HDD Rescue won't steal your passwords or any other information. And it won't delete your files. So don't worry. It's a typical rogue that uses misleading methods to trick users into buying totally useless products. And it's annoying as hell. HDD Rescue displays fake error messages and notifications saying that your hard drive disk is missing and etc. Just ignore those fake alerts. The most annoying part comes when it actually blocks your programs and hides Desktop icons. The fake message that you will see when you attempt run a program is:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
If it comes bundled with TDSS rookit then the situation becomes even more complicated. However, if you attempt to run a program enough times it will eventually work. Thankfully, we've got the removal instructions to help you to remove this malware from your computer
Here are some of the fake problems it detects on the compromised computer:
- Requested registry access is not allowed. Registry defragmentation required
- Read time of hard drive clusters less than 500 ms
- 32% of HDD space is unreadable
- Bad sectors on hard drive or damaged file allocation table
- GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
- Drive C initializing error
RAM memory usage is critically high. RAM memory failure.
Windows can't find hard disk space. Hard drive error
You can try to register this fake program using this code: 0973467457475070215340537432225. I can't guarantee it will work but you can give it a try. If this code works then it will be a lot easier for you to remove HDD Rescue. System restore in safe mode may also solve this problem. If that won't help you, then please follow the steps in the removal instructions below. And by the way, if you have already purchased this rogue program, please contact your credit card provider and dispute the charges. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!
HDD Rescue removal instructions:
1. Open Task Manager (Ctrl+Alt+Delete) or use Process Explorer.
2. Click on the Processes tab.
3. End HDD Rescue processes, e.g. 31547921.exe and tGlvsQfDnr.exe.
4. Download TDSSKiller (free utility from Kaspersky Lab) and run it. Remove TDSS rootkit if exist.
5. Download free anti-malware software from the list below and run a full system scan.
6. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Rescue removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download free anti-malware software from the list below and run a full system scan.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
HDD Rescue associated files and registry values:
- %Temp%\[SET OF RANDOM NUMBERS]
- %Temp%\[SET OF RANDOM NUMBERS].exe
- %Temp%\[SET OF RANDOM CHARACTERS].exe
- %Temp%\[SET OF RANDOM CHARACTERS].dll
- %UserProfile%\[SET OF RANDOM CHARACTERS].DAT
- %UserProfile%\Desktop\HDD Rescue.lnk
- %UserProfile%\Start Menu\Programs\HDD Rescue\
- %UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
- %UserProfile%\Start Menu\Programs\HDD Rescue\Uninstall HDD Rescue.lnk
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM NUMBERS]"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM NUMBERS].exe"