System Recovery

System Recovery Description

Screenshot System Recovery is a fake defragmenter that belongs to a large family of rogue system optimization tools named FakeSysDef. Like most rogue defragmenters, System Recovery pretends to be a legitimate system optimization tool while really being a harmful malware invader. The presence of System Recovery on your computer system is a sign of a severe security breach, with a high chance of other malware infections being present as well. If you find that System Recovery is installed on your computer system, ESG PC security researchers advise running a full, in-depth scan of your computer with an up-to-date anti-malware tool.

A few of the System Recovery clones include System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low, Hdd Fix.

Rather Than Recovering Your System, System Recovery Severely Damages It

System Recovery is marketed as a system optimization tool. Everything in its interface, website, and fake security alerts is designed to mimic real computer optimization programs. However, System Recovery is made up entirely of malicious scripts and Trojans, hidden behind its genuine-looking interface. This malicious program is not designed to help you recover your system. Rather, it is designed to damage your computer system intentionally in an attempt to convince you to buy a useless "full version" of System Recovery. Below, our team of malware analysts has listed a few of the problems associated with System Recovery and its clones:

  • System Recovery is designed to spam you with numerous fake security alerts and error messages. These will typically claim to have found virus infections or severe hard drive problems. For anyone experienced with computers, the “errors” found by System Recovery are laughably improbable, or even impossible.
  • System Recovery runs in the background without the computer user's authorization. It can start and stop file processes by itself, severely affecting your computer's performance. A computer system infected with System Recovery will become slower and less stable. Frequent crashes and the “Windows Blue Screen of Death” are common in computers infected with System Recovery and its clones.
  • System Recovery attempts to block your access to your own files and to the Internet, specifically those websites associated with computer security. It does this to increase the difficulty of its removal. You can bypass this “feature” of System Recovery by starting up your computer in Safe Mode. Remember, starting up in Safe Mode does not remove System Recovery, it simply prevents it from launching automatically at start-up.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how System Recovery infects a computer.

System Recovery Video

System Recovery Image 1 System Recovery Image 2 System Recovery Image 3 System Recovery Image 4 System Recovery Image 5 System Recovery Image 6 System Recovery Image 7 System Recovery Image 8

File System Details

System Recovery creates the following file(s):
# File Name Size MD5 Detection Count
1 %ALLUSERSPROFILE%\Application Data\iMXxHFmRWxGIKn.exe 464,384 af4c4d542ce33cf71cf2e1fca7953fb5 1
2 %LocalAppData%\[RANDOM CHARACTERS].exe N/A
3 %LocalAppData%\~[RANDOM CHARACTERS] N/A
4 %Temp%\smtmp\1 N/A
5 %Temp%\smtmp\4 N/A
6 %StartMenu%\Programs\System Recovery\Uninstall System Recovery.lnk N/A
7 %Temp%\smtmp\3 N/A
8 %StartMenu%\Programs\System Recovery\System Recovery.lnk N/A
9 %LocalAppData%\[RANDOM CHARACTERS] N/A
10 %Temp%\smtmp\ N/A
11 %Temp%\smtmp\2 N/A
12 %StartMenu%\Programs\System Recovery\ N/A
13 %UserProfile%\Desktop\System Recovery.lnk N/A
14 %ALLUSERSPROFILE%\Application Data\GyxHFmRWxGIKn.exe 453,632 a8e9d0c3e94425633d2a063074170145 0
15 %ALLUSERSPROFILE%\Application Data\BvhFlJwnduMa.exe 433,664 16077679cd29b633b380389d192aef56 0
16 %ALLUSERSPROFILE%\Application Data\BvhFlJjjduMa.exe 453,120 85e8b994c934b8a948e39fec39a0851a 0
17 %ALLUSERSPROFILE%\Application Data\YvhFlJjjduMa.exe 454,144 cb4a95d5b7068d1f5a189be43469c77c 0

Registry Details

System Recovery creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"

More Details on System Recovery

The following messages associated with System Recovery were found:
Activation Reminder
System Recovery Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical Error
Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error!
Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
Critical Hard Disk Drive Error
System Recovery detected a bad sector on your hard disk drive.
This error may cause the following problems:

- Data corruption and loss
- Hard drive inaccessibility
- System errors and failures
Fix Disk
System Recovery Diagnostics will scan the system to identify performance problems.
Start or Cancel
Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.
Low Disk Space
You are running very low disk space on Local Disk (C:).
System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
System Recovery Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows - No Disk
Exception Processing Message 0x0000013

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.