HDD Plus
Posted: December 8, 2010
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | December 8, 2010 |
|---|---|
| Last Seen: | August 17, 2022 |
| OS(es) Affected: | Windows |
HDD Plus is a fake defragmenter that pretends to detect (and secretly creates) hard drive problems, before HDD Plus asks you for money to fix these issues. SpywareRemove.com malware research team hasn't found any real defragmentation or error-checking features in HDD Plus, which uses the same types of attacks that other rogue defraggers in the same family are known for utilizing, including blocking software and making unauthorized changes to your system settings. Because HDD Plus can present a substantial threat to your PC while HDD Plus is installed, both in terms of enabling fraud and in terms of disabling your computer's security, deleting HDD Plus with a good security program is the first step that you should take towards re-securing your computer.
HDD Plus: A New Name for a Slightly Less-Than-New Threat to Windows
HDD Plus is from the same subgroup as similarly-named rogue defragmenters like HDD Repair, HDD Doctor and HDD Doctor Recovery although equivalent fake defraggers with even more diverse names, such as Easy Scan, Windows XP Restore and Disk Helper have also been discovered. Names aside, each of these rogue defraggers have been analyzed by SpywareRemove.com malware experts and found to be simple clones of each other, with identically-fraudulent schemes and identical attacks against infected PCs.
An HDD Plus infection will open up HDD Plus' fraudulent plans in the same way as HDD Plus' kin - by creating fake error messages from simulated scans and as spontaneous pop-ups from the Windows taskbar. Although HDD Plus wants to make you believe that your PC is nearing total annihilation due to a variety of errors, the real aim behind these fake errors is to make you spend money on the full version of HDD Plus, which has no defragmenting or hard disk error-checking features. Warning messages like the ones noted below can safely be ignored:
Bad sectors on hard drive or damaged file allocation table – Critical Error
28% of HDD space is unreadable – Critical Error
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
A problem detected while reading boot operation system files
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Boot sector of the hard drive disk is damaged – Critical Error – Limited Edition
Windows – No Disk
Exception Processing Message 0×0000013
Read time of hard drive cluster less than 500 ms – Critical Error
Serious system error
The system will reboot in 30 seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.
Confirmation
HDD Plus detected an error on your hard drive when trying to access a file
C:\Program Files\Internet Explorer\iexplore.exe
Perform data recovery now?
Disk Error
Can not find file: C:\Program Files\Messenger\msmsgs.exe
File may be deleted or corrupt.
It is strongly recommended to check the disk for errors.
Confirmation
Your hard drive contains a lot of critical errors!
All your data including installed programs, documents, email, etc. are at risk of irreversible corrupt.
The trial version does not have low-level access module needed to fix the errors found.
It is strongly recommended to activate the full version software with necessary modules. Activate full version now?
What You Can Do When HDD Plus Shuts Down Everything That Your HD Can Do
Although SpywareRemove.com malware researchers would love it if the above problems were the only issues that HDD Plus caused, HDD Plus attacks aren't limited to easily-ignored pop-ups. HDD Plus-related attacks also can include serious disruptions of your operating system such as:
- Problems using unrelated programs, with a special emphasis on programs that are related to security or programs that could help you detect and delete HDD Plus.
- Browser hijacks. HDD Plus hijacks can take several forms and may be utilized to barricade you from visiting safe websites or to force you to visit hostile ones. You should be especially careful to avoid giving personal information away to the HDD Plus website, which will exploit your info to commit a variety of fraudulent crimes.
- Harmful setting changes, which can result in changes to your wallpaper, a web browser with deactivated security features, seemingly vanishing files in Windows Explorer and general problems with being able to revert all of the above attacks by normal Windows methods.
However, SpywareRemove.com malware experts are confident in the ability of competent and up-to-date anti-malware software to remove HDD Plus, if the proper methodology (such as a system boot that disables the HDD Plus startup routine) is used.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Temp%\98ee1b.exe
File name: 98ee1b.exeSize: 355.84 KB (355840 bytes)
MD5: 11a6aeb349da93adbf9779301ac3c4d1
Detection count: 67
File type: Executable File
Mime Type: unknown/exe
Path: %Temp%
Group: Malware file
Last Updated: August 17, 2022
HDD Plus is on my computer, and I've tried running RKIll (which removes a couple of files, but doesn't stop the program from running) and removing the files manually, but I think they are not appearing as random.exe on my computer. Is it possible there are other file names? When I go to the Registry Editor, I see:
(Default)
175932447
ctfmon.exe
Google Update
kXVjsxfbJ.exe
MSMSGS
Could one of those be it?
Thanks for the help!
i purchased hdd plus.so what do i do now?
I too have come across this nasty piece of malware, twice so far. The first time I was successful in cleaning it, the second time not so lucky. But it did change the name from random.exe to a number like 2148040 which I deleted.