(Thanks to rogueamp)
HDD Defragmenter comes from fake online scanners, compromised web Ads and infected web pages. It is also promoted through the use of Trojans and other malicious software. Once installed, it will display a fake system error message claiming that a certain exe file is corrupted and cannot be run. Hard drive scan required.
System Error!
Exe file is corrupted and can't be run. Hard drive scan required.
Scan Hard Drive
When you click the Scan Hard Drive button, HDD Defragmenter will pop-up and pretend to scan your computer for hard drives and memory for problems. It displays the same problems for all victims so obviously it can't be legitimate and you can't trust it. Some examples of the fake problems it detects on your computer are:
Requested registry access is not allowed. Registry defragmentation requiredFurthermore, it will display fake warnings from your Windows taskbar. The fake warnings read:
Read time of hard drive clusters less than 500 ms
Bad sectors on hard drive or damaged file allocation table
Drive C initializing error
Hard drive does not respond to system commands
Registry Error - Critical Error
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Critical Error!Finally, it will prompt you to defragment your computer. It will even display a fake Safe Mode screen to trick you into thinking that you are actually in Safe Mode right now. However, it's only a black background with words "Safe Mode" in each corner of the screen. As you can see, HDD Defragmenter is a scam. This malicious program should be removed from the system as soon as possible. It will blocks task manager and other program but if you attempt to run a program enough times it will eventually work. HDD Defragmenter stores its files in the Windows Temp folder. The Temp folder refers to C:\Documents And Settings\[User Name]\Local Settings\Temp for Windows 2000/XP, and C:\Users\[User Name]\AppData\Local\Temp for Windows Vista and Windows 7. Go ahead and delete all files from the Temp folder. Then download anti-malware software and run a full system scan. Please see the removal instructions below.
Damaged hard drive clusters detected. Private data is at risk.
Last, but not least, if you have already purchased it then please contact your credit card company and dispute the charges. If you have any questions or additional information about HDD Defragmenter, please leave a comment. Good luck and be safe online!
HDD Defragmenter removal instructions using HijackThis or Process Explorer (in Normal mode):
1. Download Process Explorer and end HDD Defragmenter process(es):
- winsp1up.exe
- [SET OF RANDOM CHARACTERS].exe, e.g. 154874.exe
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Defragmenter removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Defragmenter associated files and registry values:
Files:
- %UserProfile%\Start Menu\Programs\HDD Defragmenter
- %UserProfile%\Desktop\HDD Defragmenter.lnk
- %Temp%\[SET OF RANDOM CHARACTERS]
- %Temp%\[SET OF RANDOM CHARACTERS].bmp
- %Temp%\[SET OF RANDOM CHARACTERS].exe
- %Temp%\winsp1up.exe
- %Temp%\winsp1upd.dll
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
Registry values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winsp1up.exe"
No comments:
Post a Comment