Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Sunday, January 16, 2011

How to Remove Disk Helper, Removal Instructions

Tell your friends:
Disk Helper is a rogue application that usually appears on the computer without your permission, then starts a fake system scan and reports non-existent hard drive and registry errors. It's pretty much useless and at some point even dangerous. Disk Helper will prompt you to pay for a premium version of the program to fix all the reported errors. It will state that the standard version can not fix certain errors and protect your computer against new threats. You should also know that Disk Helper is not spyware or virus. It won't delete your files or steal your sensitive information. It's just another fake scanner from the quickly growing rogue defragmantation tools family. Disk Helper is already 27th. Previous versions: Disk Optimizer, Good Memory, My Disk. I'm pretty sure wee will see even more such bogus disk defragmentation programs this year. Do not give your credit card details to the scammers behind this fraud. Do not fall victim to Disk Helper or any other similar scareware. If you have this rogue program on your computer, please follow the removal instructions below to remove Disk Helper and related malware for free.

Disk Helper affects only one user account. It doesn't affect the entire computer. The rogue program does not show up in the Add/Remove program list. It resides in %AllUsersProfile%, meaning that you will find Disk Helper files in C:\Documents and Settings\All Users\Application Data\ folder if you run Windows XP on your computer. If you have Windows Vista/7 then you will find its files in C:\ProgramData\ folder. Look for randomly named files, e.g. 23hdgrosg9drh.exe. You can't just simply delete Disk Helper files unless you end the main process of this rogue program. It will block Task Manager and other system utilities to protect itself from being removed. That's why instead of deleting malicious files, you should try to rename them. You need to rename the main executable and dll files. Then restart your computer. If this works, you won't see the fake scanner on your computer screen anymore. Besides, it won't block other programs on your computer and won't display those stupid error messages about missing hard drive errors and possible data loss because of critical registry/system errors. Here are some of the fake errors that Disk Helper reports after the fake scan:
  • Data Safety Problem. System integrity is at risk.
  • 32% of HDD space is unreadable
  • Drive C initializing error
  • Hard drive doesn't respond to system commands
  • Registry Error - Critical Error
The fake error message that you will see when you attempt to run a program is:



The text of some of the alerts you may see include:
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
Windows can't find hard disk space. Hard drive error
Low Disk Space
You are running very low disk space on Local Disk (C:).
As you can see, Disk Helper is a typical rip-off rogue that asks to pay for simulated removal of hard drive errors, registry problems and privacy issues. If you have already paid for this scareware then you should contact your credit card company and dispute the charges. Just tell them that Disk Helper is an infection and that you won't your money back. Then please follow the steps in the Disk Helper removal guide below. If you don't understand some parts of the removal procedure, please leave a comment. Also, please inform your friends about this malware. Good luck and be safe online!


Disk Helper removal instructions:

1. Download Process Explorer. (click the link and wait for few seconds, download will begin automatically)
2. End Disk Helper processes, e.g. 25hdgeJGd9rkd.exe or fHdrGHsldrge.exe.



OR just rename/delete files related to Disk Helper. Files are located in %AllUserProfile% folder. See the list at the end of this page for more details. Disk Optimizer files in Windows XP: (note: by default, Application Data folder is hidden. If you can't see such folder/files, please read Show Hidden Files and Folders in Windows)



3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.


Disk Helper removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus.


Disk Helper associated files and registry values:

Files:

Windows XP:
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\Application Data\~[SET OF RANDOM CHARACTERS]
  • %UsersProfile%\Local Settings\Application Data\[SET OF RANDOM CHARACTERS].lic
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].dll
  • %AllUsersProfile%\Application Data\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\Disk Helper.lnk
  • %UsersProfile%\Start Menu\Programs\Disk Helper\
  • %UsersProfile%\Start Menu\Programs\Disk Helper\Disk Helper.lnk
  • %UsersProfile%\Start Menu\Programs\Disk Helper\Uninstall Disk Helper.lnk
%AllUsersProfile% refers to: C:\Documents and Settings\All Users
%UserProfile% refers to: C:\Documents and Settings\[User Name]

Windows Vista/7:
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\~[SET OF RANDOM CHARACTERS]
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].lic
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].dll
  • %AllUsersProfile%\[SET OF RANDOM CHARACTERS].exe
  • %UsersProfile%\Desktop\Disk Helper.lnk
  • %UsersProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Helper\
  • %UsersProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Helper\Disk Helper.lnk
  • %UsersProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Helper\Uninstall Disk Helper.lnk
%AllUsersProfile% refers to: C:\ProgramData
%UserProfile% refers to: C:\Users\[User Name]

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes"='.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;'
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = "no"
Share this information with other people:

0 comments: