Data Restore
Posted: September 28, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 974 |
| First Seen: | September 28, 2011 |
|---|---|
| Last Seen: | August 17, 2022 |
| OS(es) Affected: | Windows |
Data Restore is a rogue defragmenter, system diagnostics and information recovery tool. Our malware researchers have traced Data Restore's lineage back to the FakeScanti family wich comprises other types of fake defragmenters that share its appearance, error messages and attack methods . You should do your best to ignore the many types of fake errors that Data Restore creates on your PC; these errors aren't real system problems and have no point to their existence besides trying to make a grab at your wallet's contents. However, ignoring Data Restore isn't enough to solve a Data Restore problem, since browser hijacks, file-viewing problems and blocked applications are also common signs of a Data Restore attack. Anti-malware software is the preferred tool for deleting Data Restore, although updates and usage of Safe Mode where applicable are also important to insure that Data Restore is completely removed.
The Deadliest Examples of Data Restore's Arsenal - Wielded Against Your PC
Unlike a real defragmenter or data recovery program, Data Restore doesn't offer real system-analysis features or any abilities that would help you maintain or preserve information on your PC. Despite this, Data Restore does look identical to a real defragger or other type of legitimate PC maintenance product, and even creates fake error messages to try to fool you about its capabilities. However, our malware analysts have found that Data Restore's fake errors are substantially less dangerous than its other functions, which are involved in attacking your PC in several different ways:
- Data Restore will attempt to block you from using anti-malware and security programs that could assist you with detecting or removing Data Restore itself. These blockades may also be supplemented by fake error messages that Data Restore uses to trick you into thinking that your programs are damaged.
- Data Restore may attack your browser with hijacks that redirect you to unusual websites. This can include the display of fake errors that block websites as well as general browser setting changes.
- Data Restore may also use several methods to conceal files, folders and shortcuts. Two popular methods that our malware experts have recorded include Data Restore using the Windows Registry to cripple Windows Explorer's ability to display files, and moving shortcuts to obscure locations (such as the Temp folder).
Escaping Data Restore's Unpleasant Idea of System 'Maintenance'
Although there's no reason to keep Data Restore on your PC and quite a few reasons to delete Data Restore, the deletion process can be obfuscated by Data Restore's usage of fake errors, alerts and warnings. The following list is a series of examples of Data Restore's fake errors that our malware experts have noted, and you should disregard any error that resembles the ones noted below:
Bad sectors on hard drive or damaged file allocation table – Critical Error
28% of HDD space is unreadable – Critical Error
A problem detected while reading boot operation system files
Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition
Windows – No Disk
Exception Processing Message 0×0000013
Read time of hard drive cluster less than 500 ms – Critical Error
Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.
Confirmation
Data Restore detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?
Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.
If you're ready to restore your PC back to actual health by getting rid of Data Restore, switch to Safe Mode and use a good anti-malware program to scan your computer. Removing Data Restore by manual methods isn't recommended, since improper Data Restore removal can harm Windows and may even require that you reinstall the OS. Among the countless members of Data Restore family are Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Antivirus, OpenCloud Security, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013.
Aliases
More aliases (50)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%USERPROFILE%\My Documents\Downloads\VideoConverterSetup.exe
File name: VideoConverterSetup.exeSize: 546.3 KB (546304 bytes)
MD5: 9b0269781c9d357c00e3c668173a3fab
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\My Documents\Downloads
Group: Malware file
Last Updated: December 5, 2011
%ALLUSERSPROFILE%\Application Data\6DSS92c31Apgjk.exe
File name: 6DSS92c31Apgjk.exeSize: 350.72 KB (350720 bytes)
MD5: b083cf5dd168f87af9e19f5bf13e20ab
Detection count: 59
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: September 30, 2011
K:\Server Documenten\ConvertXToDVD\video_converter_setup.exe
File name: video_converter_setup.exeSize: 404.99 KB (404992 bytes)
MD5: f8c14ab127e63b475aa6a7d9d4200e1f
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Path: K:\Server Documenten\ConvertXToDVD
Group: Malware file
Last Updated: November 21, 2011
J:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP163\A0060305.exe
File name: A0060305.exeSize: 4.24 MB (4240182 bytes)
MD5: cc53e636516250d1de09f2d79d371170
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: J:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP163\A0060305.exe
Group: Malware file
Last Updated: February 1, 2022
%ALLUSERSPROFILE%\Application Data\ENtNsKwGvJhK.exe
File name: ENtNsKwGvJhK.exeSize: 468.99 KB (468992 bytes)
MD5: 308771f50c0ad12aee141ad369244b8d
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: August 17, 2022
%Temp%\smtmp\3
File name: %Temp%\smtmp\3Group: Malware file
%Temp%\smtmp\1
File name: %Temp%\smtmp\1Group: Malware file
%Temp%\smtmp\2
File name: %Temp%\smtmp\2Group: Malware file
%Temp%\smtmp\
File name: %Temp%\smtmp\Group: Malware file
%Temp%\smtmp\4
File name: %Temp%\smtmp\4Group: Malware file
%LocalAppData%\
File name: %LocalAppData%\Group: Malware file
%LocalAppData%\.exe
File name: %LocalAppData%\.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\Programs\Data Restore\
File name: %StartMenu%\Programs\Data Restore\Group: Malware file
%StartMenu%\Programs\Data Restore\Data Restore.lnk
File name: %StartMenu%\Programs\Data Restore\Data Restore.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\Data Restore\Uninstall Data Restore.lnk
File name: %StartMenu%\Programs\Data Restore\Uninstall Data Restore.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\Data Restore.lnk
File name: %UserProfile%\Desktop\Data Restore.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
Registry Modifications
File name without pathUninstall Data Restore.lnkHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" =HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'
Additional Information
| # | Message |
|---|---|
| 1 | Activation Reminder Data Restore Activation Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features. |
| 2 | Critical Error! A critical error has occurred while indexing data stored on hard drive. System restart required. |
| 3 | Critical Error! Damaged hard drive clusters detected. Private data is at risk. |
| 4 | Critical Error! Hard Drive not found. Missing hard drive. |
| 5 | Critical Error! Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware. |
| 6 | Critical Error Hard drive clusters are partly damaged. Segment load failure. |
| 7 | Critical Error Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error. |
| 8 | Critical Error RAM memory usage is critically high. RAM memory failure. |
| 9 | Critical Error Windows can't find hard disk space. Hard drive error |
| 10 | Critical Hard Disk Drive Error Data Restore detected a bad sector on your hard disk drive. This error may cause the following problems: - Data corruption and loss - Hard drive inaccessibility - System errors and failures |
| 11 | Data Restore Diagnostics Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified <sic> software to fix the detected hard drive problems. Do you want to download recommended software? |
| 12 | Fix Disk Data Restore Diagnostics will scan the system to identify performance problems. Start or Cancel |
| 13 | Hard Drive Failure The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system. |
| 14 | Low Disk Space You are running very low disk space on Local Disk (C:). |
| 15 | System Error An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors. |
| 16 | System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required. |
| 17 | Windows - Delayed Write Failed Failed to save all the components for the file \System32\00004823. The file is corrupted or unreadable. This error may be caused by a PC hardware problem. |
| 18 | Windows detected a hard disk problem A potential disk failure may cause loss of files, applications and documents store on the hard disk. It's highly recommended to scan and solve HDD problems before continue using this PC. |
| 19 | Windows detected a hard disk problem A potential disk failure may cause loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced. |
Data Restore... what a freaking joke. I thought the Data Restore program would restore my Windows but boy was I wrong. Data Restore somehow installed on its own and before I knew it i get pop-up after pop-up. Thanks you guys for helping me detect and remove this fake Data Restore program! You are the best SpywareRemove and SpyHunter guys!
I'd be extremely suspicious of any program that asked me to download 'sertified software'.