System Restore (fake) - How to remove

System Restore (fake)

The fake System Restore is a fake PC optimization tool that must be eliminated before it starts messing your PC up. It hails from the same group of scams just like Data Restore or Data Repair that all start misleading their victims about hard drive problems detected once they manage to get inside. If you thought that System Restore can help you to optimize the work of your hard drive, you are wrong. The fake System Restore is named after legitimate MS Windows program that is responsible for rolling back to stable system state. Legitimate System Restore is free program and not related to hard disk problems. If you see window that is asking you to pay, or scans for various problems and is named “System Restore”, then it is likely to be fake one. No matter what it states, you must remove System Restore malware because soon it will ask you to pay for fixing various hardware problems that are not real. Keep in mind that it’s just another fake defragmenter that enters the system with a help of Trojans.

As soon as it manages to get inside the system, System Restore starts announcing about its existence by ‘running’ continuous scanners and alerting about numerous hard drive issues detected. These ‘errors’ that are found on your machine are displayed for the only reason – to trick users and scare some of them as well. After some time, System Restore will ask to pay for its licensed version which will be told to be the only version which is capable to help you in your situation. To trick you into believing that machine is affected System Restore reports:

Critical Error
RAM memory usage is critically high. RAM memory failure.

Activation Reminder
System Restore Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features.

System Error
An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.

Hard Drive Failure
The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.

    Requested registry access is not allowed. Registry defragmentation required
Hard Drive rotational speed decreased by 20%
Disk drive C:\ is unreadable.
System files are damaged. System is unstable.
The problem may cause errors while loading operating system.
Ram memory speed decreased significantly and may cause system failure.
Read time of hard drive clusters less than 500 ms
32% of HDD space is unreadable
Bad sectors on hard drive or damaged file allocation table
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Drive C initializing error
Ram Temperature is 83 C. Optimization is required for normal operation.
Hard drive doesn’t respond to system commands
Data Safety Problem. System integrity is at risk.
Registry Error – Critical Error

The fake System Restore will stop legitimate programs from launching by claiming that these programs are not accessible on hard disk. This is done for 2 reasons: to make its removal harder and to force users to think that your PC needs magic software to fix hardware errors. This software has no such capabilities, it tries to scam you into paying for it.

During System Restore removal, user may also notice that his Internet connection is prevented disabled – that’s the way how this scamware protects itself from being removed from the system. To fix that, you could try fake-registering System Restore using this key : 1203978628012489708290478989147

This should disable this rogue so that you could launch IE and download reputable anti-spyware to remove System Restore. We highly recommend you scanning with spyhunter, Malwarebytes Anti-Malware, Hitman Pro and fix your machine. Note that System Restore may hide some of your files, so if you have such problem read ‘How to view hidden files‘.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

Removal guides in other languages

20 responses to “System Restore (fake)

  1. When the guys responsible for this virus are caught, they deserve to be castrated. I’d like to be the one holding the dull and rusty knife.

  2. how do I get my money back if I was dooped into this scam…not a very smart move on my part

  3. Seriously man, just got this thing off my girl friends computer 5 min ago. You hold the knife, I’ll hold them.

  4. I think I have that same virus, but it’s now gone from bad to worst: My computer won’t even boot in safe mode. I guess I’ll have to clean up this mess with my HDD as a slave on someone else’s computer. Will it be the same way to proceed?

  5. Thank you to the person who posted instructions on how to remove the system restore (fake) rogue — you are a life saver.
    A big “F-U” to anyone who has the time to mess with peoples lives. They are so miserable about their lives they have to f with others computers.

    Thank you again for helping me get around these losers.

  6. This is the one that I got. I removed it with AntiMalewarebyte. However alot of my file are still hidden in different folders. The biggest problem though is that my system restore dates have disappeared. Can anyone suggest how to resurrect them

  7. Bob : There are 2 ways System Restore (fake one) hides files. First one, make sure you see hidden files and folders in each folder you visit. Also make sure you see system folders and files (later you might be able to change that to unhiden files and folders).
    Second one: open explorer and enter %TEMP% in address bar. Check each of the subfolders for missing files.

  8. I got this virus, and am running scans on it as we speak, but I cannot access any of my scans in safe mode. I have ESET Security suite and SUPERAntiSpyware, which are running in normal mode, and I had malwarebytes downloaded but cannot find it now. When I manage to access the Internet and download it, it says “access denied”, and does not download the malware. Any help?

  9. Sarah:
    Fake-register that parasite first, it will be less aggressive and is likely not to stop you anymore. Make sure to scan with both TDSS Killer, MBAM and Stopzilla.

  10. It is now letting me get the removal tools, thanks! Also, if the computer must restart, and the registration was done in normal mode, will it still be activated in fake mode?

  11. Also, I got spyware doctor, but it is only letting me see the infections and not fix them without registering and purchasing it. Is there a way to not register and remove the listed infection manually?

  12. Sarah: You can delete the files SD detects manually. System Restore might use random file names, thus it is hard to list all.

  13. Looks like I managed to get rid of it…sorry for so many posts. One last question, how can I ensure that it is truly gone from my computer?

  14. I have ESET Security Suite but I had to uninstall it for STOPzilla. I will reinstall it once everything is done scanning, though! Thank you for all of the help! 🙂

  15. Just some feedback, my computer was infected with this fake system restore virus. This article was very informative and helped me to get rid of the infection. I was able to download Spyware Doctor on a different computer as the virus disabled internet explorer. I installed SD and ran a scan and remove the virus. The McAfee security software i had existing on my computer was useless in protecting my computer. Highly recommend Spyware Doctor. I simply had to unhide all my files and rearrange my desktop and start menu and I am back online. Thanks for the all of the advice published on this website.

  16. These assholes give a phone number of 866-206-5623. They blocked me after trying but I encourage you to call and bother the shit out of them!

Leave a Reply

Your email address will not be published. Required fields are marked *