Have Data Recovery Virus, Follow This Healing Guide

Data Recovery virus is rouge software to fool your computer and to easily hunt for the confidential information such as bank account details, email ID & passwords etc.

Whenever data recovery virus attacks to your system, you may found a bunch of pop hard drive error messages and asks you to fix them immediately by purchasing data recovery software keys.

Where they came from?

While surfing websites, these applications are downloaded automatically using drive by downloads scripts (Trojan Virus) placed on any particular malware sites and will installed on users system without notifying them.

Those malware sites are intentionally created to harm users PC or laptop by altering registry information and sending automated response to their command and control (C & C) Server.

Image courtesy of jscreationzs / FreeDigitalPhotos.net

How we can identify it?

10 Symptoms of a Computer Infected with Malware

As like other known viruses, this is also created for stealing confidential information and alter normal system performance.

Once you got stuck with these circumstances, you may suffer with several unknown problems like automatic browser redirect, automated scanning process to check hard drive for errors and force you to purchase the data recovery software so that they steal your bank account details, registry level corruption to get access to your private area in computer system etc.

Moreover, it will begin automatic scanning every time you start your PC and shows results with an option to fix it now.  Some common issues that data recovery virus will reports are:

Hard drive boot sector reading error
System blocks were not found
Error 0x00000024 – NTFS_FILE_SYSTEM
Error 0x0000002E – DATA_BUS_ERROR
The DRM attribute value is too small before disk scan

Below are some screen shots taken from data recovery virus infected PC. You can see and identify weather the same screen appears in your case too:


Once you click on repair option, it will take you to the product activation page:


Once you click on ‘Buy License Now‘, it will take to the hackers website and any mentioned bank details can be easily decipher by them.  For the time being, you are advised to enter the temporary activation code mentioned below so that you can stop the fake alerts and follow the virus removal procedure:


Remember, entering the activation code will not remove the data recovery virus, instead it just stops any more infection and prevents virus to create no more fake alerts.

How we can remove them?

You are requested to take a snap of this tutorial and print it out, as we need to restart PC several times during manual removal guide.

Manual Removal

1. Remove or unplug any attached storage media devices like CD Rom, USB, memory card, external hard drive etc. and restart your PC.

2. Press and hold F8 key just after starting the system to reach Advanced Boot Options screen.

3. Select option ‘Safe Mode with Networking’ from the advanced boot options screen

4. Once you reached at your desktop home screen, press ‘Window Key‘ + ‘R’ and type regedit in the open text box

5. You have to delete the below mentioned registry entries modified by the data recovery virus:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′

HKCU\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′

HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char).exe”

HKCU\Software\Microsoft\Windows\CurrentVersion\Run “(random char)”

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′

HKCU\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’


P.S.: To access & modify system registries, you need to be logged in as a System Administrator

  1. Remove the malicious files:%StartMenu%\Programs\Data Recovery\
    %StartMenu%\Programs\Data Recovery\Data Recovery.lnk
    %StartMenu%\Programs\Data Recovery\Uninstall Data Recovery.lnk
    %LocalAppData%\(random char)
    %LocalAppData%\(random char).exe
    %LocalAppData%\~(random char)
    %LocalAppData%\~(random char)
    %UserProfile%\Desktop\Data Recovery.lnk
  2. Scan your computer with installed AV program or download it from malwarebyte.com. Note: You can also use Microsoft security essentials to effectively scan your PC. Alternatively, you can download malwarebytes antimalware (MBAM) and scan your system for advanced scanning. Don’t forget to update MBAM after installation as it helps you to scan virus more effectively.
  3. You need to choose full scan options situated on MBAM scanner screen. After completing the scanning, MBAM will show you the message and an option to remove the scanned issues. Choose remove all and close MBAM.
  4. If you found that even after removing all the malware programs and infected files, some files were still missing or hidden then you can use Unhide.exe. This program will remove +H attribute on all of the hard drive files applied by the data recovery virus.


About the Author: Abhayjeet is a part time blogger and computer security expert who usually writes article on different type of virus attack cases and strategy to recover back your data which gets deleted or formatted from viruses.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. 16 Free Online Virus Scanner to Scan Your Computer or File
  2. Want to learn more about Data Recovery?
  3. Unearth Facts About Hard Drive Data Recovery Tool


  1. Bhushan

    After reading your complete post i think I need not to say anything.here is all related with post.I appreciate this post.i mean need not to go anywhere after reading this because a excellent solution are here.
    Bhushan recently posted..Home Inventory SoftwareMy Profile

  2. Aditya says:

    I guess threats to a system is going high tech with the increasing technology which prevents the system from these threats itself.One can easily get affected with this type of virus as most of the times one needs to recover the data and they use softwares for that.Thanks for explaining how one can delete them from the system.
    Aditya recently posted..ERP Software CompaniesMy Profile

  3. anshul says:

    it’s time of technology so security is major concern to these technology.various antivirous process in the system.and i think your tips is helpful to us .i like it.
    thanks for the joining this blog.
    anshul recently posted..Online Banking SoftwareMy Profile

  4. emilia says:

    This article provides great help for those who experience having data recovery virus in their computers! Definitely a must-read!

  5. George from Stay clear of says:

    With the increase in the type and number of attacks which face internet users with every passing day, the tips provided are extremely important in the identification, staying clear of threats and the removal of malicious programs and scripts.
    George recently posted..Coffee Break: What is Managed ServicesMy Profile

  6. Mazil Jones says:

    Data recovery virus is a very bad and clever software that can fool a computer and can also search various confidential documents very easily. Thanks for making us aware about how to identify the data recovery virus.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)