December 13, 2010

How to Remove HDD Rescue, a Nasty Malware on PC’s

If you have a HDD Rescue window popping up on your PC, the PC has been infected with the HDD Rescue malware. It is a particularly nasty malware and difficult to remove. Continue reading on how to remove HDD Rescue from your PC.
How HDD Rescue Malware Auto-installs
HDD Rescue auto installs itself when you visit an infected website. The malware may be in the webpage or the rollover ads that the website is displaying. Note: you do not even need to click anything; just a visit to the infected webpage is enough to get this malware.

What happens with HDD Rescue
Once installed, it will keep popping up fake error messages to force you to buy the software. Opening other applications on the PC will also pop up these fake error messages. Do not click on these popups or run HDD Rescue; use Task Manager to delete these processes.

HDD Rescue cannot be removed through the control-panel or the Task Manager. The Task Manager will show a process 1776814.exe running periodically, however, killing this process does not remove HDD Rescue. Symantec and other anti-virus programs do not detect HDD Rescue yet and cannot remove it.

How to Remove HDD Rescue Malware
Malwarebytes’ Anti-malware seems to be the only software that detects and removes this malware. Download Malwarebytes free version and then run a full scan on the PC to remove HDD Rescue.

Once HDD Rescue is deleted and the PC is restarted, remove HDD Rescue from the ‘Startup’ tray also.

Startup > Run > msconfig

Under ‘startup’ tab uncheck any HDD Rescue entries

Once removed, re-run a full scan of Malwarebytes once more to make sure.

Other steps to remove HDD Rescue are listed here.

How to Avoid HDD Rescue Malware
The ideal option is to not visit infected websites. This is not always practical as you may not know which websites are infected. And, the malware may come through a rollover web-ad that plays forcibly.

To check if a website is infected, Google its URL to see if Google is reporting it as a malware infected website. However, Google may not have the most current status of the website and thus cannot be relied upon 100%.

Finally, the best option is to use a modern browser such as Safari or Chrome, rather than older browsers such as Internet Explorer or Firefox, which will minimize the possibility of infections