The widely spread family of fake system optimizers, such as System Check as their latest representative, surely knows how to scare users. There are plenty of fake critical error messages that such fake HDDs present once the system is infected. Today we would like to describe one of such misleading and quite scary warnings that users could see just before the GUI of fake HDD first appears.
Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents stored on the hard disk. It’s highly recommended to scan and solve HDD problems before continue using this PC.
The popup then instructs users either to ‘Scan and fix’ or ‘Cancel and reboot’. When clicking ‘Cancel and reboot’ the same message appears upon system restart, actually prompting users to finally click ‘Scan and fix’. Upon choosing this option the main window or fake hard drive defragmenter appears.
The malware immediately makes the mess out of your file system because it hides all your data by setting the hidden attributes to your documents, including icons, shortcuts, programs, etc. In addition, the program relocates some items into specially designated folder that it creates. These items are backed up into such folder (titled as smtmp), whereas the files are removed from their initial location. This is all the job of fake HDD virus, for sure. In order to get rid of this scareware from your computer please refer to this removal guide and follow the video instructions submitted underneath of this article.
Fake error screenshot:
Video guide on anti-malware program installation for fake HDD infected PC:
Fake HDD system amendments:
Fake HDD files added:
- %CommonAppData%\[random].exe
- %AppData%\Microsoft\Internet Explorer\Quick Launch\[Fake HDD’s name].lnk
- %Desktop%\[Fake HDD’s name].lnk
- %StartMenu%\Programs\[Fake HDD’s name]\
- %StartMenu%\Programs\[Fake HDD’s name]\[Fake HDD’s name].lnk
- %StartMenu%\Programs\[Fake HDD’s name]\Uninstall [Fake HDD’s name].lnk
- %Temp%\smtmp\
- %Temp%\smtmp\1
- %Temp%\smtmp\1
- %Temp%\smtmp\2
- %Temp%\smtmp\3
- %Temp%\smtmp\4
Fake HDD registry entries added:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ‘0’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ‘0’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “
.exe” - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “
“ - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ‘1’
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ‘0’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ‘0’