Smart HDD

Smart HDD was first released to infect Internet users in December of 2010. Later on, another version appears using a new format but with similar goal. It aims to steal money from victims. Using deceitful tactics, it will lead you to a payment page forcing to input credit card data.

Smart HDD is a counterfeit Windows utility that is part of a large group of fake hard drive defragmentation program. Smart HDD or also known as the SmartHDD virus is continuously releasing a clone after the other as it focuses on spreading and infecting as many computers globally. This type of application does not require users own intervention to get itself installed inside a computer. Usually, a rootkit Trojan will be able to penetrate a computer without user’s knowledge and this activity is enough to install Smart HDD on to the PC. Once loaded into the computer, screen will be pounded with falsified information about system and hard drive errors.

Every start of Windows, a fabricated scan by Smart HDD will be completed as an instrument to mislead computer users. To have the errors fix, this unwanted application will advise victims to obtain the registered version of the software. After several diagnostics, it was found out that whether unregistered or licensed versions of Smart HDD are not equipped with enough functionality to detect and resolve hard drive and system errors. As a conclusion, one must immediately carry out a Smart HDD removal.

Update: May 28, 2012
There is a new version of Smart HDD. It represents a new console designated as S.M.AR.T. Repair or S.M.A.R.T. Check. Similar to older versions, this updated one will also seek for the purchase of the full edition by means of misleading tactics. Smart HDD also displays a warning with the following message:

Your computer is in critical state. Hard disk error detected.
As a result, it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of files, applications and documents stored on your computer.

This new version also hides files and folders on the infected computer. It will also make your shortcut links to disappear. Smart HDD spoils your PC by making changes to system files and Windows registry.

Screenshot Image:

Image of Smart HDD 2012

Image of Smart HDD

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7


How to Remove Smart HDD

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Step 1 : Activating Smart HDD

The malware will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.

Once activated, downloading of necessary program to scan and remove Smart HDD is now possible. Use the registration code below. If it prompts for email address, you can input any email address.

Optional : Activating the Rogue Program

Smart HDD will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.

1. To activate the program, click on "Trial version. Click here to activate.," located on lower right part of Smart HDD interface.
2. It will prompt for registration code and email, you may use the following:

Activation Code: 15801587234612645205224631045976
Email Address: Use any email like

3. Once activated, downloading of necessary program to scan and remove Smart HDD is now possible. You may proceed with automatic removal using the tool or perform manual procedure by following the guide below.

Step 2 : Scan the computer with recommended removal tool

1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid Smart HDD from loading at start-up.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

Remove all media such as floppy drive, cd, dvd, and USB devices. Then, restart the computer and please do the following:

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

2. Download the Removal Tool and save it on your Desktop or any location on your PC.

Download Tool

3. When finished downloading, locate and double-click on the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.

4. Follow the prompts and install with default configuration.

5. Click Finish after successful installation. Program will run automatically and you will be prompted to download software updates. Please download needed update.

6. When finished updating, the tool will run. Click on Scan tab from Top Menu of main screen. Then, choose Threat Scan (Recommended) to check your computer thoroughly.


7. Click on Start Scan to begin. Scanning may take a while. When done, this tool will display lists of identified threats.

MBAM Scan Finish

8. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Smart HDD.

9. Finally, click Finish and restart your computer.

Note: If Smart HDD prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

Step 3 : Ensure that no more files of Smart HDD are left inside the computer

1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

2. After downloading, navigate its location and double-click on the NPE.exefile to launch the program.

3. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept to proceed.

4. On NPE main window, click on Advanced Options. We will attempt to remove "Smart HDD" by thoroughly scanning your current operating system.

Advance Scan

5. On next window, select System Scan and click on Scan now to perform standard scan on your computer.

Scan the System

6. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Smart HDD. This may take some time, depending on the number of files currently stored on the computer.

7. When scan is complete. All detected risks are listed. Click on Fix Now to remove Smart HDD and other known threats. Then, restart Windows if necessary.

Step 4 : Remove the Rootkit Trojan that installs Smart HDD

Rootkit Remover is a stand-alone utility developed by McAfee. It can be used to detect and remove rootkit Trojan that is associated with Smart HDD. This tool can detect rootkit that is part of ZeroAccess, Necurs, and TDSS family.

1. Download Rootkit Remover and save it to your desktop or any accessible location. Click the button below to begin the download.

click to download

2. Locate the file rootkitremover.exe and double-click to run the program.

3. When User Account Control prompts if you want to allow the program to make changes on the computer, please click Yes.

Rootkit Remover Scan

4. Rootkit Remover instantly scans the computer and look for presence of Trojans, viruses, and rootkit that is related to Smart HDD .

5. Once it finishes scanning the computer, the tool will require you to restart Windows.

Alternative Removal Procedures for Smart HDD

Use Windows System Restore to return Windows to previous state

During an infection, Smart HDD drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.


c) Windows will display list of saved restore points. Select the most recent one to restore Windows to previous working and clean state.
d) It may take some time to fully restore back-up files. Restart Windows when done.

Open System Restore on Windows 8 and Windows 10

a) For Windows 8 user, go to Start Search, while on Windows 10, use the Start Menu Search and type rstrui.
b) Click on the located program to open System Restore window.


c) Windows will display list of saved restore points if it is active. Select the most recent one to restore Windows to previous working and clean state.
d) It may take a while to fully restore back-up files. Restart Windows when done.

If previous restore point is saved, you may proceed with Windows System Restore.

Option 2 : Smart HDD manual uninstall guide

IMPORTANT! Manual removal of Smart HDD requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Smart HDD.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Smart HDD files (refer to Technical Reference) and click End Process.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.

4. Delete all files dropped by Smart HDD.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Associated Files and Folders:Added Registry Entries:

Troubleshooting Guides

Did Smart HDD blocks your Internet access?

It is usual that rogue program prevents user from downloading removal tools from the Internet. Thus, infected computer may be denied to access the Internet by making changes to computer's proxy, DNS, and Hosts file. To solve Internet connection problem, please see our guide in fixing a virus-blocked Internet access. Also, make sure that your Windows Host File is free from any malicious entries. View steps in cleaning Windows host file.

Recover missing or hidden files and folders

To avoid manual execution of programs and files, Smart HDD will hide files and folders on the infected computer. Most victims think that files and folders are deleted, but it is not. The malware simply changed the attributes to hide the data. Follow this guide to show all hidden files and folders if it remains hidden after activating Smart HDD.

1. Open My Computer or Windows Explorer.
2. On top menu of upper left corner, click on Organize, then choose Folder and Search Options.

Show Folder and Search Options

3. Folder Options dialog box will appear. Select the View tab.
4. On Advance Settings, mark 'Show hidden files, folders and drives.'

Show hidden files and folders

5. Click OK to save the settings. You can now view the folders and files, though, they are still concealed because Smart HDD sets the attributes to hidden.
6. While still on Windows Explorer, click on the drive (C: or D:). On right pane, mouse over on the folder or file you wanted to unhide. To select all folder, you may use the keyboard shortcut Ctrl+A. Right-click, then select Properties .

7. On the Attributes area, remove the markings on Hidden. This will change the attributes of affected files and folders. Click Apply.

Hidden Files Attribute

8. If it prompts for confirmation, please select 'Apply changes to the selected items, subfolders and files'. Then, click OK to proceed.

Confirm Attributes

27 Responses

  1. Dwicky says:

    i want to ask something, i can’t even open the windows task manager, do you know the way i can do it?
    please help me

  2. Grondor says:

    If Ctrl-Alt-Del doesn’t open it, try Ctrl-Shift-Esc

  3. Annony says:

    man, my computer got infected with this whole SmartHDD

  4. Louis says:

    The only thing that seemed to work is going to the run command and type msconfig. Go to startup tab and find the unknown Startup Item. My name was FdrLLxJJnSf.exe. Uncheck it so it does not restart when the pc boots up. That will help not spamming the windows on the desktop. For me, it hasnt spam the windows yet. This did not remove it but help not to spam the windows and all those system messages.

  5. Sam says:

    All our files got wiped today. I didn’t knowit was a virus until it was too late. I had an extra hard drive attached an it deleted those files but left the folders. Open them and they are empty. Bloody bastards! We’re not technical but tried some of the comments but nothing worked.

  6. Jon says:

    This virus also made my boot partition inactive, so that when I rebooted the computer reported that the boot partition was invalid. Of course, this made the ‘hard drive boot sector reading error’ reported in the fake utility more credible.

    After running chkdsk with both the /f and /r options with no errors I finally used diskpart to activate the boot partition.
    Then I followed these instructions to recover from the virus.

  7. TickedOff says:

    Same thing here, laptop won’t even boot. Anyone think it’s still possible to same the drive?

  8. Jon says:

    I had the boot problem too. The problem I encountered was that the boot partition had made inactive.

    Here is how to activate your boot partition
    boot from your windows install disk into repair mode.
    open a DOS window.
    run diskpart to activate the boot partition

    c: diskpart
    diskpart> select disk 0
    diskpart> select partition 1
    diskpart> active
    diskpart> exit

    You may need to use “list disk” and “list partition” to find the right values

    Good Luck


  9. Brittany says:

    I don’t understand the “Activation Code and Email”… Where am I suppose go to activate the rogue program?

    My computer is completely blocked from opening/running anything, such as Malwarebytes and Rkill. After installing, I would get a pop-up saying “The extended attributes are inconsistent.”.

  10. Joe says:

    I had the virus this week, its a nasty one. To find files you have to open the windows start menu (windows button extreme lower leftand corner) in the search box enter the program name you are looking for (i.e malwarebytes, explorer etc.) your programs will work that way, It doesnt delete programs just hides them on you hence the search. It was hard to get rid of and my computer is still not right. but did get it to stop.

  11. kim says:

    Smart HDD got to my computer last night and wiped clean through it. The only thing that was on my entire screen when I logged back in was the word start, down in the corner. I had been using Windows Microsoft Essentials with my Gateway Firewall and it didn’t save or protect me at all.

    I had a computer tech get rid of it and he did manage to get almost all of my programs back, but only by using system restore. That, I could have done no matter what bad things might happen to my system…but what I can’t get back are the files and folders far more important…ALL of my documents and picture files/folders are gone, FOREVER!! The only ones that managed to survive were the few that are saved, on the start menu, when Notepad is used.

    Sick doesn’t even begin to describe how I feel, and Microsoft lies for claiming they are good enough to protect you from being attacked, let alone being rap_d!! I’m using AVG now, forever and when I get back. AVG—After Visiting God.

  12. quantum says:

    Just had my work laptop infected with this. McAfee did not find it. What a mess!

  13. dennis says:

    i have nothing left in my start menu or no icons on my front page when my cp loads up what this all about and how do i get back?

  14. TrickiT says:

    I have been fighting this POS virus since last Friday, no idea how I even got it! It hid everything but so far I got things back… but it has been a process. Keep looking for your files, they are probably still there…

  15. jeremy says:

    @Dennis, try this to restore all default shortcut links.
    1. Open Control Panel, Appearance and Personalization, Customize the Start Menu.
    2. Click on the tab that says “Start Menu”. Click on the “Customize” button.
    3. At the bottom, click on “Use Default Settings.”
    4. That method will restore Windows default start menu.

  16. Russ says:

    Your files are not gone, just hidden. The virus switches all your folders to hidden. Go to any folder you can get to, even if it doesn’t show anything in the folder anymore. Click on “Tools”, “Folder Options”, “View”. Where it says “Hidden Files & Folders” click “Show All Files and Folders”. Then at the top of the dialog box click “Apply to All Folders”. Click “Apply” at the bottom, and your folders magically re-populate.

  17. Candace says:

    I just want to say thank you so much for posting the steps to take to remove the virus !! It attacked my husbands computer and thankfully I was able, with your help, to restore everything.

  18. Susan Ganiebny says:

    Thank you so much for this information. This horrible program installed itself on my netbook and fortunately I was able to gain access via another laptop to get this information. I finally got control back of my netbook enough to remove the program and I then did a system restore back a few months to get my settings back. I have no idea how this thing got on my netbook but the people who are putting this on websites should be shot! What if no-one has a clue where to even look to get rid of it? I have warned everyone I know of this virus and recommended this site to them. Keep up the good work!

  19. JH says:

    if you search the net there is a program called unhide.exe which when you run it will unhide all your files. it is something to do with the status of the file (-H or +H)
    This program reverts them to default

  20. jeremy says:

    I am suffering from this virus at the mo mite not be gone yet but I clicked uninstall and deleted everything to do with it and it appears to be working tho really slowly I admit!!! By the way, to delete it I did it via safe mode with networking so the virus wasn’t able to work!!! Hope it has gone tho as it’s actually quite scary yet sad to think that some silly twit out their is bored enough to inflict serious damage on other peoples computers someone should do it to there’s. Also
    with all the technology currently out there you would think that they would have found away to track these people down by now!!!

  21. Amy Hollins says:

    I am suffering from this virus at the moment. It is not yet gone. I clicked on uninstall and deleted everything to do with it and it appears to be working though really slow! By the way, to delete it, I did it via safe mode with networking so the virus won’t be able to work! Hope it is gone now. It is actually quite scary yet sad to think that some silly twit out they are bored enough to inflict serious damage on other people’s compute. Also with all the technology currently out there, you would think that they have found a way to track these people by now?

  22. Christian says:

    HDD took a hold of my computer yesterday. My desktop went black, the screen shot above appeared, and all icons disappeared. I spent an hour and half on the phone with HP support. They got my computer running again but didn’t get rid of the virus, b/c this morning the black screen was back. I will try some of the steps above to get rid of it.

    Very maddening since my laptop is less than a year old and I purchased anti-virus software to prevent this sort of thing…

  23. Wes says:

    All our files got wiped today. I didn’t know it was a virus until it was too late. I had an extra hard drive attached an it deleted those files but left the folders. Open them and they are empty. We’re not technical but tried some of the comments but nothing worked.

  24. Thankful says:

    Rkill, MalwareBytes and unhiding my folders worked perfectly, thanks so much!!!

  25. Thom says:

    My computer was infected this Saturday after I clicked on a link at a company site while researching a product they were selling that was advertised on Groupon. My AVG anti-virus DID NOT catch it. Next thing you know, my desktop is black and I am getting all these warnings just like the article says. After several frustrating hours of trying to remedy the problem myself, I called AVG and spent $199.99 for their tech support and after an excruciating 23 hours of their techs working diligently, they were able to restore my laptop and all of my programs and files to include my desktop back to working condition. And yes, I feel as though I was “mugged” online. Whoever is responsible for this type of crime – and it is a crime – should be caught and punished. I am grateful that the techs at AVG were able to restore my computer and rid it of the virus. It is a very nasty and destructive virus that appears to be able to sidestep even the best anti-virus protection. So, be careful.

  26. Ed Smith says:

    With this Smart HDD it is possible to get a blue screen when booting up. Getting ready to try all suggestion on trying to get the system to boot in normal mode. Right now I can get into safe mode.
    I welcome any other suggestion to help with this problem. Thanking you in advance

  27. Brent says:

    I Jane a nasty virus that hides in the serial number of the hard drive. Even using kill disk, it shows the hard drive serial number and version of the hard drive have changed. Any idea his to remove this nasty virus as it has been two years I have been fighting this.

Leave a Reply

Your email address will not be published. Required fields are marked *