error 0 – DATA_BUS_ERROR
Error 0×00000078 – INACCESSIBLE_BOOT_DEVICE
Error 0×00000050 – PAGE_FAULT_IN_NONPAGED_AREA
The storage device has failed a self-test
The self-test procedure of the storage device has detected an irreparable errors.
SMART state is “Out of order” before the disk scan

File Restore Removal Details

File Restore has typically the following processes in memory:

• %CommonAppData%\[RANDOM CHARACTERS_0].exe
• %CommonAppiData%\[RANDOM CHARACTERS_1].exe

File Restore creates the following files in the system:

• %Programs%\File Restore\File Restore.lnk
• %AppData%\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
• %CommonAppData%\[RANDOM CHARACTERS_1]
• %Desktopdir%\File_Restore.lnk
• %Programs%\File Restore\Uninstall File Restore.lnk

File Restore creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr 0
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM CHARACTERS_0].exe %CommonAppData%\[RANDOM CHARACTERS_0].exe

Important Article Disclaimer