Windows 7 Restore

By Domesticus in Rogue Anti-Spyware Program

Windows 7 Restore Image

Windows 7 Restore is a harmful rogue security application that can cause severe damage to a computer system. This program is a scam that is designed to rob inexperienced computer users of their money. Windows 7 Restore and similar rogue security programs are known as scareware. This is because they are a kind of malicious security program that poses as an authentic anti-virus or computer security application and tries to scare users into thinking their computer is infected or not working properly.

Windows 7 Restore Clones and Copies

The two main clones of Windows 7 Restore are Windows 7 Repair and Windows 7 Recovery. They are the same program, with the same design and layout. The only difference between the three clones is the name of the rogue security application. The main defining feature of Windows 7 Restore and Windows 7 Restore's clones is that they report system malfunctions and hard drive errors rather than restricting themselves into finding fake viruses and spyware like other rogue security applications.

The Windows 7 Restore Scam

The Windows 7 Restore scam has several steps:

  1. The user's system is attacked by a Trojan. A Trojan is a program that is used to deliver viruses, spyware, and other dangerous software. It exploits security vulnerabilities to get into a user's system and deliver its payload. The Trojan was probably acquired from an infected website or by downloading an infected file from an unreliable source.
  2. The Trojan installs Windows 7 Restore. The installation process can be done in several different ways and is usually done through an authentic-looking source such as a fake Windows Automatic Update or in the background. As part of the installation, Windows 7 Restore will alter the registry. This will cause the computer to start up Windows 7 Restore along with Windows, making Windows 7 Restore the first thing a user sees when he/her enters the system.
  3. Windows 7 Restore will greet the user with an authentic-looking fake system scan. This scan will show an exaggerated amount of hard drive errors. Typical supposed errors found by Windows 7 Restore are bad sectors, delayed read time, and a lack of response from the drive. If any drive containing the number of supposed errors Windows 7 Restore detects, then the machine would not be able to start up at all. These errors will be rated on the right-hand column either "critical" or "warning." The alarmist descriptions, red font, and techno-speak are enough to make most users panic about the state of their hard drive.
  4. Windows 7 Restore displays a "Fix errors" button. Since the hard drive errors are imaginary, this button does nothing but bring up the "Advanced Module" which, in order to activate, requires the user's credit card information. Needless to say, giving Windows 7 Restore your credit card information is not a good idea.

What to Do if You’ve Been Infected

If you find Windows 7 Restore on your system, use a legitimate anti-virus application to get rid of Windows 7 Restore. Windows 7 Restore can also be removed manually, but inexperienced users should not attempt this. Pay no attention to the hard drive warnings; your hard drive is most certainly fine. If you've already entered your credit card information, call your credit card company to block the charges. Once Windows 7 Restore is removed, run several scans on your system to catch any other spyware that may be lurking about.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

File System Details

Windows 7 Restore may create the following file(s):
# File Name Detections
1. %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].dll
2. %AllUsersProfile%\Application Data\[RANDOM CHARACTERS].exe
3. %UserProfile%\Start Menu\Programs\Windows 7 Restore\Uninstall Windows 7 Restore.lnk
4. %UserProfile%\Start Menu\Programs\Windows 7 Restore\Windows 7 Restore.lnk

Registry Details

Windows 7 Restore may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = 0'


The following messages associated with Windows 7 Restore were found:

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can't find hard disk space. Hard drive error.
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error!
Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.


Most Viewed