• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Your Go-To Destination for Scam Awareness, Malware Removal, Antispyware Downloads, and Expert Guidance

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Malware removal › Rogue Anti Spyware › How to remove Windows 7 Repair virus

How to remove Windows 7 Repair virus

Myantispyware team June 22, 2011     1 Comment    

Windows 7 Repair is a misleading computer optimization and hard disk drive defragmenter software from the same family of malware as Windows XP Repair. The program may look legitimate computer’s optimization tool, but remember, its only an imitation! In reality, the malicious software blocks legitimate Windows applications, detects fake hard drive problems and displays various fake error messages that the computer’s hard drive is corrupt in order to frighten you into purchasing this useless application. Do not pay for the bogus software! Simply ignore all that it will display you and remove Windows 7 Repair from your computer as quickly as possible!

Windows 7 Repair is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, the authors of of the fake program may also distribute this malware on social networks (Twitter, My Space, Facebook, etc) and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC.

Once installed, Windows 7 Repair will be configured to run automatically when Windows starts. Next, the rogue does a fake scan of your computer then tells you it has found numerous critical errors, e.g. “Drive C initialization error”, “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. It will require you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. So, you can safety ignore the false scan results.

While Windows 7 Repair is running, it will block legitimate Windows applications on your computer and won’t let you download anything from the Internet. Last, but not least, the rogue will display numerous fake warnings and nag screens. Some of the warnings are:

The system has detected a problem with one or more installed IDE / SATA hard disks.
It is recommended that you restart the system.

Critical error
Windows can`t find disk space. Hard drive error.

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Windows – No Disk
Exception Processing Message 0×0000013

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Of course, all of these warnings are a fake. This is an attempt to make you think your computer in danger. Like false scan results you can safely ignore them.

In addition to fake security warnings and computer scans, Windows 7 Repair hides files and folders on your system drive (disk C by default).

From the above, obviously, Windows 7 Repair is a scam, that created with one purpose to scare your into purchasing so-called “full” version of the program. Most importantly, do not purchase it! If you find that your computer is infected with this malware, then be quick and take effort to uninstall it immediately. Use the removal guide below to remove Windows 7 Repair from your computer for free.

Automated Removal Instructions for Windows 7 Repair

1. Click Start, Type in Search field %allusersprofile% and press Enter. It will open a contents of “ProgramData” folder.

2. Windows 7 Repair hides all files and folders, so you need to change some settings and thus be able to see your files and folders again. Click Organize, select ”Folder and search options”, open View tab. Select “Show hidden files and folders” option, uncheck “Hide extensions for known file types”, uncheck “Hide protected operating files” and click OK button.

3. Now you will see Windows 7 Repair associated files as shown below.

4. Basically, there will be files named with a series of numbers or letter (e.g. 2636237623.exe or JtwSgJHkjkj.exe), right click to it and select Rename (don`t rename any folders). Type any new name (123.exe) and press Enter.
You can to rename only files with .exe extension. Its enough to stop this malware from autorunning.

5. Reboot your computer.

6. Now you can unhide all files and folders that has been hidden by Windows 7 Repair. Click Start, type in Search field cmd and press Enter. Command console “black window” opens. Type cd \ and press Enter. Type attrib -h /s /d and press Enter. Close Command console.

7. If your Desktop is empty, then click Start, type in Search field %UserProfile%\desktop and press Enter. It will open a contents of your desktop.

8. Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

9. Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

10. If an update is found, it will download and install the latest version.

11. Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

12. Select Perform Quick Scan, then click Scan, it will start scanning your computer for Windows 7 Repair infection. This procedure can take some time, so please be patient.

13. When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Windows XP Repair remover
Malwarebytes Anti-malware, list of infected items

14. Make sure that everything is checked, and click Remove Selected for start Windows 7 Repair removal process. When disinfection is completed, a log will open in Notepad. Reboot your computer.

15. Windows 7 Repair may be bundled with TDSS trojan-rootkit, so you should run TDSSKiller to detect and remove this infection.

16. Download TDSSKiller from here and unzip to your desktop. Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon. You will see a screen similar to the one below.


TDSSKiller

17. Click Start Scan button to start scanning Windows registry for TDSS trojan. If it is found, then you will see window similar to the one below.


TDSSKiller – Scan results

18. Click Continue button to remove TDSS trojan.

If you can`t to download or run TDSSKiller, then you need to use Combofix. Download Combofix. Close any open browsers. Double click on combofix.exe and follow the prompts. If ComboFix will not run, please rename it to myapp.exe and try again!

19. Your system should now be free of the Windows 7 Repair virus.

Windows 7 Repair removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Windows 7 Repair creates the following files and folders

%UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
%CommonAppData%\[RANDOM]
%CommonAppData%\~[RANDOM]
%UserProfile%\Desktop\Windows 7 Repair.lnk
%CommonAppData%\[RANDOM].exe

Note: %CommonAppData% is C:\Documents and Settings\All Users\Application Data (for Windows XP/2000) or C:\ProgramData (for Windows 7/Vista)

Windows 7 Repair creates the following registry keys and values

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\USE FORMSUGGEST = Yes
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\CERTIFICATEREVOCATION = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONBADCERTRECVING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\WARNONZONECROSSING = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONES\3\1601 = 0
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINTRUST\TRUST PROVIDERS\SOFTWARE PUBLISHING\STATE = 146944
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\CONTROL\SESSION MANAGER\PENDINGFILERENAMEOPERATIONS = \??\%CommonAppData%\[RANDOM].exe

Windows 7 Repair removal – Video guide

Malware removal Rogue Anti Spyware

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

1 Comment

  1. Gee
    ― July 1, 2011 - 11:35 am  Reply

    thanks a lot…really appreciate this…

Leave a Reply Cancel reply




New Guides

UGGBootsOnline.top UGG Online Sale Scam
UGGBootsOnline.top Review: Revealing the Scam Behind the Fake UGG Website
Outdoorgeardeals.shop scam
Outdoorgeardeals.shop Review: The Scam Behind the ‘$29.99 DW Tools’ ads on Facebook
Mountainoverall.shop scam
Mountainoverall.shop Review: The Truth Behind the ‘$29 Transformer Folding Scooter’
Guesyoulike.online scam
Guesyoulike.online Review: The Scam Behind the ‘Guess You Like’ Online Store
Shoplefthanded.com
Shoplefthanded.com Review: Unveiling the Scam Behind the Fake Burton Website

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
How to reset Mozilla Firefox (Updated Apr. 2018)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
remove android virus
How to remove virus from Android phone

Recent Posts

How to remove Vista Antivirus 2012 virus
How to remove Windows XP Repair virus
How to remove XP Security 2012 and XP Home Security 2012 virus
How to remove Windows Steady Work (Uninstall instructions)
How to remove Windows Stability Alarm virus

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.