 |
Home
Articles
Spyware Research
Support
Scan Now
Purchase
F.A.Q.
Top Infections: About SpywareGlossary Latest Detections Fake Scanner Sites Google Search Redirects Scour.com Shopcompareus.com savecompare.com Couponmountain.com  |
 |
HDD RescueAlias: HDD Rescue, HDD Rescue Virus, HDD Rescue Trojan
Description: Posted on: Dec 13, 2010 2:32pm HDD Rescue is another variant of the fake product called Win Defragmenter. HDD Rescue hijacks your computer and starts claiming that your computer is experiencing hard disk failure and that you are about to lose your data. They use this as a scare tactic to get you to purchase the full version. HDD Rescue is very good at eluding detection. In order for HDD Rescue to stop you from removing it, it disables your existing antivirus and antispyware programs and blocks access to help forums and to major name brand antispyware and antivirus vendor websites. It can also disable Task Manager so that you don't shut it down manually. If you try to run an application, HDD Rescue will give a warning message saying "A hard drive error occurred while starting the application" (a sample message is shown below). In most cases we have seen, HDD Rescue was installed by a trojan or mistakenly downloaded from one of many fraudulent Fake Scanner Sites. HDD Rescue displays exaggerated fake scan results similar to those shown below:   If you are unable to run programs, this is because HDD Rescue has disabled them. HDD Rescue Special Removal InstructionsPlease make sure to bookmark this page as you may need to refer back to it to complete the removal steps.Step 1: Download SpyNoMore onto the infected computer. If you are unable to download SpyNoMore directly onto the infected computer, you can download it to a clean computer and transfer it to the infected computer (by using a network or a flash drive). NOTE: This version of the installer will be named iexplore.exe. Step 2: Double-click the downloaded file to install SpyNoMore on the infected computer. When the installation is completed, SpyNoMore will check for and download available updates which may alert HDD Rescue to its presence at which point HDD Rescue may shut down SpyNoMore. If SpyNoMore is shut down by the infection, simply restart SpyNoMore from the desktop shortcut. Step 3: SNM will scan your computer and if HDD Rescue is present, SNM will detect it and you will be able to see either HDD Rescue or Win Defragmenter in the scan results. These two are the same product. Please note that the free version of SpyNoMore will only show you the detections but will not remove them. In order to remove the infection you need to purchase a 1-year license which costs $29 (or $39 for 3 computers). In all cases, you will be able to see HDD Rescue in the free version scan results. Step 4: After the scan is complete and you are able to see HDD Rescue in the scan results, you can purchase the activation key and proceed to remove the infection. If you are unable to purchase the activation key from the infected computer, you can do so from a clean computer by clicking on our Purchase link on spynomore.com. Simply write down the activation key and use it to activate SNM on the infected computer. This will remove HDD Rescue and restore your internet connection. You will again be able to run your programs and applications without trouble. Step 5 (optional): It would be a good idea to check your computer for rootkits (which are basically hidden trojans) which may have tagged along with HDD Rescue. To do so, download and run TDSSKiller by Kaspersky Labs. Step 6 (optional): If TDSSKiller does find a rootkit, it will ask you to restart your computer so that it can remove the rootkit(s). After your computer restart, scan your computer once more with SpyNoMore to make sure everthing is OK. Hint: If SpyNoMore is unable to download updates, click on SpyNoMore's 'Settings' button and uncheck the box that says 'Use Internet Explorer settings'. Threat type: Hijacker - A Hijacker is a software application that takes control of your browser's settings. Usually it changes your home page and redirects it to some unknown site or modifies your search settings. It prevents you from changing back your browser's settings. An infected browser usually operates much slower. Ransomware - Ransomware is a software application that infects a computer and asks for money to have the infection removed. Trojan - A Trojans or Trojan Horse is any programs that installs itself secretly normally via malware programs, quite often with sinister intent. Once installed, the trojan author (hacker) can gain complete control of the infected PC. Trojans are usually designed to steal sensitive information and/or destroy the system. Trojans can be distributed as unsolicited email attachments, or bundled with freeware and shareware programs. Advice: Remove This is a very high risk threat and should be removed immediately as to prevent harm to your computer and / or to protect your privacy. Detection: SpyNoMore removes HDD Rescue: Yes Threat risk: Very High Risk  Extremely dangerous malware. Uses stealth installation, randomly named entries and has the capability to self update or resurrect after incomplete removal. Almost impossible to remove manually. Category mostly consists of trojans and spyware. Symptoms: Inability to run programs.
Error messages such as:
Windows detected a hard drive problem. A hard drive error occurred while starting the application.
Critical Error! Damaged hard drive clusters detected. Private data is at risk.
System Restore - The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Running Process Signatures: N/A File Signatures: N/A Registered Dll (Dynamic Link Library) Signatures: N/A Folder Signatures: N/A Registry Signatures: N/A SpyNoMore Collected Residual File Signatures: N/A
| | ||||||||
| ||||
|
||||
 |
|
 | ||