Drive C initializing error can occur at any time with any computer. In this post for today we will tell you about the way cyber hackers use this fake warning about actually fake system problem in order to scare users. They invented the virus software called System Check. They tell users that this is the type of hard drive optimization software you need to make your system function without errors. There are many other fake HDD programs similar to System Check virus, by the way. They first started to appear back in the fall of 2010 with quite frequent periodicity. System Fix is their another very similar representative. All these hoax tools arrange the fictitious scan of your computer each time you turn it on. This is the amendment they make into your settings during the very infiltration process. Hence, this fake HDD tool would be the very first program you would encounter to be launched with every Windows startup. You are actually unable to remove this rogue security program from your computer as easily as you want (via Control Panel of your computer). You would simply not locate this software in the list “Add / Remove Programs”. The reason why this malware behaves like that is that it intends to deceive you and to trick you into buying the hoax software. Do not make this tragic mistake. Disregard the malware attempts and offers to make payment in favor of cyber crooks. Remove this infection as described in the section below. Ignore all its fake messages, ignoring the one about drive C initializing error. Below is the quote from this malware sample:
Drive C initializing error.
In order prompt you into purchasing this fake system optimizer the virus would initiate the bogus scan of your computer each time you turn your computer on. It would then tell you about all sorts of errors, problems and bugs primarily having to do with your hard drive, memory and system issues. Nothing reported by this hoax should be trusted by you. The error it claims to detect aren’t peculiar to your computer. However, this badware would indeed create multiple problems for your computer. They would have to do with your files, folders, icons and other data missing. They have the hidden attribute because of fake HDD malware infiltration and they, in fact, were relocated to other places on your hard drive specifically created by the virus. In order to remove the virus that causes this fake warning to appear please follow this removal guide. Restoring the files can be another challenge for you. We’ve thought about it too and developed the article on file and folder recovery after virus attack. This data recovery and file restore article is totally free for you.
Screenshot of fake error presented by malware:
Drive C initializing error
List of fake HDD virus files:
- %CommonAppData%\~[random]
- %CommonAppData%\~[random]
- %CommonAppData%\[random]
- %CommonAppData%\[random].exe
- %AppData%\Microsoft\Internet Explorer\Quick Launch\[Fake HDD name].lnk
- %Desktop%\[Fake HDD name].lnk
- %StartMenu%\Programs\[Fake HDD name]\
- %StartMenu%\Programs\[Fake HDD name]\[Fake HDD name].lnk
- %StartMenu%\Programs\[Fake HDD name]\Uninstall [Fake HDD name].lnk
- %Temp%\smtmp\
- %Temp%\smtmp\1
- %Temp%\smtmp\1
- %Temp%\smtmp\2
- %Temp%\smtmp\3
- %Temp%\smtmp\4
List of fake HDD virus entries:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘Yes’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = ‘.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.scr;’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer “NoDesktop” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]“
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = ’1′
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “Hidden” = ’0′
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced “ShowSuperHidden” = ’0′
File Location Implications:
%Desktop% implies that the file is located straight on your PC’s desktop. The full and detailed location is C:\DOCUMENTS AND SETTINGS\Current User\Desktop\ for Windows 2000/XP, and C:\Users\Current User\Desktop\ for Windows Vista and Windows 7.
%Temp% stands for the Windows Temp folder. By default, it has the location C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\Current User\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\Current User\AppData\Local\Temp for Windows Vista and Windows 7.
%AppData% means the current users Application Data folder. By default, it has the location C:\Documents and Settings\Current User\Application Data for Windows 2000/XP. For Windows Vista and Windows 7 it is C:\Users\Current User\AppData\Roaming.
%StartMenu% stands for the Windows Start Menu. For Windows 95/98/ME the location is C:\windows\start menu\, for Windows XP, Vista, NT, 2000 and 2003 it stands for C:\Documents and Settings\Current User\Start Menu\, and for Windows Vista/7 it is C:\Users\Current User\AppData\Roaming\Microsoft\Windows\Start Menu.
%CommonAppData% means the Application Data folder in the All Users profile. For Windows XP, Vista, NT, 2000 and 2003 it has the location C:\Documents and Settings\All Users\Application Data\, and for Windows Vista/7 it is C:\ProgramData.
