Fake HDD

Posted: January 26, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	126

First Seen:	September 2, 2011
Last Seen:	January 28, 2023
OS(es) Affected:	Windows

Fake HDD, also known as Rogue.FakeHDD, is a broad detection label for a group of scamware infections that pretend to be defragmentation and system optimization utilities. Unfortunately, none of the programs that SpywareRemove.com malware researchers have found to cause Fake HDD alerts possess any real defragging or error-checking abilities; the best that you can expect from a Fake HDD is to be swindled out of your money and personal information. Although Fake HDD programs will present themselves openly and try to convince you of their good intentions, you should pay attention to the side effects that they cause, such as browser hijacks, disabled programs and unusual system settings and be ready to remove Fake HDD at a moment's notice. Anti-malware software is always recommended when you try to delete Fake HDD infections, since many Fake HDD programs will infect normal system components and use other techniques to complicate uninstallation.

Protecting Your PC from Fake HDD with Real Hard Drive Defenses

Fake HDD infections are often distributed by Trojans that are installed through browser exploits and fake software updates. Since Fake HDD infections are updated on a regular basis, SpywareRemove.com malware researchers note the importance of keeping your anti-malware software just as up-to-date. Any significant lag in threat definitions updates may allow a newly-released variant of Fake HDD to infect your computer, even if you're protected against older versions of Fake HDD.

Computer users plagued with Fake HDD may receive an "Access Denied" notification when attempting to install other software. Furthermore, various files and folders under the C:/ drive become hidden in addition to desktop icons. Once Fake HDD makes itself at home on your PC, Fake HDD will create errors that may redirect you to hostile websites that can engage in additional attacks against your computer. Be particularly on guard against potential information phishing attempts and attempts to scam you of money through the purchase of fraudulent software. Any Fake HDD removal efforts must use a security program that can also remove any related Trojans, since failure to remove Trojans that have installed Fake HDD software will result in another Fake HDD infection, as soon as you reboot your computer.

Weathering Fake HDD's Storm of Rotten Security

The majority of recent Fake HDD programs are related to the HDD Plus family, a rogue defragmenter group that also includes HDD Repair, HDD Low, HDD Tools, HDD Doctor, WinScan, Win Scanner, Disk Repair, Disk Tool, DiskHelper and other scamware products. Fake HDD creates extremely hostile conditions on your PC that mimic security features without providing any genuine security, such as:

Creating fake warning messages, either to trick you into thinking that Windows is severely damaged or to trick you into thinking that programs are being blocked for your own good. Examples that SpywareRemove.com malware researchers have found to be especially common are listed here:
Bad sectors on hard drive or damaged file allocation table – Critical Error

28% of HDD space is unreadable – Critical Error

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

A problem detected while reading boot operation system files

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

Windows – No Disk
Exception Processing Message 0×0000013

Read time of hard drive cluster less than 500 ms – Critical Error

Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.

Confirmation
[Rogue defragmenter] detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?

Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.

Confirmation
Your hard drive contains a lot of critical errors!
All your data including installed programs, documents, email, etc. are at risk of irreversible corrupt.
The trial version does not have low-level access module needed to fix the errors found.
It is strongly recommended to activate the full version software with necessary modules. Activate full version now?
File-viewing problems that make it look like folders are empty. These Fake HDD attacks are often confined to Windows Explorer, and using a different file-viewing program may circumvent the attack (which doesn't harm or delete your files).
Browser redirects that force your browser to change its destination, often towards a malicious website such as a Fake HDD homepage.
Difficulties accessing security features and programs, including your firewall, the Windows Task Manager and anti-virus scanners. However, it's suggested for you to try to use Safe Mode or another method of avoiding this attack, instead of removing Fake HDD without the help of an anti-malware program, if your anti-malware programs are being blocked.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%TempDir%\[random]

File name: %TempDir%\[random]
Group: Malware file

%TempDir%\[random].exe

File name: %TempDir%\[random].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

%TempDir%\[random].dll

File name: %TempDir%\[random].dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

%TempDir%\dfrg

File name: %TempDir%\dfrg
Group: Malware file

%TempDir%\dfrgr

File name: %TempDir%\dfrgr
Group: Malware file

%TempDir%\Windows Update.exe

File name: %TempDir%\Windows Update.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random]"HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"