HDD Rescue

By | December 12, 2010 | 1 Comment

HDD Rescue is promoted as a diagnostic and repair tool but it was identified to be another rogue or fake during an examination done by security providers. HDD Rescue is just part of a large group of fake hard drive defragmenters that are being spread via malicious means. This unwanted software can be acquired when users have executed any links or prompts from various web sites that were established to hosts the installation files of HDD Rescue.

Once inside the system, this malware will run a scan. It detects various troubles with regards to hard drive, system files, programs, and registry entries. Malware are known in posting problems that do not occur on the computer to gain sales lead. Furthermore, HDD Rescue will issue constant pop-up alert messages including these lines:

“Fix Disk
Windows Disk Diagnostics will scan the system to identify performance problems.
Start or Cancel”

“Windows cannot find wordpad. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.”

A system modifications will also carried out on the affected computer. Adding its own entries on the registry and dropping files to system folders will allow the malware to partly control the computer. This will make HDD Rescue to be more harmful and able to dominate the PC. Thus, it can block any installed program, not allowing you to run any software. It also prevents antivirus programs from running. In this case, all you need to do is to remove HDD Rescue immediately by means of effective security software. Since it will hamper software execution, we suggest running the removal tool after starting Windows in Safe Mode. This process will prevent HDD Rescue from loading into memory to perform its payload.

Type Rogue
Sub-Type FakeAV
OS Affected Windows

What are the Symptoms of HDD Rescue Infection?

hdd-rescue

It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters].exe”

The threat will drop the following malicious files:
%Temp%\[random characters]
%Temp%\[random characters].exe
%Temp%\[random characters].dll
%Temp%\HDD Rescue
%Temp%\dfrgr
%Documents and Settings%\[User_Name]\Start Menu\Programs\HDD Rescue\Uninstall HDD Rescue.lnk

One thought on “HDD Rescue

  1. sal

    Hi
    I only found two of the above mentioned files[hkey_current_user/software/microsoft/windows/currentversion/run {random characters}.exe and documents and settings /username/startmenu/hidden rescue/uninstal hidden rescue.link ] I deleted both of them and couldn’t find the others so I continued and I tried to run the antivirus but it wouldn’t work. Can you please help me with my problem?
    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *