Once installed, the rogue program will make you Desktop background black and hide Windows taskbar. When you try to run certain programs you will get an error message.
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
Be advised, that if you attempt to run a program enough times it will eventually work.
Then it will display another fake message:
Fix Disk
Windows Disk Diagnostics will scan the system to identify performance problems.
Start or Cancel
If you choose to run this Windows Disk Diagnostic utility which actually does next to nothing you will get another notification.
Windows Disk Diagnostics
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?
Furthermore, HDD Plus will pretend to scan your hard drive disk for errors. It will find 11 problems and will prompt you to run its defragmentation tool. It will supposedly fix 6 errors but if you want to fix the remains you need to buy this piece of malware. Don't do that. Some examples of the fake problems it detects on the computer are:
- Requested registry access is not allowed. Registry defragmentation required
- Read time of hard drive clusters less than 500 ms
- 32% of HDD space is unreadable
- Bad sectors on hard drive or damaged file allocation table
- GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
- Drive C initializing error
Most of the time HDD Plus comes bundled with TDSS rootkit and some other malicious software. You can remove rogue's files manually but you will have to use TDSSKiller or Hitman Pro to remove the rootkit and other malware from your computer. First of all, you need to end HDD Plus processes, e.g. 31547921.exe and tGlvsQfDnr.exe. Then you need to delete all files from %Temp% folder. And finally, scan your computer with at least two anti-malware programs given below to completely remove malicious code from your computer. If you have any questions or additional information about HDD Plus malware please leave a comment. Also, you can use this code to register the rogue program: 0973467457475070215340537432225. This may help you to stop HDD Plus pop-ups and other annoying behavior. You should still follow the removal instructions given below. Good luck and be safe online!
HDD Plus removal instructions:
1. Open Task Manager (Ctrl+Alt+Delete) or use Process Explorer.
2. Click on the Processes tab.
3. End HDD Plus processes, e.g. 31547921.exe and tGlvsQfDnr.exe.
4. Download TDSSKiller (free utility from Kaspersky Lab) and run it. Remove TDSS rootkit if exist.
5. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
6. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Plus removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Plus associated files and registry values:
Files:
- %Temp%\[SET OF RANDOM NUMBERS]
- %Temp%\[SET OF RANDOM NUMBERS].exe
- %Temp%\[SET OF RANDOM CHARACTERS].exe
- %Temp%\dfrg
- %Temp%\dfrgr
- %Temp%\[SET OF RANDOM CHARACTERS].dll
- %UserProfile%\[SET OF RANDOM CHARACTERS].DAT
- %UserProfile%\Desktop\HDD Plus.lnk
- %UserProfile%\Start Menu\Programs\HDD Plus\
- %UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk
- %UserProfile%\Start Menu\Programs\HDD Plus\Uninstall HDD Plus.lnk
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)
Registry values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM NUMBERS]"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM NUMBERS].exe"
No comments:
Post a Comment