Once installed. HDD Scan will pretend to scan your computer for hard drive disk and registry errors. After the fake scan it will state "11 Errors detected! Defragmentation is reguired". Some examples of the fake errors and problems it detects:
- Drive C initializing error
- Bad sectors on hard drive or damaged file allocation table
- Read time of hard drive clusters less than 500 ms
- Hard drive doesn't respond to system commands
- Registry Error - Critical Error
HDD Scan reports 11 problems on every infected computer either it's Windows XP or Windows Vista. This fake program was created to scare you into thinking that your computer has serious problems so that you will purchase the program. It's a typical rip-off rogue, do not purchase it! If your computer got infected with HDD Scan malware, please follow the removal instructions below to remove it either manually or with reputable and safe anti-malware applications.
While HDDScan is running, it will constantly display fake error messages and notifications from your Windows taskbar. Examples of some of the fake alerts you will encounter while the rogue program is running are:
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical ErrorJust like the false scan results these fake alerts were made to scare you into thinking that there is something wrong with your computer. But don't worry, HDD Scan is just a very annoying piece of malware, it's not so dangerous and it won't delete your files or steal sensitive information. Last, but not least, HDD Scan will block task manager, certain programs and system utilities on your computer. If you attempt to run a program it will block it and state that the program or hard drive is corrupted. The fake error message reads:
Windows can't find hard disk space. Hard drive error
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
Windows cannot find [program name]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.However, if you attempt to run a program enough times it will eventually work. Probably the easiest way to remove this rogue program from your computer is to reboot the system in safe mode and do a system restore. Then download anti-malware software and remove the remains of this virus or related malware. Unfortunately, this method may not work in all cases, especially if the rogue program comes bundled with other malicious software. We had one computer with HDD Scan malware and a rootkit from TDSS family. For more information, please read TDSS, Alureon, Tidserv, TDL3 removal instructions using TDSSKiller utility. Step by step HDD Scan removal instructions are given below. Also, you should contact your credit card provider and dispute the charges if you have purchased this bogus and useless program. If you have any questions or additional information about HDD Scan malware, please leave a comment. Good luck and be safe online!
HDD Scan removal instructions:
1. Open Task Manager (Ctrl+Alt+Delete).
2. Click on the Processes tab.
3. Click to highlight [SET OF RANDOM NUMBERS].exe, e.g. 1254875.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes. This will stop HDD Scan.
4. Click to highlight explorer.exe and end it too. Then click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK.
5. Open directory:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
Delete all files from this directory.
NOTE: Local Settings folder is hidden by default so you will have to change folder options to see hidden files.
6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Alternate HDD Scan removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Scan associated files and registry values:
Files:
- %Temp%\[SET OF RANDOM NUMBERS]
- %Temp%\[SET OF RANDOM NUMBERS].exe
- %Temp%\dfrg
- %Temp%\dfrgr
- %Temp%\[SET OF RANDOM CHARACTERS].dll
- %UserProfile%\[SET OF RANDOM CHARACTERS].DAT
- %UserProfile%\Desktop\HDD Scan.lnk
- %UserProfile%\Start Menu\Programs\HDD Scan\
- %UserProfile%\Start Menu\Programs\HDD Scan\HDD Scan.lnk
- %UserProfile%\Start Menu\Programs\HDD Scan\Uninstall HDD Scan.lnk
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)
Registry values:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\USE FORMSUGGEST = Yes
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\WARNONZONECROSSING = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\Zones\3\1601 = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[SET OF RANDOM NUMBERS] = %TEMP%\[SET OF RANDOM NUMBERS].exe
No comments:
Post a Comment