Windows XP Recovery monitors browsing habits and purchasing activities. The data collected is sent to the creator of the application or third-parties. It displays surveys in a pop-up window. Windows XP Recovery uses Internet connection in the background without a user’s knowledge and in some cases may even affect Internet connection speed because your Internet connections will go through its own proxy. Windows XP Recovery is bundled in many freeware and commercial applications and it is introduced to a user when those commercial or free products are installed. It could be Windows screensavers, themes, games, etc.

Manual Removal of Windows XP Recovery: First to avoid any further infections caused by internet browsing redirects users will need to go to their Internet Options; this can be done by going to the start menu followed by control panel. Once in Internet Options choose the “Connections” tab followed by “LAN Settings” uncheck the “Use a Proxy Server” Option. Once done click “Ok” to save these settings. Next users restart your computer in safe mode. To access safe mode, restart your computer and tap the F8 button. When correctly done a black screen will appear with options for starting up Windows. Choose Safe Mode and Windows will load safe mode, Next locate and delete the following files associated with Windows XP Recovery:
- %AllUsersProfile%\Application Data\~<random>
- %AllUsersProfile%\Application Data\~<random>r
- %AllUsersProfile%\Application Data\<random>.dll
- %AllUsersProfile%\Application Data\<random>.exe
- %AllUsersProfile%\Application Data\<random>
- %AllUsersProfile%\Application Data\<random>.exe
- %UserProfile%\Desktop\Windows XP Recovery.lnk
- %UserProfile%\Start Menu\Programs\Windows XP Recovery
- %UserProfile%\Start Menu\Programs\Windows XP Recovery\Uninstall Windows XP Recovery.lnk
- %UserProfile%\Start Menu\Programs\Windows XP Recovery\Windows XP Recovery.lnk
Windows XP Recovery Registry Entries that should be removed:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>.exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = 0′
Please Contact Us Here for more information on Windows XP Recovery Malware/ Virus
Need help removing Windows XP Recovery Malware/ Scareware or other PC problems? E-Mail Us Here
This worked perfectly. You should add that ‘Windows XP Recovery’ may turn the users desktop to black (fix with control panel display) and changes all of the programs on the hard drive to hidden (H attribute) I found a neat program called unhide.exe to fix this.