Windows XP Recovery
This is a common fake system utility that we have seen on many computers. It not only claims that your system is damaged in many different ways, but also hides your important files and breaks Windows Update functionality. A computer may be infected through fake advertisements or drive-by-downloads through Java or Flash exploits on infected web sites. TDSS or ZAccess rootkits have been observed on several systems, though it is unclear if the infections were related.
Windows XP Recovery sets itself to be part of the boot process, sometimes adding itself as a second shell.
It actively prevents security products and antivirus tools from running and claims disk damage or virus infection of most executables on the computer.
Claims of PC Problems
The most common fake problems in this tool are intended to scare the user, claiming that the hard disk is failing.
Windows XP Recovery claims that the ficticious disk errors cannot be repaired and that an 'Advanced Module' must be purchased.
Windows XP Recovery will periodically pop up error messages like the following, either while 'repairing' problems or during normal computer operation.