May 5, 2011

HDD Doctor.

HDD Doctor or HD Doctor, just like Disk Repair, belongs to a new generation of malwares, fake defragmenters.
Differently from other disk defragmenters, HDD Doctor is more similar to Think Point that Disk Repair or HDD plus.
 HDD Doctor differences are following. It does not show fake warnings non-related to hard disk. Only Hard disk errors are shown. Also, it has more crude user interface, which might be changed in further version. Despite that fact, all errors HDD Doctor reported are invented and have no value, so don’t fall into misleading recommendations to fix something. This malware may state:

The system will reboot in xxx seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.

HDD Doctor is distributed using trojans pretending to be legitimate software updates or codecs necessary to view video files on net. Typically, you will be offered to view some sort of movies for free, or a page will demand specific codec. If you install these files, you will get infected with trojans.. Never download software updates from 3rd party websites that you do not trust, or you will fall for similar scams.
At the moment HDD Doctor payment page is broken (as reported by security researcher Siri) and it can not accept payment. This will likely to change soon and we will start this family of rogues active too.
Paying attention to this scam and agreeing to scan the disk for errors is a bad idea because you will be returned useless results and then asked paying some money for fixing services because that’s why these “defragmenters” are created. The only possible way to fix your machine is eliminate HDD Doctor and all the Trojans that distribute it.
Remember that you must remove HDD Doctor as soon as possible.

Kill malicious Processes from Task Manager:
  • hdddoctor.exe
Location of the infection:
  1. %AppData%\hdddoctor.exe
  2. c:\WINDOWS\Tasks\At1.job
  3. %AppData%\Desktop\HDD Doctor.lnk 
  • HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon /V "Shell" = '%UserProfile%\Application Data\hdddoctor.exe'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\hdddoctor.exe'
Although it is possible to manually remove HDD Doctor, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend  malware and spyware removal applications.

After removing all these files, restart your computer and the issue will be fixed. And don’t forget to do update your Security Software, check the Firewall Settings and the Operating System and finally do a full system scan with the Security Software.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



There was an error in this gadget
Twitter Delicious Facebook Digg Stumbleupon Favorites More