HDD Low - New Fraud Malware

Discussion in 'Et Cetera, Et Cetera' started by b.c., Dec 28, 2010.

  1. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    I've written before about fraud ware and malware concocted no doubt by some dweeb in serious need of a blowjob, that is, if anyone could find it for 'em, because if they weren't dickless they'd probably have more to do than sit around concocting bullshit invasive programs.

    Last one I wrote of was a phony Security Essentials Alert that tried to get the recipient to log on to a fraud software site and download even more bogus programming.

    This new offering from DWEEB CENTRAL is called HDD Low. One of our computers was recently infected by this latest spawn of the truly worthless. If they had any real balls, they'd be able to develop programs that people want. Instead they create something that loads onto your machine and begins with phony pop up messages saying shit like "hard drive scan required" "missing hard disk" "private data at risk" and other fradulent messages, just to trick someone into buying their worthless tripe.

    If you try to run the HDD Low scan it tries to direct you to some site where you're supposed to be dumb enough to load up ADDITIONAL worthless software, for a price.

    Here's what to do: Ignore the popup messages. They're all phony. Instead, right click on the HDD Low icon on your desktop and look under properties. You'll see the name and location of the infecting application and the exact time it was created. It'll probably read: c/user/username/appdata/local/temp/85923806.exe (that last item is the culprit itself). Go into your files under C, find that location, delete the files, and empty your bin.

    It'll also set up c/users/username/appdata/roaming/Microsoft/windows/start menu/Hdd low and Hdd low 1. Delete that shit as well. Then do a search ("everywhere") for all files created from the exact "file created" time (noted when you right clicked on the HDD Low icon). Remember to include hidden files in your search. After finding their location, delete them all. Empty your bin.

    Run regedit. Note, all the while it'll keep trying to popup these critical error messages, but keep re-entering regedit and ignore the messages. In regedit delete the line that references 85923806.exe (It'll be in HKCU\Software\Microsoft\Windows\CurrentVersion\Run).

    Then run your malware removal programs (again ignoring the popups). Microsoft Security Essentials found one file and removed it. The virus programs detected nothing (because it's not a virus).

    But SPYBOT found the malware itself "Fraud.HDDDefragmenter" and about a dozen other "nasties" it brought along for company.

    During the scans critical error message boxes will prompt you to log off because of (some bogus shit...can't recall) Don't log off. Ignore it. Don't click ok, nor the X in the corner of the box. Doing either will log you off. The asswipes created this no doubt because they don't want to give you time to scan for the malware.

    Anyway, after two scans, and the above actions I ridded the computer of this latest nuisance. So I guess for now, the dickless in dweeb central will have to sit around with their knuckles up their bungholes until they come up with something a little more challenging, eh? :cool:
     
    #1 b.c., Dec 28, 2010
    Last edited: Dec 28, 2010
  2. StaffnRod

    Gold Member

    Joined:
    Feb 1, 2008
    Messages:
    2,488
    Likes Received:
    331
    Gender:
    Male
    Location:
    Never Never Land
    Nice update on those A**holes over at Dweeb Central :haha:
    The remedy for this affliction sounds a bit like what one had to go thru with the nasty 'Vitumonde' log-on & self-perpetuating scrum of years past. Now saved for future reference along with your prior offering for the S.E. Alert . :up:
    One helpful site I have found to keep tabs on such crap-
    Rogue | im-infected.com
    Kudos good Sir--- :beerchug:
     
  3. Mr. Snakey

    Gold Member

    Joined:
    Apr 9, 2006
    Messages:
    24,702
    Likes Received:
    25
    My brother is running XP. I installed Firefox browser over 2 years ago and told him to use it and do not use Internet Explorer. He has not had one virus or any malware at all. Well my nephew was surfing using Internet Explorer and they got hit with this. To the average computer user this can be very daunting. The icon for this is made to look like Smart Defrag which is a very good program. We got hit with a monster snow storm. I haven't had time to get over there and get rid of it. The other accounts on the computer are fine. He is using one of them till i get over there. The Malware is getting smarter. To anyone running Windows. DO NOT use Internet Explorer. USE Firefox. Stay away from Facebook, MSN and the like. Thats where it's coming from. If you continue to use Internet Explorer you will not have a computer for very long. Run Linux. Get a Mac. Thank you B.C for making people aware of this.
     
    #3 Mr. Snakey, Dec 28, 2010
    Last edited: Dec 28, 2010
  4. Rikter8

    Gold Member

    Joined:
    Jun 30, 2005
    Messages:
    4,488
    Albums:
    3
    Likes Received:
    51
    Gender:
    Male
    Location:
    MI
    Ive already had a couple like that.
    There's multiple variants of it running about.

    The only way I could remove it was using Malwarebytes and Spybot Search and destroy on one PC. Cleaninig the registry with Glarysoft Utilities helps get all they keyes out of the registry rather than trying to do it manually.

    The other infected PC exhausted my tools, and was too infected to rescue. This variant was a VX2 virus and replicated itself as fast as the files were being handled. Externally extract user data using a IDE/SATA to USB converter and then full format, and re-install.

    Most of these viruses are coming through outdated Java applets and porn sites - so use extreme caution, and keep your Java updated.

    Thank you for the update
     
  5. Industrialsize

    Staff Member Moderator Gold Member

    Joined:
    Dec 23, 2006
    Messages:
    24,280
    Albums:
    2
    Likes Received:
    2,118
    Gender:
    Male
    Location:
    United States
    More evidence that I'm happy with being a MAC guy.
     
  6. Rikter8

    Gold Member

    Joined:
    Jun 30, 2005
    Messages:
    4,488
    Albums:
    3
    Likes Received:
    51
    Gender:
    Male
    Location:
    MI
    I havent looked at your gallery for a while. Glad I did.
    Some awesome pictures in there!! Wow very cool.
     
  7. Mr. Snakey

    Gold Member

    Joined:
    Apr 9, 2006
    Messages:
    24,702
    Likes Received:
    25
    I agree it is important to keep Java updated. However the main problem is Internet Explorer and Active X being enabled in that browser. It means one thing. Any web site can run any content they want too on your computer. It is a big open door for viruses and Malware. Firefox dose not allow Active X in it's browser. If Windows users would use Firefox they would cut down their Malware and Viruses by at least 70%. With Active X enabled in Internet Explorer anybody can get inside your computer and do whatever they want. Viruses, Malware and your personal information. They can even hijack your computer and take control of it. Active X is the biggest security risk (in the browser) out there for computers today.
     
    #7 Mr. Snakey, Dec 28, 2010
    Last edited: Dec 28, 2010
  8. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    Appreciate the added info. I'm not sure which browser my family member was using at the time of infection (we have both), but we'll be sure to try to stick to Firefox in the future.
     
  9. Not_Punny

    Gold Member

    Joined:
    Jul 7, 2007
    Messages:
    5,542
    Albums:
    2
    Likes Received:
    1,204
    Gender:
    Female
    Location:
    California
    I feel your pain. I lost one computer and one laptop to the dweebs in the last 10 months.
     
  10. b.c.

    Gold Member

    Joined:
    Nov 7, 2005
    Messages:
    9,259
    Albums:
    1
    Likes Received:
    1,666
    Gender:
    Male
    Location:
    at home
    ^Heard that...

    One other thing I forgot to mention: as soon as I realize my machine has been infected by malicious programming, I DISABLE my connection to the internet until I get it fixed (unless I need it for information on the infection, which I usually get from another source anyway). I do that via the control panel and/or pull the ethernet cable from the back of the machine.

    Severing the tie to the internet interrupts the process for which the malware was created and, I believe, improves one's chances of defeating the infection.
     
  11. Mr. Snakey

    Gold Member

    Joined:
    Apr 9, 2006
    Messages:
    24,702
    Likes Received:
    25
    This is my work now. I fix computers from my home. I run Linux. No viruses or malware and it hasn't crashed once in the 3 years im running it. I love music and movies. It burns movies and music better than Windows. I can even fix Windows or a Mac with it. I have a total of 4 computers now. They all run Linux except for one. That has Windows 7 Ultimate on it. That is for work. The only (one) time i click on Internet Explorer is too download Firefox. So its testing time. I visited every porn site, torrent site and known nasty place. Scan after scan with Malwarebytes, Spybot, Avast ect nothing. In the safe mode. I did the same with Vista and XP. Windows can be a very safe operating system provided you use Firefox. Macs are a little less prone too viruses. Yes. However they are overpriced and Apple has been selling Mac users personal and location information for years. So if you value your privacy stay away from anything made by Apple. They are hacking I tunes like crazy. You can hack a I phone in about 90 seconds. So in terms of safety they are becoming just as bad if not worse than Windows.
     
    #11 Mr. Snakey, Dec 29, 2010
    Last edited: Dec 29, 2010
  12. StaffnRod

    Gold Member

    Joined:
    Feb 1, 2008
    Messages:
    2,488
    Likes Received:
    331
    Gender:
    Male
    Location:
    Never Never Land
    I had to come back to this thread & give thanks to all posters here who have shared such valuable tips & guidance: Starting with this tidbit, as I learned in dealing with 'Virtumonde' years ago :up:
    This truly is the Ultimate user Advice - Kudos due our 'Guru Extraordinaire' Mr. Snakey :wink:
    Had strayed from FireFox a few years back (when it slowed due bloatware circa Ver. 2.8 - 3.0) & resorted to tweaking IE on the various Win 2k then Xp machines on hand. Being a KISS based old-timer have relied on WinHelp forums to resist change to infernal Vista and clung to IE7 (as advised) to struggle along, as many have to do with these MS - B.Gates machines.
    With the proliferation of malware /gremlins in 2010, I kept facing those IE must close messages- especially with multi open browser windows/5+ tabs - reboots - toiling with scanned nasties etc. etc.
    Finally with this thread, I realized it is ActivX in IE that is the culprit, being integrated as a core WinOS component.
    Since switching to Firefox 3.6++ in Jan., have NOT had One browser induced crash on a simplistic WinXp system protected with stnd. Win Firewall, running only AVG free and manual MalwareBytes free scans monthly.
    Thank God... & Mr.Sn for this sage advice. :slomo:
    Life is So Much simpler - and I look to our 'guru' for any future guidance.
    :beerchug:
     
  13. Rikter8

    Gold Member

    Joined:
    Jun 30, 2005
    Messages:
    4,488
    Albums:
    3
    Likes Received:
    51
    Gender:
    Male
    Location:
    MI
    By the way...the new Avast Antivirus v.6 will find parts of this malware and remove them.
    Malwarebytes latest definition packs also find this FakeAlert malware, as well as Spybot Search and Destroy.

    Snakey is right - use Firefox where possible.
     
    #13 Rikter8, Apr 7, 2011
    Last edited: Apr 7, 2011
  14. crescendo69

    Gold Member

    Joined:
    Aug 27, 2006
    Messages:
    8,142
    Likes Received:
    20
    Gender:
    Male
    Location:
    Knoxville, TN
    My cams and vids run jerky on Firefox, but not on IE. Any explanations?
     
  15. StaffnRod

    Gold Member

    Joined:
    Feb 1, 2008
    Messages:
    2,488
    Likes Received:
    331
    Gender:
    Male
    Location:
    Never Never Land
    Spot On Sir Rikter, with excellent advice from a LPSG Win-help 'Team Leader' :biggrin1:
    And for:
    Assume you are running Win Media Player OR similar others?,
    IMHO Suggest you install VLC player avail. Free at VideoLAN Wiki, pending any comments from either of the above gents.:wink:
    Have used this as have others, to smoothly run/play all known media files for years, both in IE or now FireFox preferably. Just install VLC with its default settings, seamless Codecs and a builtin FireFox plug-in to handle any .asx/.wma/.wmv files. That may/hopefully resolves the issue .. :tongue:
    FireFox is so good.. calling for near weekly updates of one ActivX/com DLL,
    that being Adobe's Flash Player 10.x
    Don't overlook the great--lean FlashGot AddIn with right click features providing direct *flv downloads ...
    Its a fast, simple interfaced, multiple format file DLoader capable of :
    Grabbing Flash(.flv) video streams from nearly any single page or site

    Note: In FFx as I now use it,
    - FlashGot will (StandAlone) Or allow integration into a DownLoad Helper extension

    Keep On -- Staffy
     
Draft saved Draft deleted