Data Repair

Data Repair Description

Type: Trojan

Data Repair is a fake defragmenter and system optimization tool. Data Repair is part of a large family of fake defragmenters, the FakeSysDef family, that have managed to build up a very real presence on the Web. Millions of dollars are stolen every year by fake security programs such as these. According to ESG security researchers, Data Repair has absolutely no system optimization or defragmenting capabilities. Underneath its showy exterior, Data Repair is little more than a handful of harmful scripts, Trojans and alarming error messages. This is why ESG malware analysts strongly recommend the removal of Data Repair with a reputable, effective anti-malware utility.

There are several clones of Data Repair, including fake defragmenters named System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low, Hdd Fix.

How Programs Like Data Repair Steal Your Money

Most rogue security programs use the same scam to steal a victim's money. Even though the rogue security software scam is fairly common, inexperienced computer users are still taken in by it every single day. This is why it is important to understand exactly how it goes; the best way to avoid falling for the Data Repair is to understand beforehand exactly how these scams work. The Data Repair scam follows the same basic steps as most rogue security software scams:

  1. Data Repair is installed onto the victim's computer with the aid of a Trojan or through deceptive marketing. Typically, a computer user will receive a fake error message – either as a pop-up window on their browser or as a fake security alert from a Trojan on the victim's computer system. This message will usually indicate that the PC is infected with a virus or Trojan and that the download of Data Repair is recommended in order to fix the problem.
  2. If the victim falls for this fake message and accepts it, Data Repair will be downloaded and installed. As part of its installation process, Data Repair makes harmful changes to the Windows Registry and installs a number of harmful components. Data Repair changes your system settings, so that Data Repair will run this fake optimization tool automatically upon start-up. It will also reboot your computer system at the end of installation, forcing you to start up with Data Repair already activated and running in the background.
  3. Upon start-up, Data Repair displays a fake scan of your computer system, indicating that there are a large number of impossibly-severe problems on your hard drives. However, whenever the victim tries to fix these problems (by clicking on the 'fix problems' button), Data Repair will redirect the victim to Data Repair's website where a purchase of a 'full version' will be requested. ESG security researchers strongly advise that you do not pay for Data Repair but, instead, remove Data Repair from your computer system.

Technical Information

File System Details

Data Repair creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS].exe N/A
2 %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\3 N/A
3 %Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\ N/A
4 %Documents and Settings%\[User Name]\Desktop\Data Repair.lnk N/A
5 %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\2 N/A
6 %Documents and Settings%\[User Name]\Local Settings\Application Data\~ N/A
7 %Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Uninstall Data Repair.lnk N/A
8 %Documents and Settings%\[User Name]\Local Settings\Application Data\[RANDOM CHARACTERS] N/A
9 %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\1 N/A
10 %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\4 N/A
11 %Documents and Settings%\[User Name]\Start Menu\\Programs\Data Repair\Data Repair.lnk N/A
12 %Documents and Settings%\[User Name]\Local Settings\Temp\smtmp\ N/A

Registry Details

Data Repair creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'

More Details on Data Repair

The following messages associated with Data Repair were found:
Activation Reminder
Data Repair Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.
Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can’t find hard disk space. Hard drive error.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Data Recovery Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?
Fix Disk
Data Recovery Diagnostics will scan the system to identify performance problems.
Start or Cancel
Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.