Home Malware Programs Rogue Anti-Spyware Programs HDD Plus

HDD Plus

Posted: December 8, 2010

Threat Metric

Threat Level: 10/10
Infected PCs: 9
First Seen: December 8, 2010
Last Seen: August 17, 2022
OS(es) Affected: Windows

ScreenshotHDD Plus is a fake defragmenter that pretends to detect (and secretly creates) hard drive problems, before HDD Plus asks you for money to fix these issues. SpywareRemove.com malware research team hasn't found any real defragmentation or error-checking features in HDD Plus, which uses the same types of attacks that other rogue defraggers in the same family are known for utilizing, including blocking software and making unauthorized changes to your system settings. Because HDD Plus can present a substantial threat to your PC while HDD Plus is installed, both in terms of enabling fraud and in terms of disabling your computer's security, deleting HDD Plus with a good security program is the first step that you should take towards re-securing your computer.

HDD Plus: A New Name for a Slightly Less-Than-New Threat to Windows

HDD Plus is from the same subgroup as similarly-named rogue defragmenters like HDD Repair, HDD Doctor and HDD Doctor Recovery although equivalent fake defraggers with even more diverse names, such as Easy Scan, Windows XP Restore and Disk Helper have also been discovered. Names aside, each of these rogue defraggers have been analyzed by SpywareRemove.com malware experts and found to be simple clones of each other, with identically-fraudulent schemes and identical attacks against infected PCs.

An HDD Plus infection will open up HDD Plus' fraudulent plans in the same way as HDD Plus' kin - by creating fake error messages from simulated scans and as spontaneous pop-ups from the Windows taskbar. Although HDD Plus wants to make you believe that your PC is nearing total annihilation due to a variety of errors, the real aim behind these fake errors is to make you spend money on the full version of HDD Plus, which has no defragmenting or hard disk error-checking features. Warning messages like the ones noted below can safely be ignored:

Bad sectors on hard drive or damaged file allocation table – Critical Error

28% of HDD space is unreadable – Critical Error

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

A problem detected while reading boot operation system files

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition

Windows – No Disk
Exception Processing Message 0×0000013

Read time of hard drive cluster less than 500 ms – Critical Error

Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.

HDD Plus detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?

Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.

Your hard drive contains a lot of critical errors!
All your data including installed programs, documents, email, etc. are at risk of irreversible corrupt.
The trial version does not have low-level access module needed to fix the errors found.
It is strongly recommended to activate the full version software with necessary modules. Activate full version now?

What You Can Do When HDD Plus Shuts Down Everything That Your HD Can Do

Although SpywareRemove.com malware researchers would love it if the above problems were the only issues that HDD Plus caused, HDD Plus attacks aren't limited to easily-ignored pop-ups. HDD Plus-related attacks also can include serious disruptions of your operating system such as:

  • Problems using unrelated programs, with a special emphasis on programs that are related to security or programs that could help you detect and delete HDD Plus.
  • Browser hijacks. HDD Plus hijacks can take several forms and may be utilized to barricade you from visiting safe websites or to force you to visit hostile ones. You should be especially careful to avoid giving personal information away to the HDD Plus website, which will exploit your info to commit a variety of fraudulent crimes.
  • Harmful setting changes, which can result in changes to your wallpaper, a web browser with deactivated security features, seemingly vanishing files in Windows Explorer and general problems with being able to revert all of the above attacks by normal Windows methods.

However, SpywareRemove.com malware experts are confident in the ability of competent and up-to-date anti-malware software to remove HDD Plus, if the proper methodology (such as a system boot that disables the HDD Plus startup routine) is used.


Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%Temp%\98ee1b.exe File name: 98ee1b.exe
Size: 355.84 KB (355840 bytes)
MD5: 11a6aeb349da93adbf9779301ac3c4d1
Detection count: 67
File type: Executable File
Mime Type: unknown/exe
Path: %Temp%
Group: Malware file
Last Updated: August 17, 2022


  • christine says:

    HDD Plus is on my computer, and I've tried running RKIll (which removes a couple of files, but doesn't stop the program from running) and removing the files manually, but I think they are not appearing as random.exe on my computer. Is it possible there are other file names? When I go to the Registry Editor, I see:
    Google Update
    Could one of those be it?

    Thanks for the help!

  • zuri says:

    i purchased hdd plus.so what do i do now?

  • Jon says:

    I too have come across this nasty piece of malware, twice so far. The first time I was successful in cleaning it, the second time not so lucky. But it did change the name from random.exe to a number like 2148040 which I deleted.