Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, November 24, 2010

How to Remove HDD Control (Uninstall Guide)

Tell your friends:
HDD Control is a fake disk defragmenter and computer optimization program that deliberately reports false information about hard drive, RAM and Windows registry errors. It pretends to run a system check and then reports numerous errors. It states that certain errors are critical and should be fixed immediately. In order to fix the errors you need to run the defragmenter. If you use Windows XP or Windows Vista, HDD Control will make your desktop background black. That won't happen if you use Windows 7. Finally, it will state that some problems and system issues can not be fixes unless you purchase this useless software. Please do not fall victim to this scam. If your computer is infected with this rogue program then please follow the removal instructions below to remove HDD Control from your computer for free using legitimate anti-malware programs.

HDD Control malware is from the same family as Check Disk and Ultra Defragger. Such rogue programs are promoted mostly through the use of trojans, fake online scanners, misleading websites and other malicious software. HDDControl can be also distributed on Facebook, Twitter and other social networks. When the rogue program is running, it will block nearly all programs on your computer and display a fake message with the following text:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
However, if you attempt to run a program enough times it will eventually work. HDD Control may hijack your web browser and redirect you to various unrelated websites full of ads or even other malicious software. As a typical scareware, it will display fake alerts and notifications from your Windows taskbar. You may even get a notification that your hard drive is missing. Obviously, that's not true; otherwise your computer wouldn't work at all. The text of some of the alerts you may see include:
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
HDD Control's process is a bunch of numbers, e.g. 1648411579.exe. The rogue program keeps the files in Windows Temp folder. Please see the removal instructions below for more information. It goes without saying that HDD Control is a scam. You should contact your credit card provided and dispute the charges if you have already purchased this useless system defragmenter. Then please get rid of HDD Control as soon as possible. Follow the removal instructions below. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!


HDD Control removal instructions using Process Explorer (in Normal mode):

1. Download Process Explorer and end HDD Control process:
  • [SET OF RANDOM CHARACTERS].exe, e.g. 1648411579.exe
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


HDD Control removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


HDD Control associated files and registry values:

Files:
  • %Temp%\[SET OF RANDOM CHARACTERS]
  • %Temp%\[SET OF RANDOM CHARACTERS].exe
  • %Temp%\dfrg
  • %Temp%\dfrgr
  • %Temp%\[SET OF RANDOM CHARACTERS].dll
  • %UserProfile%\Desktop\HDD Control.lnk
  • %UserProfile%\Start Menu\Programs\HDD Control\
  • %UserProfile%\Start Menu\Programs\HDD Control\HDD Control.lnk
  • %UserProfile%\Start Menu\Programs\HDD Control\Uninstall HDD Control.lnk
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Share this information with other people:

3 comments:

Anonymous said...

my internet isnt working on my computer because of this, and i didnt really understand the steps i need to take, so can you please give me a step by step process on how to get rid of it. im on another computer right now.

Admin said...

Restart the infected computer in safe mode.

Go to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

Delete everything from Temp folder.

NOTE: change folder options to show hidden files, because Local Settings folder is hidden.

OR you can open task manager and look for similar process 1648411579.exe and end it. Then delete everyting from Temp folder.

Anonymous said...

Firstly I want to thank you for this blog, it's really good to understand although my english isn't very good ;-)

I followed the steps for removing the malware (it just worked in safe mode)and it became much better: The screen that tells me to buy something disappeared, but there are still error messages like "critical error - Damaged hard drive clusters detected" and the pc still works very slowly.
I was able to run SUPERAntiSpyware and Spybot in normal mode, after it became better this way. But it didn't change anything.
So I don't know how to remove the malware completely. Can you please help me with this problem?