How to Remove the rstrui.exe virus from PC

rstrui.exe is a legitimate executable file developed by Microsoft. This process is known as System Restore Application and it belongs to the software Microsoft Windows Operating System. It is commonly stored in C:\Windows\System32. Cyber criminals find a way out to mimic malicious programs in the name of rstrui.exe to spread virus infection.

Affected Platform: Windows OS

How to detect whether your system is affected by rstrui.exe ?

Viruses can easily affect and corrupt “.exe” files causing several system malfunctions. Below are the symptoms to check if your system is infected with the malware:

Problem during computer startup.
Problem during program startup.
Errors while running specific functions.
Damage and missing link files.
Confliction in the process.
Missing or corruption of driver files.
Invalid Windows registry
Malfunction of hardware.

If you identify the following changes in the system it means that the system is affected by rstrui.exe. To confirm on the same go to task manager by pressing the combination of keys ctrl+alt+del and go to the process tab and right click on the rstrui.exe and open the location, if the location is subfolder c:\matlab701\bin\win32\ folder then the system is not affected by rstrui.exe, if the location is somewhere else then the system is affected by rstrui-exe.malware.

How does Comodo Antivirus helps you to protect your system from rstrui.exe malware?

Getting infected with a virus or any other malware has become a huge concern in the digital world. Comodo Antivirus takes the hold in protecting the system from malware infections and also remove any virus infections from the infected PCs. Following are the steps to effectively purge out the rstrui-exe virus file from any infected system using Comodo Antivirus.

Step 1: In the first place download and install Comodo Antivirus on your machine

Step 2: Check the option “Do not detect new networks again”, when the firewall of Comodo Internet Security activates the process of network detection.

Step 3: After the process of network detection is finished, click “Close” button.

Step 4: Restart your PC.

Step 5: Wait until the Comodo Internet Security updates the antivirus.

Step 6: Initiate a quick scan that instantly begins after the update.

Step 7: If the system is infected with rstrui.exe malware or any other threats, you will be prompted with an alert screen, upon scanning.

Step 8: Comodo Antivirus will remove rstrui.exe malware from your computer including all other malwares!

Malware Entries

Safe Entries

First Seen: 12 October 2011 at 2:44 am

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	Microsoft Corporation	Executable	adc9674ae3e807c5 1d579968958fabe9 13a686bd	91dfafba4c6ce8fc e95a589a67eddd54	Virus.Win32. Expiro.jet	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Brazil	N/A
2	Microsoft Corporation	Executable	31d48c93a86cee23 42baa42aea75e59f a4dec55f	8ae7bc7aebce3fbe 7b8abe74ac3e3c95	Virus.Win32. Parite.gen	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Turkey	N/A
3	Microsoft Corporation	Executable	1daae88ff0c96eca e8319f3c3716d669 d00b8ec5	0239bea6ecddc645 6009a50a4a5a79f2	Unclassified Malware	No	6.1.7601.1 7514 (win7sp1_r tm.101119- 1850)	6.1.7601.1 7514	197.39.113.130/32	N/A
4	Microsoft Corporation	Executable	79c420a53d8a660b 6d17b49141a60c8b ae8b5be9	ddf44eb7554c0e69 b4b70b62b19c0dc9	Virus.Win32. Virut.Ce	No	6.1.7601.1 7514 (win7sp1_r tm.101119- 1850)	6.1.7601.1 7514	Pakistan	N/A
5	Microsoft Corporation	Executable	b83dfd389499ad60 8d9f44da7abf1eda a95bca1d	2f7158aa763f2233 efd1f5f25aa1b962	Virus.Win32. Sality.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Philippines	N/A
6	N/A	Executable	31fc07ada7c0b319 89a391996c9d6c68 0bb64733	db67651fb95715e9 3748dc000f0102b1	Virus.Win32. Virut.CE	No	N/A	N/A	Nigeria	N/A
7	Microsoft Corporation	Executable	3ba97a0627893eb0 0ca52aa6709636af 16911dff	43642717bb04fd09 31cf55e67be329b0	Virus.Win32. Virut.Ce	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Bulgaria	N/A
8	Microsoft Corporation	Executable	0b46df04da89654e 390c82d43974afa4 d8d1344f	67eec6a6a2880574 9fb11f64cdd07afb	Virus.Win32. Parite.gen	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Spain	N/A
9	Microsoft Corporation	Executable	8c452956a5423c53 b99522af4253ea83 50c30d4b	b77ac77e66feb7a2 126a22aef18881f1	Virus.Win32. Expiro.ns	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Italy	N/A
10	Microsoft Corporation	Executable	0c079e9e2cec9e5b 90ed571306659dc8 5c0d29f3	cdca92a494621ecd 67701bc0d7e6308e	Virus.Win32. Virut.CE	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	India	N/A
11	Microsoft Corporation	Executable	5d0d665fb471f301 7c7e6e588d4a342d c4b57df3	ea91931e8749d25d 71839e1f93c493ad	Virus.Win32. Virut.CE	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	India	N/A
12	N/A	Executable	4156c8cdec7f9d7e ce30a10d5403af77 7090f4e6	f20933e5f16e3df9 bfa18bbd6b409359	Virus.Win32. Virut.CE	No	N/A	N/A	197.156.80.220/32	N/A
13	Microsoft Corporation	Executable	92bb5803faa2ef61 2387f4e7a297dbfb ea825792	dd6dd168ccb3ad28 b7ef2cfbb027714e	Virus.Win32. Virut.CE	No	6.1.7601.1 7514 (win7sp1_r tm.101119- 1850)	6.1.7601.1 7514	Vietnam	N/A
14	Microsoft Corporation	Executable	37842e66058b2b49 b497e76141023aab c66d2bab	2b6777f17705b469 b71c47c427b8a463	Virus.Win32. Virut.CE	No	6.1.7601.1 7514 (win7sp1_r tm.101119- 1850)	6.1.7601.1 7514	Ukraine	N/A
15	Microsoft Corporation	Executable	0f564d22cb15e2f7 ec29e6cb338c3bad a564c27d	7bdb58e441424b11 5618fc49698bf761	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	United States	N/A
16	Microsoft Corporation	Executable	a2c9e401791b8361 cf0970b57ebab305 b31a34cc	84fd3efae34481bf 59fefd23745d04ff	Virus.Win32. Virut.Ce	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	United States	N/A
17	N/A	Executable	f594eafe87a8b780 12f4fef0c6e95562 565772d8	e29047241fede325 7a5e5d1ac377134f	Win32.Neshta .A	No	N/A	N/A	181.66.169.99/32	N/A
18	Microsoft Corporation	Executable	b6592673127385ed 6c6bc70c95fe4163 fb1d5e86	b3942af6d234abe7 0ffcf109b309a7af	Virus.Win32. Parite.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	United Arab Emirates	N/A
19	Microsoft Corporation	Executable	342a3772290bf69a b22c1a3eb53e0b19 6657f27b	1f64df83067ceaf0 16fd579bcca6a1db	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Mexico	N/A
20	Корпорация Майкрософт	Executable	a9b60c383215157c a904e092995fae3b 3ba43315	86a051668b2815b0 06c36fe555c9a256	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Ukraine	N/A
21	Корпорация Майкрософт	Executable	24e353cd3af3debc a889344fa89a4bc2 8161db5c	9f13c74d40f79156 ff03979dff3c6661	Virus.Win32. Expiro.U0	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Russian Federation	N/A
22	Microsoft Corporation	Executable	23432ccab4d042ed 8ff100eced2a8e22 9c1884ec	2e48e3903665fff1 2d819043ab182023	Virus.Win32. Parite.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	United Arab Emirates	N/A
23	Microsoft Corporation	Executable	6fd620ee5338ba4f eb021beab1e0b671 89336984	dfd3e67663497cf2 d917c3f428c2ba40	P2PWorm.Win3 2.Polip.A	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Hungary	N/A
24	Корпорация Майкрософт	Executable	e3200a8c53f3f334 32936d0cd6321c7c 30b01385	cb45dd4ba6800c63 aa90d471288f640d	MalCrypt.Ind us!	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Russian Federation	N/A
25	Microsoft Corporation	Executable	09895e9eacb8c144 51b7d9df2a85e59f e1cf6954	fb1123e21fb8e00d d5f376425942be93	Virus.Win32. Sality.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Poland	N/A
26	N/A	Executable	bbc4e52a4967034b 16c9c4b51310e8c2 f9986142	3d414965d62d43a0 62f065f49904241b	Virus.Win32. Virut.CE	No	N/A	N/A	Indonesia	N/A
27	Microsoft Corporation	Executable	982fe3f7c43824bc 98d6323e1b607c4c cafcbb5f	b47de7dc50bfc1b0 2a8e568e536e092b	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Italy	N/A
28	Microsoft Corporation	Executable	689cc80fcc3e6cc4 8c4dc7ff07aa4ed2 1e284c02	657edcc6cf36b85d 14a49f4de31ce0f2	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Indonesia	N/A
29	Microsoft Corporation	Executable	cecda1e817d30279 05224e59e1b6c843 71776f66	83532fa6e311b4cf 1677e5db93f591eb	Virus.Win32. Virut.Ce	No	5.1.2600.3 264 (xpsp.0711 30-1425)	5.1.2600.3 264	Pakistan	N/A
30	N/A	Executable	9777ec789f368f69 aa3b986d62d45ded a56a8967	c01632aa3682b2bc 875ac48f1effedb6	Backdoor.Win 32.Poison.as	No	N/A	N/A	Russian Federation	N/A
31	Microsoft Corporation	Executable	498f75caae89b9b9 c51f1011ae548f56 bb0f7288	77cbae714d7390a5 e2b80a9fc7f82fd4	Worm.Win32.M abezat.b2	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	197.251.180.204/32	N/A
32	Microsoft Corporation	Executable	fad85d6f01c16260 9339744082cb2433 d46eaa5e	80cdc1c9f6e5c4a7 82ef7652028b55dd	Virus.Win32. Virut.CE	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	156.220.116.63/32	N/A
33	Microsoft Corporation	Executable	381c3cde64936c3c 4c44ac10e11b05f5 bf7b8583	af524f4f5116a412 9bcaab7a09d95a94	Unclassified Malware	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Iran, Islamic Republic of	N/A
34	Microsoft Corporation	Executable	d62471479c11bfa4 b141220f6b06d289 17d48ef2	973473710eb10e10 9d3cfa4cd611a4da	Virus.Win32. Sality.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Poland	N/A
35	Microsoft Corporation	Executable	648fc97bc86a2117 cdf21bb96fb63add 3565572e	efbc97863393621b 3e66ab62bb4caceb	Virus.Win32. Virut.CE	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Indonesia	N/A
36	Microsoft Corporation	Executable	ae9df85e9f6ba56d a81013ba293d6a37 6c6dbb5a	2e4f6242bff512f0 5b22cb394a8f47d5	Virus.Win32. Virut.CE	No	6.1.7601.2 4094 (win7sp1_l dr_escrow. 180330-160 0)	6.1.7601.2 4094	Morocco	N/A
37	N/A	Executable	ff924af2d7e43f85 7f7ce6629e2316fa 7a5256e7	aeeda005fdb1dbc1 642d70349916d1ad	Backdoor.Win 32.Poison.as	No	N/A	N/A	Russian Federation	N/A
38	Microsoft Corporation	Executable	1915036dfa410116 8f49cfcd07b706e5 02dbd02f	6c8f421e1aecc8c0 646c53a599bb0e6f	Virus.Win32. Sality.gen	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	United States	N/A
39	Корпорация Майкрософт	Executable	4c6fb435ffa75c15 21d36bbd9f825caa 2323f99c	6e72b066be6021cb f9903fae300cbdaa	Virus.Win32. Expiro.nw	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Ukraine	N/A
40	Microsoft Corporation	Executable	08c77b5788b02121 4aef8a4cecb74c27 d253cfb5	d0408b69894dcbd4 92934480d6512b08	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Indonesia	N/A
41	Microsoft Corporation	Executable	1e4a6e2b6f296e33 fa0cbb20fe792018 46aeaa17	29c6fb0f031fee93 c0b865de426f3c23	Virus.Win32. Virut.Ce	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Italy	N/A
42	Microsoft Corporation	Executable	f1aa8e7d69d268dc 18644ac5d542e088 e55ae8b3	eb8fd49045bf60c2 5102f3aaa9abe728	Virus.Win32. Expiro.ew	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	United States	N/A
43	Корпорация Майкрософт	Executable	3b452805b503a1dd 517737f31e930bf6 a9ecade7	8a713da0879b355d 54c18b764cc5e59c	Virus.Win32. Virut.Ce	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Kazakhstan	N/A
44	Microsoft Corporation	Executable	6eed975daf8c4e92 9bbb0c167e8c7e3f 62dc38fc	5ab7b508adfa2724 6749d9dbba8a61b8	Virus.Win32. Virut.CE	No	6.0.6001.1 8000 (longhorn_ rtm.080118 -1840)	6.0.6001.1 8000	United States	N/A
45	Microsoft Corporation	Executable	18f3af67f1eca4b7 f44298db21e423e2 1db4d725	7e2469af5e4974f4 26396b12a907bbcc	Virus.Win32. Virut.CE	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Iran, Islamic Republic of	N/A
46	Корпорация Майкрософт	Executable	d9dc8c32469f2460 a19c85b0db4f1765 a546dd54	66826f355746a4df 786ce0cfab45a85f	Virus.Win32. Expiro.R0	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Ukraine	N/A
47	Microsoft Corporation	Executable	6abece2f951b8209 62a25a28c6e5e67d 67a55179	9d7f01b3ce7e8618 5a72c271692cd40d	Virus.Win32. Virut.CE	No	6.1.7601.1 7514 (win7sp1_r tm.101119- 1850)	6.1.7601.1 7514	Algeria	N/A
48	Microsoft Corporation	Executable	9f38777ef9e2cc96 2befc709dfa4353b 37cde092	fe5fe69acdba04a7 f328252c36d07d21	Virus.Win32. Parite.gen	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Turkey	N/A
49	N/A	Executable	96b95f4d58214e52 ad75273c35501abc 630cd11b	7aee17c0d046d748 2ce710dbdfac09de	TrojWare.Win 32.Spy.E	No	N/A	N/A	185.178.50.108/32	N/A
50	Microsoft Corporation	Executable	4d120fb5e80fe12e dbb9aab3a9c655cf 2660dd26	75d6632cf9192305 65f81a7b9822fa23	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Nigeria	N/A
51	Microsoft Corporation	Executable	ef2549cda50ca4b2 0ecc2804af1ad510 1e7757b6	1810de6616fb5466 595630d4741b5f24	Virus.Win32. Virut.Ce	No	5.1.2600.2 180 (xpsp_sp2_ rtm.040803 -2158)	5.1.2600.2 180	Thailand	N/A
52	Microsoft Corporation	Executable	db84a32708389e8b 3f16e4e434298271 a4ff124c	60469567b6bc8554 0ee269e43cef791e	Virus.Win32. Sality.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Philippines	N/A
53	Microsoft Corporation	Executable	9c84549e45428ce6 4db9d7c36b015ddb bc1203f4	7f59442c3d72bbe8 ac4f14d1d7788d5f	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Qatar	N/A
54	Корпорация Майкрософт	Executable	f1887841f6ddbd2e 82b6897356e0ab66 bf9b8b54	bd9d8aa508b0dfc1 fbc5f7b7a2e6f82f	Virus.Win32. Sality.gen	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Russian Federation	N/A

Prev 1 2 3...14 Next

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 27 December 2011 at 7:38 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	N/A	Non-executable	418b7fb809f0d4e0 e52e4aca3e9678c6 e2b2b626	8f23cb352150ad44 16b3bc3cc9897e41	No	N/A	N/A	United States
2	N/A	Non-executable	3fc03a6136432556 f1e6f101149bc056 39207b0e	79d35662b48f03ab e0cbc5623498d43b	No	N/A	N/A	United States
3	N/A	Executable	e1817ca2ca053839 bd9c4df665437c06 ae123b64	7fc26eaf63be1b1d 0bff442c90cae566	No	N/A	N/A	Poland
4	N/A	Executable	1387f3617348da8e e6288a3c43e1a49d 4f6c3d2b	87586ecda013c090 5ec6d19c53dd5f6d	No	N/A	N/A	Poland
5	N/A	Executable	706031707cf2fbf4 9a6f2936b53e8da6 9acbae7b	a902b9119833f9b0 843e7e0584610466	No	N/A	N/A	Poland
6	Microsoft Corporation	Executable	d49ac1caa4da52c3 7ab25036366c302e f984076e	d102de7e61e8187f 81d2f688beb843a8	No	10.0.19041 .1 (WinBuild. 160101.080 0)	10.0.19041 .1	United States
7	N/A	Non-executable	a2e1f38cdf0a13b4 a88705bb856bbc23 6777877d	2107c15e09c3a1cf 3b710ae9c18d1906	No	N/A	N/A	United States
8	N/A	Executable	a6a4acd1865b99d9 f9cff596f1763dfb 041ab39f	2e395fa91209a912 671c6d99b88f4180	No	N/A	N/A	198.20.167.83/32
9	Microsoft Corporation	Executable	972ffc1c8e337a5f b4ae47bc7b3e760c e8af8bab	4552d12a40dc2102 a2b8d96be8f4d396	No	6.1.7601.2 4059 (win7sp1_l dr_escrow. 180308-163 7)	6.1.7601.2 4059	168.227.60.225/32
10	N/A	Executable	468a083f0afd9216 aa7ae37b90be80f4 e962acc1	5abed26253083adc 2eed0e4bd1056cf7	No	N/A	N/A	198.20.167.83/32
11	Microsoft Corporation	Executable	b881d85d7f85eca6 8fa17b4893df39ff f3a49f6d	c4a2ee7bb90a31a2 b9c133c29502bb2d	No	10.0.17134 .285 (WinBuild. 160101.080 0)	10.0.17134 .285	United States
12	Корпорация Майкрософт	Executable	383bfe382eeddc38 84c96054bddb2992 58804677	da78c594a2f57f2e 39dfa6b35fa36eb7	No	5.1.2600.5 512 (xpsp.0804 13-2108)	5.1.2600.5 512	Ukraine
13	Microsoft Corporation	Executable	3cbd9fba158a5e0e 47e0e1f83dc73d14 88ec03bf	3fb03a175bac5300 0a8a127909b24cb5	No	10.0.17713 .1000 (WinBuild. 160101.080 0)	10.0.17713 .1000	United Kingdom

Prev 1 2 3 4 Next

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Malware Search Engine

How to Remove “rstrui.exe”