Archive for the 'Malware' Category

What is HDDRescue, How to remove HDD Rescue

Sunday, December 12th, 2010

HDD Rescue is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Rescue associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk
%UserProfile%\Start Menu\Programs\HDD Rescue\HDD Rescue.lnk

HDD Rescue associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Rescue:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Rescue is a fake computer optimization software that installed through the use of trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDRescue will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not pay for the fake software! Instead, follow the removal guide below to remove HDD Rescue from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Rescue removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is andy145.exe, How to remove andy145.exe

Thursday, December 9th, 2010

This is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: andy145
Filename: andy145.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | xuri49tkd

Command: C:\windows\andy145.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [xuri49tkd] C:\windows\andy145.exe

DDS Line:

mRun: [xuri49tkd] C:\windows\andy145.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“xuri49tkd”=C:\windows\andy145.exe

Description: malware

How to remove: use HijackThis + Kaspersky virus removal tool

What is HDDPlus, How to remove HDD Plus

Thursday, December 9th, 2010

HDD Plus is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Plus associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk
%UserProfile%\Start Menu\Programs\HDD Plus\HDD Plus.lnk

HDD Plus associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Plus:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Plus is a fake computer optimization software that installed through the use of trojans without user knowledge and permission. When is started, it will report false information and display fake alerts on the computer. The rogue will perform a fake scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDPlus will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with this malware then follow the removal guide below to remove HDD Plus from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Plus removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is HDDScan, How to remove HDD Scan

Saturday, December 4th, 2010

HDD Scan is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Scan associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Scan.lnk
%UserProfile%\Start Menu\Programs\HDD Scan
%UserProfile%\Start Menu\Programs\HDD Scan\HDD Scan.lnk
%UserProfile%\Start Menu\Programs\HDD Scan\Uninstall HDD Scan.lnk

HDD Scan associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Scan:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Scan is a fake optimization tool. Once installed, it reports false information and displays fake alerts on the computer. The rogue will imitate a system scan and report that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, HDDScan will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, the program will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with this malware then follow the removal guide below to remove HDD Scan from your computer for free using legitimate free antimalware software.

How to remove: use the HDD Scan removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is DiskDoctor, How to remove Disk Doctor

Friday, December 3rd, 2010

Disk Doctor is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Disk Doctor associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Disk Doctor.lnk
%UserProfile%\Start Menu\Programs\Disk Doctor
%UserProfile%\Start Menu\Programs\Disk Doctor\Disk Doctor.lnk
%UserProfile%\Start Menu\Programs\Disk Doctor\Uninstall Disk Doctor.lnk

Disk Doctor associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Disk Doctor:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Disk Doctor is a fake optimization tool. Once installed, it reports false information and displays fake alerts on the computer. The rogue program will imitate a system scan and report that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, Disk Doctor will blocks all the legitimate and trustful applications used on your PC. In order to repair the entire system, Disk Doctor will suggest you to purchase its full version. Most important, do not purchase this fake program! If your computer is infected with DiskDoctor then follow the removal guide below to remove Disk Doctor from your computer for free using legitimate free antimalware software.

How to remove: use the Disk Doctor removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is WinDefragmenter, How to remove Win Defragmenter

Thursday, December 2nd, 2010

Win Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Win Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Win Defragmenter
%UserProfile%\Start Menu\Programs\Win Defragmenter\Win Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Win Defragmenter\Uninstall Win Defragmenter.lnk

Win Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win Defragmenter:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win Defragmenter is a fake computer defragmenter and diagnostics program. Once installed, it reports false information and displays fake alerts on the computer. The rogue program will imitate a system scan and report that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, Win Defragmenter will block all Windows applications from running. The rogue will prompt you to buy its full version to fix these system errors. Most important, do not purchase this fake program! If your computer is infected with WinDefragmenter then follow the removal guide below to remove Win Defragmenter from your computer for free using legitimate free antimalware software.

How to remove: use the Win Defragmenter removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is Win Defrag, How to remove Win Defrag

Tuesday, November 30th, 2010

Win Defrag is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Win Defrag associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win Defrag.lnk
%UserProfile%\Start Menu\Programs\Win Defrag
%UserProfile%\Start Menu\Programs\Win Defrag\Win Defrag.lnk
%UserProfile%\Start Menu\Programs\Win Defrag\Uninstall Win Defrag.lnk

Win Defrag associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win Defrag:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win Defrag is a fake computer defragmenter and optimization program. When the rogue is installed, it reports false information and displays fake alerts on the computer. The program will simulate a system scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, Win Defrag will block all Windows applications from running. The rogue will prompt you to buy its full version to fix these system errors. Most important, do not purchase this fake program! If your computer is infected with WinDefrag then follow the removal guide below to remove Win Defrag from your computer for free using legitimate free antimalware software.

How to remove: use the Win Defrag removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is WinHDD, How to remove Win HDD

Saturday, November 27th, 2010

Win HDD is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Win HDD associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win HDD.lnk
%UserProfile%\Start Menu\Programs\Win HDD
%UserProfile%\Start Menu\Programs\Win HDD\Win HDD.lnk
%UserProfile%\Start Menu\Programs\Win HDD\Uninstall Win HDD.lnk

Win HDD associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win HDD:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win HDD is a fake computer defragmenter and diagnostics program. Once installed, it reports false information and displays fake alerts on the computer. The rogue program will simulate a system scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, Win HDD will block all Windows applications from running. The rogue will prompt you to buy its full version to fix these system errors. Most important, do not purchase this fake program! If your computer is infected with WinHDD then follow the removal guide below to remove Win HDD from your computer for free using legitimate free antimalware software.

How to remove: use the Win HDD removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is HDD Control, How to remove HDD Control

Thursday, November 25th, 2010

HDD Control is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Control associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Control.lnk
%UserProfile%\Start Menu\Programs\HDD Control
%UserProfile%\Start Menu\Programs\HDD Control\HDD Control.lnk
%UserProfile%\Start Menu\Programs\HDD Control\Uninstall HDD Control.lnk

HDD Control associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Control:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Control is a fake computer defragmenter and optimization application that uses false scan results and fake alerts in order to trick you into purchasing its paid version.

How to remove: use the HDD Control removal instructions.

What is Ultra Defragger, How to remove Ultra Defragger

Sunday, November 14th, 2010

Ultra Defragger is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Ultra Defragger associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Ultra Defragger.lnk
%UserProfile%\Start Menu\Programs\Ultra Defragger
%UserProfile%\Start Menu\Programs\Ultra Defragger\Ultra Defragger.lnk
%UserProfile%\Start Menu\Programs\Ultra Defragger\Uninstall Ultra Defragger.lnk

Ultra Defragger associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Ultra Defragger:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Ultra Defragger is a fake computer defragmenter and optimization application that uses false scan results and fake alerts in order to trick you into purchasing its paid version.

How to remove: use the Ultra Defragger removal instructions.