Smart HDD
Smart HDD was first released to infect Internet users in December of 2010. Later on, another version appears using a new format but with similar goal. It aims to steal money from victims. Using deceitful tactics, it will lead you to a payment page forcing to input credit card data.
Smart HDD is a counterfeit Windows utility that is part of a large group of fake hard drive defragmentation program. Smart HDD or also known as the SmartHDD virus is continuously releasing a clone after the other as it focuses on spreading and infecting as many computers globally. This type of application does not require users own intervention to get itself installed inside a computer. Usually, a rootkit Trojan will be able to penetrate a computer without user’s knowledge and this activity is enough to install Smart HDD on to the PC. Once loaded into the computer, screen will be pounded with falsified information about system and hard drive errors.
Every start of Windows, a fabricated scan by Smart HDD will be completed as an instrument to mislead computer users. To have the errors fix, this unwanted application will advise victims to obtain the registered version of the software. After several diagnostics, it was found out that whether unregistered or licensed versions of Smart HDD are not equipped with enough functionality to detect and resolve hard drive and system errors. As a conclusion, one must immediately carry out a Smart HDD removal.
Update: May 28, 2012
There is a new version of Smart HDD. It represents a new console designated as S.M.AR.T. Repair or S.M.A.R.T. Check. Similar to older versions, this updated one will also seek for the purchase of the full edition by means of misleading tactics. Smart HDD also displays a warning with the following message:
Your computer is in critical state. Hard disk error detected.
As a result, it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of files, applications and documents stored on your computer.
This new version also hides files and folders on the infected computer. It will also make your shortcut links to disappear. Smart HDD spoils your PC by making changes to system files and Windows registry.
Screenshot Image:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
How to Remove Smart HDD
Step 1 : Activating Smart HDD
The malware will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.
Once activated, downloading of necessary program to scan and remove Smart HDD is now possible. Use the registration code below. If it prompts for email address, you can input any email address.
Optional : Activating the Rogue Program
Smart HDD will block running of any programs. It also prevents access to Internet particularly anti-virus web sites. Execution of Windows tools like Task Manager, Registry Editor and Control Panel is similarly block by the rogue program. Activating the program using the registration key below will regain access to the mentioned services.
1. To activate the program, click on "Trial version. Click here to activate.," located on lower right part of Smart HDD interface.
2. It will prompt for registration code and email, you may use the following:
Activation Code: 15801587234612645205224631045976
Email Address: Use any email like name@mail.com
3. Once activated, downloading of necessary program to scan and remove Smart HDD is now possible. You may proceed with automatic removal using the tool or perform manual procedure by following the guide below.
Step 2 : Scan the computer with recommended removal tool
1. First thing you should do is reboot the computer in Safe Mode with Networking to avoid Smart HDD from loading at start-up.
NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.
To start Windows in Safe Mode with Networking, please do the following:
a. Remove all media such as floppy drive, cd, dvd, and USB devices. Then, restart the computer.
b. Before Windows begins to load, press F8 on your keyboard.
c. It will display the Advanced Boot Options menu. Select Safe Mode with Networking.
d. Windows will now start in Safe Mode and at the same time will load necessary drivers so that you can access the Internet.
2. Download the Removal Tool and save it on your Desktop or any location on your PC.
3. When finished downloading, locate and double-click on the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, check prompts that software will run and update on itself.
6. Click Finish. Program will run automatically and you will be prompted to update the program before doing a scan. Please download needed update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. Scanning may take a while. When done, click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Smart HDD.
10. Finally, restart your computer.
Note: If Smart HDD prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.
Step 3 : Ensure that no more files of Smart HDD are left inside the computer
1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.
4. Once the file is downloaded, navigate its location and double-click on the icon (NPE.exe) to launch the program.
5. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
6. On NPE main window, click on Advanced. We will attempt to remove Smart HDD components without restarting the computer.
9. On next window, select System Scan and click on Scan now to perform standard scan on your computer.
10. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Smart HDD. This may take some time, depending on the number of files currently stored on the computer.
11. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.
Step 4 : Remove the Rootkit Trojan that installs Smart HDD
Rootkit Remover is a stand-alone utility developed by McAfee. It can be used to detect and remove rootkit Trojan that is associated with Smart HDD. This tool can detect rootkit that is part of ZeroAccess and TDSS family.
1. Download Rootkit Remover and save it to your desktop or any accessible location. Click the button below to begin download the tool.
2. Locate the file rootkitremover.exe and double-click to run the program.
3. When User Account Control prompts if you want to allow the program to make changes on the computer, please click Yes.
4. Rootkit Remover instantly scans the computer and look for presence of Trojans, viruses, and rootkit that is related to Smart HDD .
5. Once it finishes scanning the computer, the tool will require you to restart Windows.
Alternative Removal Procedures for Smart HDD
Option 1 : Use Windows System Restore to return Windows to previous state
During an infection, Smart HDD drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.
To verify if System Restore is active on your computer, you can type system restore into the Start menu search box. Typing rstrui on the same box and pressing Enter also opens this function.
If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.
Option 2 : Smart HDD manual uninstall guide
IMPORTANT! Manual removal of Smart HDD requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.
1. Kill any running process that belongs to Smart HDD.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for Smart HDD files (refer to Technical Reference) and click End Process.
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
- Thoroughly scan the computer with your updated antivirus software.
4. Delete all files dropped by Smart HDD.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.
Technical Reference
Associated Files and Folders:Added Registry Entries:Troubleshooting Guides
Did Smart HDD blocks your Internet access?
It is usual that rogue program prevents user from downloading removal tools from the Internet. Thus, infected computer may be denied to access the Internet by making changes to computer's proxy, DNS, and Hosts file. To fix Internet connection problem, follow these steps:
1. Download the free program called MiniToolBox. Click the button below to begin. Save the file on your hard drive or preferably in your Desktop.
2. Close all running Internet browser and double-click on the file to run. It opens a window showing a list of features.
3. Make sure that you have a check mark on the following items : Flush DNS, Reset IE Proxy Settings, and Reset FF Proxy Settings.
4. Click on the GO button to start the process. The program automatically closes and displays a text file for your reference.
5. If the above solution does not work, you may try other method like fixing a virus-blocked Internet access. Also, make sure that your hosts file is free from any malicious entries. View steps in cleaning Windows host file.
Recover missing or hidden files and folders
To avoid manual execution of programs and files, Smart HDD will hide files and folders on the infected computer. Most victims think that files and folders are deleted, but it is not. The malware simply changed the attributes to hide the data. Follow this guide to show all hidden files and folders if it remains hidden after activating Smart HDD.
1. Open My Computer or Windows Explorer.
2. On top menu of upper left corner, click on Organize, then choose Folder and Search Options.
3. Folder Options dialog box will appear. Select the View tab.
4. On Advance Settings, mark 'Show hidden files, folders and drives.'
5. Click OK to save the settings. You can now view the folders and files, though, they are still concealed because Smart HDD sets the attributes to hidden.
6. While still on Windows Explorer, click on the drive (C: or D:). On right pane, mouse over on the folder or file you wanted to unhide. To select all folder, you may use the keyboard shortcut Ctrl+A. Right-click, then select Properties .
7. On the Attributes area, remove the markings on Hidden. This will change the attributes of affected files and folders. Click Apply.
8. If it prompts for confirmation, please select 'Apply changes to the selected items, subfolders and files'. Then, click OK to proceed.
Dwicky
Mar 31, 2012 @ 08:31:34
i want to ask something, i can’t even open the windows task manager, do you know the way i can do it?
please help me
Grondor
Mar 31, 2012 @ 12:05:22
If Ctrl-Alt-Del doesn’t open it, try Ctrl-Shift-Esc
Annony
Apr 01, 2012 @ 01:15:30
man, my computer got infected with this whole SmartHDD
Louis
Apr 02, 2012 @ 00:15:14
The only thing that seemed to work is going to the run command and type msconfig. Go to startup tab and find the unknown Startup Item. My name was FdrLLxJJnSf.exe. Uncheck it so it does not restart when the pc boots up. That will help not spamming the windows on the desktop. For me, it hasnt spam the windows yet. This did not remove it but help not to spam the windows and all those system messages.
Sam
Apr 02, 2012 @ 07:33:09
All our files got wiped today. I didn’t knowit was a virus until it was too late. I had an extra hard drive attached an it deleted those files but left the folders. Open them and they are empty. Bloody bastards! We’re not technical but tried some of the comments but nothing worked.
Jon
Apr 02, 2012 @ 15:22:19
This virus also made my boot partition inactive, so that when I rebooted the computer reported that the boot partition was invalid. Of course, this made the ‘hard drive boot sector reading error’ reported in the fake utility more credible.
After running chkdsk with both the /f and /r options with no errors I finally used diskpart to activate the boot partition.
Then I followed these instructions to recover from the virus.
TickedOff
Apr 02, 2012 @ 16:29:26
Same thing here, laptop won’t even boot. Anyone think it’s still possible to same the drive?
Jon
Apr 02, 2012 @ 16:45:28
I had the boot problem too. The problem I encountered was that the boot partition had made inactive.
Here is how to activate your boot partition
boot from your windows install disk into repair mode.
open a DOS window.
run diskpart to activate the boot partition
c: diskpart
diskpart> select disk 0
diskpart> select partition 1
diskpart> active
diskpart> exit
You may need to use “list disk” and “list partition” to find the right values
Good Luck
Jon
Brittany
Apr 02, 2012 @ 19:38:03
I don’t understand the “Activation Code and Email”… Where am I suppose go to activate the rogue program?
My computer is completely blocked from opening/running anything, such as Malwarebytes and Rkill. After installing, I would get a pop-up saying “The extended attributes are inconsistent.”.
Joe
Apr 03, 2012 @ 03:57:51
I had the virus this week, its a nasty one. To find files you have to open the windows start menu (windows button extreme lower leftand corner) in the search box enter the program name you are looking for (i.e malwarebytes, explorer etc.) your programs will work that way, It doesnt delete programs just hides them on you hence the search. It was hard to get rid of and my computer is still not right. but did get it to stop.
kim
Apr 03, 2012 @ 08:13:57
Smart HDD got to my computer last night and wiped clean through it. The only thing that was on my entire screen when I logged back in was the word start, down in the corner. I had been using Windows Microsoft Essentials with my Gateway Firewall and it didn’t save or protect me at all.
I had a computer tech get rid of it and he did manage to get almost all of my programs back, but only by using system restore. That, I could have done no matter what bad things might happen to my system…but what I can’t get back are the files and folders far more important…ALL of my documents and picture files/folders are gone, FOREVER!! The only ones that managed to survive were the few that are saved, on the start menu, when Notepad is used.
Sick doesn’t even begin to describe how I feel, and Microsoft lies for claiming they are good enough to protect you from being attacked, let alone being rap_d!! I’m using AVG now, forever and when I get back. AVG—After Visiting God.
quantum
Apr 09, 2012 @ 15:44:54
Just had my work laptop infected with this. McAfee did not find it. What a mess!
dennis
Apr 14, 2012 @ 02:04:37
i have nothing left in my start menu or no icons on my front page when my cp loads up what this all about and how do i get back?
TrickiT
Apr 14, 2012 @ 03:39:39
I have been fighting this POS virus since last Friday, no idea how I even got it! It hid everything but so far I got things back… but it has been a process. Keep looking for your files, they are probably still there…
jeremy
Apr 15, 2012 @ 00:48:28
@Dennis, try this to restore all default shortcut links.
1. Open Control Panel, Appearance and Personalization, Customize the Start Menu.
2. Click on the tab that says “Start Menu”. Click on the “Customize” button.
3. At the bottom, click on “Use Default Settings.”
4. That method will restore Windows default start menu.
Russ
Apr 15, 2012 @ 01:33:35
Your files are not gone, just hidden. The virus switches all your folders to hidden. Go to any folder you can get to, even if it doesn’t show anything in the folder anymore. Click on “Tools”, “Folder Options”, “View”. Where it says “Hidden Files & Folders” click “Show All Files and Folders”. Then at the top of the dialog box click “Apply to All Folders”. Click “Apply” at the bottom, and your folders magically re-populate.
Candace
Apr 18, 2012 @ 02:39:38
I just want to say thank you so much for posting the steps to take to remove the virus !! It attacked my husbands computer and thankfully I was able, with your help, to restore everything.
Susan Ganiebny
Apr 19, 2012 @ 10:13:16
Thank you so much for this information. This horrible program installed itself on my netbook and fortunately I was able to gain access via another laptop to get this information. I finally got control back of my netbook enough to remove the program and I then did a system restore back a few months to get my settings back. I have no idea how this thing got on my netbook but the people who are putting this on websites should be shot! What if no-one has a clue where to even look to get rid of it? I have warned everyone I know of this virus and recommended this site to them. Keep up the good work!
JH
Apr 19, 2012 @ 18:49:45
if you search the net there is a program called unhide.exe which when you run it will unhide all your files. it is something to do with the status of the file (-H or +H)
This program reverts them to default
jeremy
Apr 20, 2012 @ 00:53:28
I am suffering from this virus at the mo mite not be gone yet but I clicked uninstall and deleted everything to do with it and it appears to be working tho really slowly I admit!!! By the way, to delete it I did it via safe mode with networking so the virus wasn’t able to work!!! Hope it has gone tho as it’s actually quite scary yet sad to think that some silly twit out their is bored enough to inflict serious damage on other peoples computers someone should do it to there’s. Also
with all the technology currently out there you would think that they would have found away to track these people down by now!!!
Amy Hollins
Apr 22, 2012 @ 15:27:44
I am suffering from this virus at the moment. It is not yet gone. I clicked on uninstall and deleted everything to do with it and it appears to be working though really slow! By the way, to delete it, I did it via safe mode with networking so the virus won’t be able to work! Hope it is gone now. It is actually quite scary yet sad to think that some silly twit out they are bored enough to inflict serious damage on other people’s compute. Also with all the technology currently out there, you would think that they have found a way to track these people by now?
Christian
Apr 22, 2012 @ 16:59:37
HDD took a hold of my computer yesterday. My desktop went black, the screen shot above appeared, and all icons disappeared. I spent an hour and half on the phone with HP support. They got my computer running again but didn’t get rid of the virus, b/c this morning the black screen was back. I will try some of the steps above to get rid of it.
Very maddening since my laptop is less than a year old and I purchased anti-virus software to prevent this sort of thing…
Wes
Apr 22, 2012 @ 20:05:49
All our files got wiped today. I didn’t know it was a virus until it was too late. I had an extra hard drive attached an it deleted those files but left the folders. Open them and they are empty. We’re not technical but tried some of the comments but nothing worked.
Thankful
Apr 23, 2012 @ 18:05:51
Rkill, MalwareBytes and unhiding my folders worked perfectly, thanks so much!!!
Thom
Jul 02, 2012 @ 11:52:04
My computer was infected this Saturday after I clicked on a link at a company site while researching a product they were selling that was advertised on Groupon. My AVG anti-virus DID NOT catch it. Next thing you know, my desktop is black and I am getting all these warnings just like the article says. After several frustrating hours of trying to remedy the problem myself, I called AVG and spent $199.99 for their tech support and after an excruciating 23 hours of their techs working diligently, they were able to restore my laptop and all of my programs and files to include my desktop back to working condition. And yes, I feel as though I was “mugged” online. Whoever is responsible for this type of crime – and it is a crime – should be caught and punished. I am grateful that the techs at AVG were able to restore my computer and rid it of the virus. It is a very nasty and destructive virus that appears to be able to sidestep even the best anti-virus protection. So, be careful.
Ed Smith
Sep 04, 2012 @ 05:11:26
With this Smart HDD it is possible to get a blue screen when booting up. Getting ready to try all suggestion on trying to get the system to boot in normal mode. Right now I can get into safe mode.
I welcome any other suggestion to help with this problem. Thanking you in advance