Saturday, 4 December 2010

How to remove HDD Scan (Removal Guide)

HDD Scan is a piece of malware that installs itself without user permission and pretends to be system defragmentation and optimization software. This rogue program is from the same family as Win Defragmenter, Win HDD, Check Disk and numerous other misleading applications. NOTE: there is a legitimate freeware utility for hard drive diagnostics called HDDScan (http://hddscan.com) from a Moscow-based company called R.LAB Data Recovery. It's not the same program, do not confuse it with the rogue program.
Once installed. HDD Scan will pretend to scan your computer for hard drive disk and registry errors. After the fake scan it will state "11 Errors detected! Defragmentation is reguired". Some examples of the fake errors and problems it detects:
  • Drive C initializing error
  • Bad sectors on hard drive or damaged file allocation table
  • Read time of hard drive clusters less than 500 ms
  • Hard drive doesn't respond to system commands
  • Registry Error - Critical Error


HDD Scan reports 11 problems on every infected computer either it's Windows XP or Windows Vista. This fake program was created to scare you into thinking that your computer has serious problems so that you will purchase the program. It's a typical rip-off rogue, do not purchase it! If your computer got infected with HDD Scan malware, please follow the removal instructions below to remove it either manually or with reputable and safe anti-malware applications.

While HDDScan is running, it will constantly display fake error messages and notifications from your Windows taskbar. Examples of some of the fake alerts you will encounter while the rogue program is running are:
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can't find hard disk space. Hard drive error
Just like the false scan results these fake alerts were made to scare you into thinking that there is something wrong with your computer. But don't worry, HDD Scan is just a very annoying piece of malware, it's not so dangerous and it won't delete your files or steal sensitive information. Last, but not least, HDD Scan will block task manager, certain programs and system utilities on your computer. If you attempt to run a program it will block it and state that the program or hard drive is corrupted. The fake error message reads:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
Windows cannot find [program name]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
However, if you attempt to run a program enough times it will eventually work. Probably the easiest way to remove this rogue program from your computer is to reboot the system in safe mode and do a system restore. Then download anti-malware software and remove the remains of this virus or related malware. Unfortunately, this method may not work in all cases, especially if the rogue program comes bundled with other malicious software. We had one computer with HDD Scan malware and a rootkit from TDSS family. For more information, please read TDSS, Alureon, Tidserv, TDL3 removal instructions using TDSSKiller utility. Step by step HDD Scan removal instructions are given below. Also, you should contact your credit card provider and dispute the charges if you have purchased this bogus and useless program. If you have any questions or additional information about HDD Scan malware, please leave a comment. Good luck and be safe online!


Quick removal:

1. Use debugged registration key and fake email to register HDD Scan malware. This will allow you to download and run any malware removal tool you like and restore hidden files and shortcuts. Choose to activate "HDD Scan" manually and enter the following email and activation code:

mail@mail.com
15801587234612645205224631045976 (new code!)

mail@mail.com
1203978628012489708290478989147 (old code, may not work anymore)



2. Download TDSSKiller and run a system scan. Remove found rootkits as shown in the image below. Reboot your computer if required.

3. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.


Alternate HDD Scan removal instructions:

1. Open Internet Explorer. If the shortcut is hidden, pelase Select Run... from the Start Menu or just hit the key combination CTRL+R on your keyboard. In the Open: field, enter iexplore.exe and hit Enter or click OK.



2. Download and run this utility to restore missing icons and shortcuts.

3. Now, please download TDSSKiller and run a system scan. Remove found rootkits as shown in the image below. Reboot your computer if required.



Please note that your computer might be rootkit free, not all version of HDD Scan comes bundled with rootkits. Don't worry if TDSSKiller didn't find a rootkit.

4. Finally, download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

5. HDD Scan virus should be gone. If certain icons and shortcuts are still missing, please use restoresm.zip.



HDD Scan associated files and registry values:

Files:
  • %Temp%\[SET OF RANDOM NUMBERS]
  • %Temp%\[SET OF RANDOM NUMBERS].exe
  • %Temp%\dfrg
  • %Temp%\dfrgr
  • %Temp%\[SET OF RANDOM CHARACTERS].dll
  • %UserProfile%\[SET OF RANDOM CHARACTERS].DAT
  • %UserProfile%\Desktop\HDD Scan.lnk
  • %UserProfile%\Start Menu\Programs\HDD Scan\
  • %UserProfile%\Start Menu\Programs\HDD Scan\HDD Scan.lnk
  • %UserProfile%\Start Menu\Programs\HDD Scan\Uninstall HDD Scan.lnk
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\USE FORMSUGGEST = Yes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\WARNONZONECROSSING = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\Zones\3\1601 = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[SET OF RANDOM NUMBERS] = %TEMP%\[SET OF RANDOM NUMBERS].exe
Share this information with other people:

No comments:

Post a Comment