My Hard Drive is Bad and all My Programs and Data are Gone! … Or are They?
Posted in Computer Repair, Data Recovery, Rogue Security Programs
I’ve been seeing an increase in a different type of Fake Alert program in the last few months that are really annoying. I suppose the masses are now aware of the Fake Antivirus, AntiSpyware and Registry Cleaner programs by now, but there are other types of Fake Alert programs that may catch you off guard and people are falling for them. One such Fake Alert are computer analysis and optimization programs in the the Fake Hard Disk Drive (FakeHDD) family of programs.
The majority of these FakeHDD programs involve making you think your hard drive is going bad and that you have lost data. While it is possible for a bad hard drive to still work well enough to boot to Windows, some of the errors these FakeHDD programs warn you about should be fatal to your system. And if that were true, your computer shouldn’t even work enough to for you to even be seeing the alert. I hope that makes sense. Two FakeHDD programs I have been seeing recently are called “System Restore” and “Data Restore“. Some of the fake errors you might see are:
- Windows – Delayed Write Failed
- Windows detected a hard disk problem
- Hard Drive Failure
- System Error
- Fix Disk
Legitimate Hard Drive Monitoring Tools
About the only legitimate software tools most people have on their computers that may automatically warn you of any Hard Drive problems are the S.M.A.R.T. tool and Chkdsk.
SMART: “Self Monitoring Analysis Reporting Tool”. This tool is actually integrated into the firmware of most newer computer Motherboards BIOS’s and Hard Drives, but it must be turned on in BIOS. There are free and paid 3rd party software programs such as Disk Checkup that you can install to pass the information from this tool to Windows for easier monitoring and prediction of future Hard Drive failures.
Chkdsk: Chkdsk is a built-in Windows/Command Prompt utility that may run automatically on boot-up if your hard drive is flagged “dirty”, meaning Windows suspects you may have errors on your Hard Drive because of an unexpected shutdown. Of course it can also be run manually. If any bad blocks (clusters or sectors) are discovered on your Hard Drive, it may also be reported in the System Event Viewer .
Fake Hard Disk Drive Programs (FakeHDD)
Data Restore is a Fake Hard Disk Drive (FakeHDD) program that displays false alerts designed to deceive you into believing your computer has a Hard Drive problem that could result in missing or corrupt data. In fact this program will apply a hidden file attribute to many of your system and data files and folders which does a pretty good job of making you think they have been deleted, when in reality, they have been just been hidden and/or moved to a temp folder somewhere. But if for some reason, you “really” did lose your data, you may need a data recovery.
The goal of Data Restore is like any other rogue or fake alert program, to scare you into buying their product which claims it can fix the problem for you, when in fact “they” (Date Restore or whatever) IS the infection and there may be nothing wrong at all with your data or Hard Drive. But Data Restore is so persistent and invasive that it can prevents you from running or installing programs, including your antivirus program!
Caution: If you are infected with a FakeHDD like Data Restore, do not delete the contents of any Temp folders just yet, or run any Temp File Cleaners (even the beloved CCleaner), because most FakeHDDs delete your programs file shortcuts and store backups in your %Temp%\smtmp Folder. You will need to restore these files later, either manually or with a free program like “Unhide” from Bleeping Computers. Below is a screenshot of one of the screens from the FakeHDD known as “Data Restore”
Using System Restore to Remove a FakeHDD Program
I’m not going to get into how to manually remove these FakeHDDs, other than to say it is easier to prevent them. The next best thing is to restore your computer to the first available Restore Point prior to the date you got infected. If you can manage to perform a System Restore, you can probably come out pretty unscathed and should be able to remove any other remaining infections with free scanners such as Malwarebytes, SUPERAntiSpyware and Spybot, followed by a full antivirus scan. Once you are comfortable that you have restored your program file shortcuts and nothing appears hidden anymore, you can run a Temp File Cleaner like CCleaner.
The bottom line with any Fake Alert program is that if you wait too long and keep trying to use the computer, it will only get worse and you might not have the option of using System Restore anymore. Then you will be stuck having to have it manually removed, which almost always has to be done by a Pro, which will cost you about a hundred bucks or so from an independent Computer Repair Shop, or $199.99 at Best Buy. The choice is yours…