Fake HDD

Posted: January 26, 2011
Threat Metric
Threat Level: 8/10
Infected PCs 94

Fake HDD Description

Fake HDD, also known as Rogue.FakeHDD, is a broad detection label for a group of scamware infections that pretend to be defragmentation and system optimization utilities. Unfortunately, none of the programs that SpywareRemove.com malware researchers have found to cause Fake HDD alerts possess any real defragging or error-checking abilities; the best that you can expect from a Fake HDD is to be swindled out of your money and personal information. Although Fake HDD programs will present themselves openly and try to convince you of their good intentions, you should pay attention to the side effects that they cause, such as browser hijacks, disabled programs and unusual system settings and be ready to remove Fake HDD at a moment's notice. Anti-malware software is always recommended when you try to delete Fake HDD infections, since many Fake HDD programs will infect normal system components and use other techniques to complicate uninstallation.

Protecting Your PC from Fake HDD with Real Hard Drive Defenses

Fake HDD infections are often distributed by Trojans that are installed through browser exploits and fake software updates. Since Fake HDD infections are updated on a regular basis, SpywareRemove.com malware researchers note the importance of keeping your anti-malware software just as up-to-date. Any significant lag in threat definitions updates may allow a newly-released variant of Fake HDD to infect your computer, even if you're protected against older versions of Fake HDD.

Computer users plagued with Fake HDD may receive an "Access Denied" notification when attempting to install other software. Furthermore, various files and folders under the C:/ drive become hidden in addition to desktop icons. Once Fake HDD makes itself at home on your PC, Fake HDD will create errors that may redirect you to hostile websites that can engage in additional attacks against your computer. Be particularly on guard against potential information phishing attempts and attempts to scam you of money through the purchase of fraudulent software. Any Fake HDD removal efforts must use a security program that can also remove any related Trojans, since failure to remove Trojans that have installed Fake HDD software will result in another Fake HDD infection, as soon as you reboot your computer.

Weathering Fake HDD's Storm of Rotten Security

The majority of recent Fake HDD programs are related to the HDD Plus family, a rogue defragmenter group that also includes HDD Repair, HDD Low, HDD Tools, HDD Doctor, WinScan, Win Scanner, Disk Repair, Disk Tool, DiskHelper and other scamware products. Fake HDD creates extremely hostile conditions on your PC that mimic security features without providing any genuine security, such as:

  • Creating fake warning messages, either to trick you into thinking that Windows is severely damaged or to trick you into thinking that programs are being blocked for your own good. Examples that SpywareRemove.com malware researchers have found to be especially common are listed here:

    Bad sectors on hard drive or damaged file allocation table – Critical Error

    28% of HDD space is unreadable – Critical Error

    Critical Error
    A critical error has occurred while indexing data stored on hard drive. System restart required.

    A problem detected while reading boot operation system files

    System Restore
    The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

    Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

    Windows – No Disk
    Exception Processing Message 0×0000013

    Read time of hard drive cluster less than 500 ms – Critical Error

    Serious system error
    The system will reboot in 30 seconds
    Windows can not continue operating due to fatal system error.
    Windows was forced to restart.
    All unsaved data will be lost.

    Confirmation
    [Rogue defragmenter] detected an error on your hard drive when trying to access a file
    C:\Program Files\Internet Explorer\iexplore.exe
    Perform data recovery now?

    Disk Error
    Can not find file: C:\Program Files\Messenger\msmsgs.exe
    File may be deleted or corrupt.
    It is strongly recommended to check the disk for errors.

    Confirmation
    Your hard drive contains a lot of critical errors!
    All your data including installed programs, documents, email, etc. are at risk of irreversible corrupt.
    The trial version does not have low-level access module needed to fix the errors found.
    It is strongly recommended to activate the full version software with necessary modules. Activate full version now?

  • File-viewing problems that make it look like folders are empty. These Fake HDD attacks are often confined to Windows Explorer, and using a different file-viewing program may circumvent the attack (which doesn't harm or delete your files).
  • Browser redirects that force your browser to change its destination, often towards a malicious website such as a Fake HDD homepage.
  • Difficulties accessing security features and programs, including your firewall, the Windows Task Manager and anti-virus scanners. However, it's suggested for you to try to use Safe Mode or another method of avoiding this attack, instead of removing Fake HDD without the help of an anti-malware program, if your anti-malware programs are being blocked.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Fake HDD may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random]"HKCU\Software\Microsoft\Windows\CurrentVersion\Run "[random].exe"

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.