HDD Rescue
HDD Rescue is promoted as a diagnostic and repair application but it was identified to be another rogue or fake during an examine done by security providers. HDD Rescue is just part of a large group of fake hard drive defragmenters that are being spread by malicious means. This unwanted can be acquired when users have executed any links or prompts from various web sites that were established to hosts the installation files of HDD Rescue. Once inside the system, HDD Rescue will subsequently pop-up alert messages including these lines:
Fix Disk
Windows Disk Diagnostics will scan the system to identify performance problems.
Start or Cancel
Windows cannot find wordpad. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
A system modifications will also carried out on the affected computer, adding its own entries on the registry and dropping files to system folders. This will make HDD Rescue to be more harmful and able to dominate the computer. Thus, it can block any installed application to be executed and prevent antivirus programs from running. In this case, all you need to do is to remove HDD Rescue immediately by means of an effective security software.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | Win HDD |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of HDD Rescue Infection?
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters]“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random characters].exe”
The threat will drop the following malicious files:
%Temp%\[random characters]
%Temp%\[random characters].exe
%Temp%\[random characters].dll
%Temp%\HDD Rescue
%Temp%\dfrgr
%Documents and Settings%\[User_Name]\Start Menu\Programs\HDD Rescue\Uninstall HDD Rescue.lnk
How to Remove HDD Rescue Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove HDD Rescue
1. Download and run Removal Tool to remove this computer threat.
Hi
I only found two of the above mentioned files[hkey_current_user/software/microsoft/windows/currentversion/run {random characters}.exe and documents and settings /username/startmenu/hidden rescue/uninstal hidden rescue.link ] I deleted both of them and couldn’t find the others so I continued and I tried to run the antivirus but it wouldn’t work. Can you please help me with my problem?
Thanks