Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Sunday, December 5, 2010

How to remove Hard Drive Diagnostic (Removal Guide)

Tell your friends:
Hard Drive Diagnostic is a piece of malware that deliberately reports numerous non-existent hard drive, Windows registry and system errors. It's from the same family as HDD Scan and Disk Doctor. So, it's basically the same malicious software with a new name. I'm pretty sure we'll see more rip-off rogues with the same graphical user interface and false computer problems. Hard Drive Diagnostic malware usually comes from fake online scanners and other bogus websites. However, the scammers can use the other ways of promoting this bogus and useless disk defragmenter, e.g. spam, infected Ads and software vulnerabilities. Once Hard Drive Diagnostic is installed, it will change your Desktop and hide some of your icons. Then it will display a fake error message and begin its fake system scan. After the fake scan, the rogue program will give you a list of supposedly detected system errors and will recommend you to run defragmentation.


  • Drive C initializing error
  • 32% of HDD space is unreadable
  • Read time of hard drive clusters less than 500 ms
  • Ram Temperature is 83 C. Optimization is required for normal operation.
  • Registry Error - Critical Error
  • GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
It will supposedly fix some of the errors it detects but leave about five or six of them and will prompt you to pay for a full version of the rogue program to fix the rest of the problems. If you find that your computer is infected with this scareware, please follow the removal instructions below to remove Hard Drive Diagnostic from your computer.

While running, HardDrive Diagnostic will block some fo your programs and state that there is a hard drive disk error or something. The fake message reads:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
Windows cannot find [program]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
Hard Drive Diagnostic will also displat fake alerts and notifications from Windows taskbar:
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can't find hard disk space. Hard drive error
It goes without saying that you should remove Hard Drive Diagnostic malware from your computer as soon as possible. Do not fall victim to this fake program and do not bay it! It's a scam. If you have already purchased this bogus program then please contact your credit card company and dispute the charges. Then restart your computer in safe mode and do system restore. If that won't help then please follow step by step Hard Drive Diagnostic removal instructions below. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!


Hard Drive Diagnostic removal instructions:

1. Open Task Manager (Ctrl+Alt+Delete).
2. Click on the Processes tab.
3. Click to highlight [SET OF RANDOM NUMBERS].exe, e.g. 1254875695.exe, aVdfrGdkeF.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes. This will stop Hard Drive Diagnostic.
4. Click to highlight explorer.exe and end it too. Then click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK.
5. Open directory:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
Delete all files from this directory.
NOTE: Local Settings folder is hidden by default so you will have to change folder options to see hidden files.

6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

7. Follow this removal guide: TDSS, Alureon, Tidserv, TDL3 removal instructions using TDSSKiller utility

8. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Hard Drive Diagnostic removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Hard Drive Diagnostic associated files and registry values:

Files:
  • %Temp%\[SET OF RANDOM NUMBERS]
  • %Temp%\[SET OF RANDOM NUMBERS].exe
  • %Temp%\dfrg
  • %Temp%\dfrgr
  • %Temp%\[SET OF RANDOM CHARACTERS].dll
  • %UserProfile%\[SET OF RANDOM CHARACTERS].DAT
  • %UserProfile%\Desktop\Hard Drive Diagnostic.lnk
  • %UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\
  • %UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
  • %UserProfile%\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\USE FORMSUGGEST = Yes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\WARNONZONECROSSING = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\Zones\3\1601 = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[SET OF RANDOM NUMBERS] = %TEMP%\[SET OF RANDOM NUMBERS].exe
Share this information with other people:

6 comments:

shreyas said...

Thanks for sharing such useful information. My pc was recently attacked by this hdd diagnostic malware.keep sharing..

Anonymous said...

many thanks to you all, who developed this side here and to all who take care that it is up to date. made notebook clean for my girl friend and now she can be happy.
thousand thanks to you

Anonymous said...

This just happened to me yesterday.. I downloaded malwarebytes and seems like I got rid of the crap, but all my personal files are missing still. When I first start up my computer and open a folder containing files "pictures", for example... I can see all the files for a brief second and then they all disappear. I also can tell that my hard drive still has everything on it because my HD shows only 57gb of 137gb available. How do I get all my stuff back?? Thank you in advance.

Anonymous said...

This virus will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop: Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

Admin said...

Thanks! To download unhide.exe click here.

Calvin said...

Thanks very much for this excellent help. My wife was in despair after accidentally downloading this malicious program. Now all cleaned up.