Saturday 11 December 2010

How to Remove HDD Rescue (Removal Guide)

HDD Rescue is a fake hard drive disk defragmenter that reports false threats and errors to make you think that your computer is infected or has many serious hard drive, Windows registry and system memory problems. This rip-off rogue program is from the same family as HDD Plus malware. Such misleading programs usually come from fake online scanners, infected websites and malicious Ads. The scammers who created HDD Rescue may also "push" it on various social networks or even send spam. One way or another, HDDRescue is a scam. It pretends to scan your computer for errors and malcode and then reports non-existent problems. If you want to fix the problems you need to purchase HDD Rescue. Don't do that! If you have this virus on your computer, please follow the removal instructions below to remove HDD Rescue and related malware for free using legitimate anti-malware applications.



HDD Rescue won't steal your passwords or any other information. And it won't delete your files. So don't worry. It's a typical rogue that uses misleading methods to trick users into buying totally useless products. And it's annoying as hell. HDD Rescue displays fake error messages and notifications saying that your hard drive disk is missing and etc. Just ignore those fake alerts. The most annoying part comes when it actually blocks your programs and hides Desktop icons. The fake message that you will see when you attempt run a program is:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.


If it comes bundled with TDSS rookit then the situation becomes even more complicated. However, if you attempt to run a program enough times it will eventually work. Thankfully, we've got the removal instructions to help you to remove this malware from your computer

Here are some of the fake problems it detects on the compromised computer:
  • Requested registry access is not allowed. Registry defragmentation required
  • Read time of hard drive clusters less than 500 ms
  • 32% of HDD space is unreadable
  • Bad sectors on hard drive or damaged file allocation table
  • GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
  • Drive C initializing error
Other fake HDD Rescue alerts:
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can't find hard disk space. Hard drive error


You can try to register this fake program using this code: 0973467457475070215340537432225. I can't guarantee it will work but you can give it a try. If this code works then it will be a lot easier for you to remove HDD Rescue. System restore in safe mode may also solve this problem. If that won't help you, then please follow the steps in the removal instructions below. And by the way, if you have already purchased this rogue program, please contact your credit card provider and dispute the charges. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!


HDD Rescue removal instructions:

1. Open Task Manager (Ctrl+Alt+Delete) or use Process Explorer.
2. Click on the Processes tab.
3. End HDD Rescue processes, e.g. 31547921.exe and tGlvsQfDnr.exe.



4. Download TDSSKiller (free utility from Kaspersky Lab) and run it. Remove TDSS rootkit if exist.



5. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

6. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


HDD Rescue removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


HDD Rescue associated files and registry values:



Files:
  • %Temp%\[SET OF RANDOM NUMBERS]
  • %Temp%\[SET OF RANDOM NUMBERS].exe
  • %Temp%\[SET OF RANDOM CHARACTERS].exe
  • %Temp%\dfrg
  • %Temp%\dfrgr
  • %Temp%\[SET OF RANDOM CHARACTERS].dll
  • %UserProfile%\[SET OF RANDOM CHARACTERS].DAT
  • %UserProfile%\Desktop\HDD Rescue.lnk
  • %UserProfile%\Start Menu\Programs\HDD Rescue\
  • %UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
  • %UserProfile%\Start Menu\Programs\HDD Rescue\Uninstall HDD Rescue.lnk
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM NUMBERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM NUMBERS].exe"
Share this information with other people:

No comments:

Post a Comment