PC Repair

Posted: August 27, 2011
Threat Metric
Threat Level: 10/10
Infected PCs 206

PC Repair Description

PC RepairPC Repair is a new version of a fake defragmenter from a long line of defraggers from the FakeSysDef family that reuse the majority of their code with a new name slapped on to avoid recognition. Although PC Repair claims to be able to repair your PC of fragmentation-related problems, installing PC Repair will cause serious harm to your PC, such as vanishing files, randomly-disabled applications, missing shortcuts and a small army of steadily-streaming error messages. Since SpywareRemove.com malware research team hasn't found any genuinely positive features in PC Repair, as well as noting significant risks with its presence, it's recommended that you remove PC Repair from your computer as quickly as possible. Because rootkits, browser hijackers and trojans are also associated with PC Repair infections, you should delete PC Repair with an anti-malware program that's also capable of detecting and removing such PC threats.

The Countless Fake Repair Features That PC Repair Shows Off

PC Repair is marketed in the form of a supposedly useful defragger program on its website, and trojans such as Vundo, Zlob and Fake Microsoft Security Essentials Alert have also been implicated as causes of PC Repair infections. In most cases, PC Repair will use a fake scanner or warning message to announce that your computer is infected prior to installation, although this isn't a hard rule.

Once PC Repair has settled itself in, it will launch itself automatically and begin to pester you with fake alerts that are presented in a variety of ways, including through simulated system scans and Windows taskbar-based pop-ups.

You can safely ignore all of PC Repair's warnings, threats and pleadings for you to take action, since PC Repair isn't able to detect any of these errors on your computer, and, in fact, many of them are extremely unlikely to occur in the first place. The only purpose they have is to cause you to panic and force you to spend money on an activation key for PC Repair (you should consider using the free code '8475082234984902023718742058948' instead before you remove PC Repair).

Close relatives of PC Repair include System Defragmenter, Ultra Defragger, HDD Control, Win HDD, Win Defrag, Win Defragmenter, Disk Doctor, Hard Drive Diagnostic, HDD Diagnostic, HDD Plus, HDD Repair, HDD Rescue, Smart HDD, Defragmenter, HDD Tools, Disk Repair, Windows Optimization Center, Scanner, HDD Low and Hdd Fix. You should consider these rogue defragmenters to be just as fraudulent as PC Repair itself.

Doing the Repair Job That Will Put PC Repair Out of Work

Although the foremost concern with any PC Repair is the danger of spending money on it, SpywareRemove.com malware research team has also uncovered a range of other attacks that are coupled with PC Repair infections:

  • PC Repair may try to hide the contents of folders. Although this is a Windows Explorer-based attack that works via the Registry, it won't delete or otherwise alter the actual files. You can use alternative programs to view and access any files that PC Repair tries to conceal.
  • PC Repair, like many other types of scamware, will also try to block your security programs so that you find it difficult to delete PC Repair. In many cases, renaming a program file to something generic, such as 'iexplore.exe,' will let you duck under PC Repair's blacklist and launch the relevant application.
  • SpywareRemove.com malware researchers have also been unhappy to note that PC Repair has had a new feature added to it that differentiates it from other rogue defraggers in its family - the ability to hide program shortcuts in your Temp folder. Because of this, it's strongly encouraged that you avoid deleting any files in this folder or using any temporary file removal features until you've restored your shortcuts and deleted PC Repair.


PC Repair Screenshot 2PC Repair Screenshot 3PC Repair Screenshot 4PC Repair Screenshot 5PC Repair Screenshot 6PC Repair Screenshot 7PC Repair Screenshot 8PC Repair Screenshot 9PC Repair Screenshot 10

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PC Repair may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%ALLUSERSPROFILE%\Application Data\WdPGjGBlKKkE.exe File name: WdPGjGBlKKkE.exe
Size: 448.51 KB (448512 bytes)
MD5: 01ef539c0d873d506f7c337b7cbbcfed
Detection count: 27
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: August 29, 2011
%ALLUSERSPROFILE%\Application Data\L6kAlMiKb7Fz.exe File name: L6kAlMiKb7Fz.exe
Size: 462.84 KB (462848 bytes)
MD5: cabf1f8a66e33b0dfd6a6c8fad28a1e1
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: August 29, 2011
%ALLUSERSPROFILE%\Application Data\qdPGjGBlHCkE.exe File name: qdPGjGBlHCkE.exe
Size: 466.94 KB (466944 bytes)
MD5: 7278fc37d52351374587e0e2f0d26aa2
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: August 29, 2011
%ALLUSERSPROFILE%\Application Data\qdPWjqKGBlHCkE.exe File name: qdPWjqKGBlHCkE.exe
Size: 457.21 KB (457216 bytes)
MD5: dff7eac5c0c22591552da891c5364bfd
Detection count: 3
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: August 29, 2011
%ALLUSERSPROFILE%\Application Data\P1kAlMiG2Kb7Fz.exe File name: P1kAlMiG2Kb7Fz.exe
Size: 414.2 KB (414208 bytes)
MD5: 6cb0128ef745a1472606f1d4c82e914e
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: August 29, 2011
%LocalAppData%\[RANDOM CHARACTERS] File name: %LocalAppData%\[RANDOM CHARACTERS]
Group: Malware file
%LocalAppData%\[RANDOM CHARACTERS].exe File name: %LocalAppData%\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%LocalAppData%\~[RANDOM CHARACTERS] File name: %LocalAppData%\~[RANDOM CHARACTERS]
Group: Malware file
%StartMenu%\Programs\PC Repair\ File name: %StartMenu%\Programs\PC Repair\
Group: Malware file
%StartMenu%\Programs\PC Repair\Uninstall PC Repair.lnk File name: %StartMenu%\Programs\PC Repair\Uninstall PC Repair.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartMenu%\Programs\PC Repair\PC Repair.lnk File name: %StartMenu%\Programs\PC Repair\PC Repair.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\PC Repair.lnk File name: %UserProfile%\Desktop\PC Repair.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\smtmp\ File name: %Temp%\smtmp\
Group: Malware file
%Temp%\smtmp\1 File name: %Temp%\smtmp\1
Group: Malware file
%Temp%\smtmp\2 File name: %Temp%\smtmp\2
Group: Malware file
%Temp%\smtmp\3 File name: %Temp%\smtmp\3
Group: Malware file
%Temp%\smtmp\4 File name: %Temp%\smtmp\4
Group: Malware file

Registry Modifications


The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'Yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop "NoChangingWallPaper" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoDesktop" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU "MRUList"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

Additional Information

The following messages's were detected:
# Message
1Bad sectors on hard drive or damaged file allocation table
2Critical Error A critical error has occurred while indexing data stored on hard drive. System restart required.
3Critical Error Hard drive critical error. Run a system diagnostic utility to check your hard disk drive for errors. Windows can't find hard disk space. Hard drive error.
4Critical Error Hard Drive not found. Missing hard drive.
5Critical Error RAM memory usage is critically high. RAM memory failure.
6Critical Error Windows can't find hard disk space. Hard drive error
7Critical Error! Damaged hard drive clusters detected. Private data is at risk.
8Critical Error! Windows was unable to save all the data for the file \System32\496A8300. The data has been lost. This error may be caused by a failure of your computer hardware.
9GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
10Hard Drive Failure The system has detected a problem with one or more installed IDE / SATA hard disks. It is recommended that you restart the system.
11Low Disk Space You are running very low disk space on Local Disk (C:).
12PC Repair Diagnostics Windows detected a hard disk error. A problem with the hard drive sectors has been detected. It is recommended to download the following sertified [sic] software to fix the detected hard drive problems. Do you want to download recommended software?
13Ram Temperature is 83 C. Optimization is required for normal operation.
14Requested registry access is not allowed. Registry defragmentation required
15System Error An error occurred while reading system files. Run a system diagnostic utility to check your hard disk drive for errors.
16System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Related Posts

2 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.