Home Malware Programs Rogue Anti-Spyware Programs Smart Data Recovery

Smart Data Recovery

Posted: April 30, 2012

Threat Metric

Ranking: 78
Threat Level: 2/10
Infected PCs: 674,260
First Seen: April 30, 2012
Last Seen: October 17, 2023
OS(es) Affected: Windows

Smart Data Recovery Screenshot 1Smart Data Recovery is a rogue defragger that's cloned from Smart HDD, just one of many members of the FakeSysDef family. In keeping with the same tactics that its kin utilize, Smart Data Recovery displays inaccurate warning pop-ups about HD damage and other issues that actually aren't present on your PC. These errors are Smart Data Recovery's way of marketing itself and (in the hopes of its criminal partners) encouraging you to spend money on a purchasable version of its software. Naturally, since Smart Data Recovery doesn't have any real defragmentation or hard drive-fixing features, SpywareRemove.com malware experts suggest that you delete Smart Data Recovery quickly and with a trustworthy anti-malware program. Care should also be taken to avoid confusing Smart Data Recovery with a deleted file recovery product by the same name – the latter is completely unrelated to the rogue defragmenter that's known as Smart Data Recovery and doesn't exhibit traditional scamware characteristics (such as pop-ups or fake system scans).

What an Enlightening Inspection of Smart Data Recovery's Features Reveals

Smart Data Recovery, as a member of FakeSysDef, is incapable of defragging your hard drive or checking it for errors. However, these limitations don't stop Smart Data Recovery from displaying fake system information that implies that your hard drive is damaged in a colorful variety of ways. Common alerts from Smart Data Recovery and related PC threats can include warnings about missing RAM, missing hard drives, data indexation problems, damaged file allocation tables or even RAM temperatures. Although such warning messages are both unusual and highly alarming, SpywareRemove.com malware analysts suggest that you relax and ignore Smart Data Recovery's alerts, since all of these reported problems are fraudulent.

As a supplement to its fake disk-checking features, Smart Data Recovery may also use other attacks with potentially severe consequences for your computer's safety, including:

  • Changing your desktop wallpaper (typically to display another fake warning message).
  • Changing your browser settings (for example, by reducing encryption-related protection and protection against downloads with invalid signatures).
  • Disabling Windows Task Manager.

The Only Intelligent Thing to Do About Smart Data Recovery

SpywareRemove.com malware research team stimulates you to delete Smart Data Recovery ASAP, but also notes that doing so manually can be difficult. Because Smart Data Recovery and related scamware have been found to use .dll injection attacks, Registry alterations and other techniques that are difficult to detect or undo without assistance, anti-malware software should always be used to delete Smart Data Recovery whenever practical. The FakeSysdef family of rogue security programs has many members. Among them are System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low and Hdd Fix.

Smart Data Recovery may also block other programs on your PC that are required for this purpose, although SpywareRemove.com malware experts note that this can be averted by disabling Smart Data Recovery before you try to remove Smart Data Recovery. User-friendly ways of disabling Smart Data Recovery include booting your PC from a networked drive, booting it from a removable drive device or switching to Safe Mode.

Smart Data Recovery Screenshot 2Smart Data Recovery Screenshot 3Smart Data Recovery Screenshot 4Smart Data Recovery Screenshot 5Smart Data Recovery Screenshot 6Smart Data Recovery Screenshot 7Smart Data Recovery Screenshot 8Smart Data Recovery Screenshot 9

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Documents and Settings%\[User_Name]\Start Menu\Programs\Smart HDD\Uninstall Smart HDD.lnk File name: %Documents and Settings%\[User_Name]\Start Menu\Programs\Smart HDD\Uninstall Smart HDD.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Documents and Settings%\[User_Name]\Start Menu\Programs\Smart HDD File name: %Documents and Settings%\[User_Name]\Start Menu\Programs\Smart HDD
Group: Malware file
%Documents and Settings%\[User_Name]\Desktop\Smart HDD.lnk File name: %Documents and Settings%\[User_Name]\Desktop\Smart HDD.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\Smart Data Recovery\ File name: %StartMenu%\Programs\Smart Data Recovery\
Group: Malware file
%UserProfile%\Desktop\Smart Data Recovery.lnk File name: %UserProfile%\Desktop\Smart Data Recovery.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\\[RANDOM CHARACTERS].exe File name: %Temp%\\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\\[RANDOM CHARACTERS].dll File name: %Temp%\\[RANDOM CHARACTERS].dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"

Additional Information

The following URL's were detected:
zippyshare.com
The following messages's were detected:
# Message
1Critical Error RAM memory usage is critically high. RAM memory failure.
2Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
3Critical Error!
RAM memory usage is critically high. RAM memory failure.
4Critical Error! Damaged hard drive clusters detected. Private data is at risk.
5Hard Drive Boot Sector Reading Error
During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on boot device.
6Hard Drive Boot Sector Reading Error During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on boot device.
7Smart Data Recovery Smart Data Recovery Firewall Alert Smart Data Recovery has prevented a program from accessing the internet. "iexplore.exe" is infected "Trojan-Dropper.Win32.Agent". This worm has to tried to use "iexplore.exe" to connect to remove host and send your credit card information.
8Smart Data Recovery Warning Spyware.IEMonster activity detected. This form of spyware attempts to steal passwords from Internet Explorer, Mozilla Firefox, Outlook and other commonly used programs. Click here to immediately remove it with Smart Data Recovery.
9System blocks were not found
This is most likely occurred because of hard disk failure.
This may also lead to a potential loss of data.
10System blocks were not found This is most likely occurred because of hard disk failure. This may also lead to a potential loss of data.

One Comment

  • DJ says:

    I got this guy - not sure how. I downloaded a "task manager" free from CNet. That killed the process. Thank goodness for Windows 7 Restore points. I was able to restore my programs to the day before the crash. Later I found restore points for files (right click on your "my Documents" folder and click "restore"). I restored all my pictures, music and documents.

Loading...