SMART HDD Removal

[Littlebits]

I have recently noticed several posts in the forums with users infected with SMART HDD. I have only had two customers that got this infection.

I see many removal guides for SMART HDD, but according to Malwarebytes forum, Malwarebytes can completely remove this infection without even having to go into safe mode and no other steps or tools needed.

http://forums.malwarebytes.org/index.php?showtopic=108014

Posted 31 March 2012: Is there anything else I need to do to get rid of SMART HDD?
No, Malwarebytes Anti-Malware removes SMART HDD completely.

On my two customers systems, MBAM did indeed completely removed SMART HDD wth no additional tools or steps needed.

My question, why all of these unnecessary steps and tools listed for the removal guides? Is there other variants of SMART HDD that require these extra measures or are people just acting paranoid?

Thanks.

 

[jamescv7]

Well most of the users posted on Smart HDD removal problem was the hidden of desktops that known to be an leftover infection.

As MBAM can remove it fully then other tools were just to have a second opinion to make sure no more threats existed..

 

[Jack]

Well most of the users posted on Smart HDD removal problem was the hidden of desktops that known to be an leftover infection.

Exactly , the most encountered problem is that this infection adds some policies which MBAM can't detect and remove..
Apart from the hidden files ,on some PC's I've see that the users couldn't change the theme because of some registry changes..When they tried to Personalize their Windows a message stated that they didn't have the right to do that... ( One or more of the settings on this page has been disabled by the system administrator. )

[attachment=1163]

Also there are 5 files in the Temporary Internet folder called 'explorer.exe' which MBAM won't detect......and some forms of this infection can also compromise your MBR

 

[vwsambadeluxe]

I have just spent all day going through the process, RKill screen said that access was denied but after trying every version of RKill I found that they all appeared to be successful as every one had a report in notepad. Finished the rest of the process and slowly but surely got my laptop back. Such a relief so thank you guys for the brilliant idiots guide to be rid of this curse.

 

[Littlebits]

Well most of the users posted on Smart HDD removal problem was the hidden of desktops that known to be an leftover infection.

Exactly , the most encountered problem is that this infection adds some policies which MBAM can't detect and remove..
Apart from the hidden files ,on some PC's I've see that the users couldn't change the theme because of some registry changes..When they tried to Personalize their Windows a message stated that they didn't have the right to do that... ( One or more of the settings on this page has been disabled by the system administrator. )



Also there are 5 files in the Temporary Internet folder called 'explorer.exe' which MBAM won't detect......and some forms of this infection can also compromise your MBR

There must be other variants of SMART HDD then, because the ones that I removed were very simple and didn't make system changes. All it did was hide some settings and files but MBAM fixed that.

The two customers that got infected with it remembered clicking on a fake alert on a infected webpage and downloading the file. In-spite of the warnings displayed on IE's smart screen chose to run the file anyway.

Thanks.

 

[McLovin]

The way that I have seen here, is good to follow all the steps because then you can make sure that there will be no left overs of SMART HDD and any other Fake AV for that matter. Yes Malwarebytes can remove most of it but there are some things that it will not detect as Jack said that is why to go on to another option.

 

[gteach]

I have a netbook running WIN XP that I am trying to recover from Smart HDD. Have used RSSkiller, malwarebytes and roguekiller. Started out that most of our data files were invisible, but after using unhide we could see them (they were ghostlike) but not access. After running above multiple times, as well as following instructions here the files are all visible but STILL cannot be accessed, run or modified. NOT hidden anylonger but access denied. Any ideas?

Gary

 

[Littlebits]

I have a netbook running WIN XP that I am trying to recover from Smart HDD. Have used RSSkiller, malwarebytes and roguekiller. Started out that most of our data files were invisible, but after using unhide we could see them (they were ghostlike) but not access. After running above multiple times, as well as following instructions here the files are all visible but STILL cannot be accessed, run or modified. NOT hidden anylonger but access denied. Any ideas?

Gary

Have you tried Kaspersky XoristDecryptor?

I don't know if it will work but it is worth a shot.

If you have followed all of the removal guides and still can't access your files it is possible that you might have another infection besides SMART HDD. You might just have to back up the files that you can access and reinstall Wiindows OS, that is what a support tech would do.

Good luck.

 

[jamescv7]

Smart HDD bundled with altered settings on most cases function of Windows so if you are browsing on this forum there are lots of cases and a tools were known to fix it.

 

[starvinmarvin]

Been trying to wipe out SMART - ran MBAM, HitmanPro, RKill all several times and can't get rid of it. agent.exe is sucking up CPU and still have re-directs to links.

Any ideas for further removal?

Thanks...

 

[starvinmarvin]

Been trying to wipe out SMART - ran MBAM, HitmanPro, RKill all several times and can't get rid of it. agent.exe is sucking up CPU and still have re-directs to links.

Any ideas for further removal?

Thanks...

Also noticed that explorer.exe using a lot of mem - any ideas appreciated.

 

[Plexx]

Been trying to wipe out SMART - ran MBAM, HitmanPro, RKill all several times and can't get rid of it. agent.exe is sucking up CPU and still have re-directs to links.

Any ideas for further removal?

Thanks...

Also noticed that explorer.exe using a lot of mem - any ideas appreciated.

After using RKill, before running MalwareBytes, try running Kaspersky's TDSSKiller first.

Once SMART HDD is completely removed, you will need to fix the registry.


On a side note: wonder if unlocker would kill the process of smart hdd.

Lets see if I can re-infect the virtual machine.

 

[ZeroDay]

I have a netbook running WIN XP that I am trying to recover from Smart HDD. Have used RSSkiller, malwarebytes and roguekiller. Started out that most of our data files were invisible, but after using unhide we could see them (they were ghostlike) but not access. After running above multiple times, as well as following instructions here the files are all visible but STILL cannot be accessed, run or modified. NOT hidden anylonger but access denied. Any ideas?

Gary

Personally I'd access those files from a Linux live usb and drag them all to an external hard drive, Then I'd go perform a zero fill on the hard drive, then a full format and only then re-install windows.

 

[Littlebits]

The most easy and simple way to fix this problem.

1-Backup all of your files
2-Reinstall Windows

Problem solved.

You can read various removal guides and use all the available tools but this take up a lot of time and work and as the end result, you still may have the infection or others infections that you don't know about.

The only way to make sure is to format and reinstall Windows.

Thanks.

 

[starvinmarvin]

Been trying to wipe out SMART - ran MBAM, HitmanPro, RKill all several times and can't get rid of it. agent.exe is sucking up CPU and still have re-directs to links.

Any ideas for further removal?

Thanks...

Also noticed that explorer.exe using a lot of mem - any ideas appreciated.

After using RKill, before running MalwareBytes, try running Kaspersky's TDSSKiller first.

Once SMART HDD is completely removed, you will need to fix the registry.


On a side note: wonder if unlocker would kill the process of smart hdd.

Lets see if I can re-infect the virtual machine.

I've run TDSSKiller many times and it never picked up anything. I started a new thread bec I hadn't seen this (http://malwaretips.com/Thread-SMART-HDD-Security-Shield-lingering-issues) - sorry if any confusion, but my head's gonna explode(!).

 

[starvinmarvin]

The most easy and simple way to fix this problem.

1-Backup all of your files
2-Reinstall Windows

Problem solved.

You can read various removal guides and use all the available tools but this take up a lot of time and work and as the end result, you still may have the infection or others infections that you don't know about.

The only way to make sure is to format and reinstall Windows.

Thanks.

Would have done that, but can't find the SW. Really appreciate the help in any event.

 

[Littlebits]

What do you mean by SW?

Thanks.

 

[starvinmarvin]

What do you mean by SW?

Thanks.

SW= software. Gotta be around here somewhere, but little ones seem pretty good at displacing stuff like that.

 

[Littlebits]

What do you mean by SW?

Thanks.

SW= software. Gotta be around here somewhere, but little ones seem pretty good at displacing stuff like that.

Are you talking about your Windows OS disc?
Depending on your OEM vendor, some will give you a replacement Windows disc. Some OEM Windows have a recovery disc program that allows to you burn your own replacement disc. Usually found on your Start Menu under the name of the vendor like HP, Compaq, Dell, etc.

If you have a custom system and bought Windows separate, you can use the Windows logo sticker on your system and contact Microsoft and they will usually give you a replacement disc. Sometimes they will charge for shipping.

Thanks.

 

[starvinmarvin]

What do you mean by SW?

Thanks.

SW= software. Gotta be around here somewhere, but little ones seem pretty good at displacing stuff like that.

Are you talking about your Windows OS disc?
Depending on your OEM vendor, some will give you a replacement Windows disc. Some OEM Windows have a recovery disc program that allows to you burn your own replacement disc. Usually found on your Start Menu under the name of the vendor like HP, Compaq, Dell, etc.

If you have a custom system and bought Windows separate, you can use the Windows logo sticker on your system and contact Microsoft and they will usually give you a replacement disc. Sometimes they will charge for shipping.

Thanks.

Thanks - I'll do that as a last resort. Right now, I'm kinda bent on killing this if I can. Its the principal.