The problem of your computer’s hard drive clusters being damaged is a real one. It can occur with any computer, irrespective of whether it is old or new one. The hardware part of our PC is not intended to last forever. So, with time it no longer functions as it should. Sometimes running legitimate system optimizer tool can help you to relocate you data to clusters that are still functioning well. In rare cases purchasing brand new hard drive might be the only right solution. Be careful, however, when such message appears in front of you. Nowadays there are very many fake HDD programs that claim to be some superb system optimizers. They would present many fake system error messages, including the one about the hard drive clusters of your PC being damaged. System Check virus is the good example of such bogus fake HDD tool, and here is the message that it originates:
Damaged hard drive clusters detected. Private data is at risk. Restore is required
The above-mentioned notice is fake because it is produced by System Check virus. This program is not legitimate, unlike other types of software installed on your computer. Just as an example, have a look at your Control Panel into the section where you can add or remove programs. Do you see System Check application there? No, not at all. However, you do see it on your desktop, don’t you? The program does not ask for your consent to enter your computer. It appears suddenly when user does not realize this. He/she cannot really trace the very process of this malware infiltration. This virus, being successfully brought into your computer, disables Task Manager and creates registry entries in order to be launched automatically each time you turn your PC on. Then it gives you many other fake error notifications, similar to the one about your computer’s hard drive clusters being damages. All those errors it reports are fabricated and must not be considered as real or serious by you, if they are reported by malwares like System Check or similar ones. The reason why this program tells you about them is because it wants to scare you into purchasing its licensed version. It would tell you that all those errors would be fixed if your purchase its registered or commercial sample, with indication of its license code or serial number. Do not make the serious mistake of paying for this malware tool. By doing so you are not only wasting your money but, in fact, supporting the criminals who developed this PC infection, giving them a chance and motivation to create other malwares. If you have already effected the payment please dispute the charges immediately via your good bank, telling the bank officers that you’ve actually purchased the virus program and not the legitimate one.
In order to successfully remove System Check virus please follow this special virus removal guide. You will need to download powerful anti-malware application from the list of legitimate applications reviewed in this blog. Finally, you would have to recover your missing files, folders, icons, shortcuts and programs that were hidden by the above-mentioned fake HDD program. To restore them please pay attention to these file recovery instructions. Install some reliable anti-virus software with permanent real-time protection to prevent all possible malware attacks in the future.
Screenshot of fake error presented by malware:
Fake hard drive error
List of fake HDD virus files:
- %CommonAppData%\~[random]
- %CommonAppData%\~[random]
- %CommonAppData%\[random]
- %CommonAppData%\[random].exe
- %AppData%\Microsoft\Internet Explorer\Quick Launch\[Fake HDD name].lnk
- %Desktop%\[Fake HDD name].lnk
- %StartMenu%\Programs\[Fake HDD name]\
- %StartMenu%\Programs\[Fake HDD name]\[Fake HDD name].lnk
- %StartMenu%\Programs\[Fake HDD name]\Uninstall [Fake HDD name].lnk
- %Temp%\smtmp\
- %Temp%\smtmp\1
- %Temp%\smtmp\1
- %Temp%\smtmp\2
- %Temp%\smtmp\3
- %Temp%\smtmp\4
List of fake HDD virus entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
