Thursday, December 09, 2010

HDD Plus - What it is and How to Remove it


HDD plus was first reported to us on December 8th, 2010. It is a new variant of an old virus, meaning it's got a fancy new face but does the same bad stuff the previous versions used to. You might also have been infected with this under the names Hard Drive Diagnostic, HDD Scan, Win Defragmenter, Win HDD, Check Disk, Ultra Defragger, or Quick Defragmenter.

NONE of these are what they appear to be. They are a virus, and while not horribly destructive they are definitely annoying and hard to remove.

How do I know I'm infected?

HDD-Plus-Warnings-Screenshot.png

This is the image displayed on computers infected with HDD Plus. The goal of the virus is to convince you that you have some hard drive damage and then to click on any of the tools or links offered to repair the problem. None of these tools do what they say they do. Do not click on them if you haven't already!

Removal of HDD Plus

We usually make it our goal to try to give you viewers an easy way to rid yourself of these viruses. This one isn't especially hard to remove if you're not overly infected, but it does take some skill, so chances are the average user can't remove it on their own.

Why Not:
The virus always load in the same place, but not always with the same name. Different computer configurations store the temporary internet data in different folders. Without knowing which user account on your computer is infected, we couldn't easily tell you which directories to clean out.
For example the virus infects the following locations:
%TempDir%\[random]
%TempDir%\[random].exe
%TempDir%\[random].dll
%TempDir%\dfrg
%TempDir%\dfrgr
%TempDir%\Windows Update.exe
%Desktop%\HDD Plus.lnk
%Programs%\HDD Plus
%Programs%\HDD Plus\HDD Plus.lnk
%Programs%\HDD Plus\Uninstall HDD Plus.lnk

Doesn't look that easy to a regular computer user does it? Unfortunately it's not. However, it's a pretty standard removal for a good computer technician. If you have a technician you already rely on, print this page and give it to them with your computer when you carry it in for repair.

Having said that, here is what we can tell you.

(If you're a technically savvy user, you can remove it using this information. If this information doesn't make sense to you or you are intimidated by making system-level repairs, we suggest you contact a computer company to remove the virus for you.)

Information about HDD Plus:
-HDD Plus is usually executed in the temporary internet files directory, so if you can get those files purged, you can usually prevent the virus from loading. If it's already resident, and it probably is, we suggest rebooting into safe mode, deleting those files, then restarting in normal mode and running a malwarebytes scan. This should remove the startup entries from the registry. Spybot also seems to be able to remove it, though we haven't tested that theory ourselves.

- HDD Plus seems to prevent the task manager from loading, however it has no effect on MSCONFIG. Run MSCONFIG, uncheck the startup items launching in the temp directories on the computer, then press Apply and then perform the restart when prompted by MSCONFIG. This will allow the system to boot clean and you can then remove it as described above.

If you are NOT a technically savvy user, we suggest you consider our Remote 247 Solution for removing this virus as well as other computer needs.

2 comments:

  1. THANK YOU a million times over! I used these instructions to rid myself of this trojan with success! I’ve come across this one before, but not to the degree that it wouldn’t let me open my Task Manager or Programs. This was so helpful!!

    ReplyDelete
  2. HANK YOU a million times over! I used these instructions to rid myself of this trojan with success! I’ve come across this one before, but not to the degree that it wouldn’t let me open my Task Manager or Programs. This was so helpful!!

    Provide me information to know how i will be able to know that my system get infected once again by same virus???

    ReplyDelete

Thanks for taking a moment to leave a comment! Please keep the language clean. (If you are considering spamming the blog, don't bother. It's going to be deleted anyway.)