HDD Fix is a rebranded version of HDD Low and Quick Defrag scareware. This rogue is promoted via trojans and misleading or infected websites. When running, it will block nearly all programs on your computer. If you attempt to launch a program, e.g. malware removal tool, it will terminate it and state that the program or hard drive is corrupted.
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
NOTE: you can rename the executable of your program to iexplore.exe and the rogue program shouldn't block it. Let's say you have the setup file of MalwareBytes' Antimalware (mbam-setup.exe) and the rogue program blocks it. Just rename mbam-setup.exe to iexplore.exe. This should do the trick. This method works with other programs too.
It will display fake notifications and alerts from Windows task bar.
Critical Error
Windows can't find hard disk space. Hard drive error
Application Data directory in Windows XP containing HDD Fix files:
C:\Documents and Settings\All Users\Application Data, by default this directiry is hidden. Please read Show Hidden Files and Folders in Windows for more information.
As you can see, this rogue uses random file names. It loads two executable files and one dll file. If you rename these files, the rogue program won't show up after the next reboot. However, HDD Fix may come bundled with rootkits, e.g. from the TDSS family. That's why you need to use anti-malware software to completely remove HDD Fix and related malware from your computer. For more information, please follow the steps in the removal guide below. Last, but not least, if you have already purchased this bogus program then you should contact your credit card and dispute the charges. If you have any questions or additional information about HDD Fix, please leave a comment. Good luck and be safe online!
HDD Fix removal instructions:
1. Download Process Explorer. (click the link and wait for few seconds, download will begin automatically)
2. End HDD Fix processes, e.g. uleQbwvOIFTarei.exe or eyYndJAS.exe.
3. Download TDSSKiller (free utility from Kaspersky Lab) and run it. Remove TDSS rootkit if exist.
4. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Fix removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Fix associated files and registry values:
Files:
- %AppData%\[SET OF RANDOM CHARACTERS]
- %AppData%\[SET OF RANDOM CHARACTERS].exe
- %AppData%\dfrg
- %AppData%\dfrgr
- %AppData%\[SET OF RANDOM CHARACTERS].dll
- %UserProfile%\Desktop\HDD Fix.lnk.lnk
- %UserProfile%\Start Menu\Programs\HDD Fix.lnk\
- %UserProfile%\Start Menu\Programs\HDD Fix\HDD Fix.lnk
- %UserProfile%\Start Menu\Programs\HDD Fix\Uninstall HDD Fix.lnk
C:\Documents and Settings\All Users\Application Data (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Roaming (in Windows Vista & Windows 7)
%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)
Registry values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
0 comments:
Post a Comment