An all-too-familiar scenario: you’re surfing the web with your browser thinking that you’re safe thanks to your secure software, ad blocker and updated virus definitions. Then suddenly you see a pop-up in the notifications area. Something about a disk drive failure or corrupt data.
Maybe your browser crashes. Then about 50 warning windows pop up telling you there’s something seriously wrong with your hard disk and you need to scan for problems right now.
However, those aren’t real warnings, they’re generated by a Trojan virus that goes by many names, including WinHDD, HDD Scan, System Check, System Fix, Data Recovery, Master Utilities, PC Repair, System Repair, Windows XP Repair, Windows XP Fix and others. This malicious program that affects Windows XP, Vista and 7 will make you think it’s scanning for problems when it’s actually creating them.
Most people’s first reaction is to panic, even if just a little. This attack is sudden and can happen even if you’re careful. The good news is that there’s a way to get rid of HDD Scan that won’t cost you any money up front and only takes a few minutes. Here’s how.
If the virus program you currently have didn’t catch HDD Scan when it first embedded itself in your system, it’s probably not much use to you right now. The way the virus works is it makes your computer seem like it has serious problems. It blocks you from launching programs (including some virus scanners), installing programs, and makes stuff in your Start Menu disappear.
The really evil thing is that HDD Scan pretends to be a helpful virus remover and computer fixing program. It prompts you to pay for the full program to make these problems go away. Don’t fall for this: paying the money won’t make the problems stop.
Since your virus program is out of commission and you can’t install a new one, you’ll need something that can run from a USB key or otherwise do an end run around HDD Scan.
Step 1: Turn your computer off.
Step 2: Use another computer to download two programs: Hitman Pro and Malwarebytes’ Anti-Malware. Both of these are free to use on a limited basis. That’s all you need to get rid of the virus initially. Copy the .exe files to a USB key.
Step 3: Turn on your infected computer but start it in Safe Mode with Networking.
Different computers have different methods of booting this way which usually involves hitting and F1 – F12 key or Esc. If you don’t know how, Google “Safe Mode” and your computer model name and you should find directions.
Step 4: Once your computer is fully booted, plug in the USB key and open it in Windows Explorer.
You may see some of those same hard drive warnings. Ignore them. Don’t even try to click. These windows might cover up other windows. Just move them to the side and out of the way.
Step 5: Double-click on the HitMan Pro file first. Choose “I only want to perform a one-time scan” on the Setup screen.
The program may ask you for a license key or ask if you want to activate a free trial. Sometimes the free trial activation goes awry. If so, connect your computer to the Internet and try again.
Step 6: Once Hitman Pro is scanning, leave your computer alone for a while. It should take just 10 − 30 minutes.
Step 7: When the scanner is done you’ll probably see a long list of threats, including some Trojans and tracking cookies. Make sure all the viruses are set to Delete, then click Next.
Step 8: Hitman Pro will remove most viruses right away. Most of the evil popup windows from HDD Scan will disappear at this point. Shut down the computer, then turn it on again to clean off the rest.
Step 9: Let your computer restart normally. A pre-boot screen will show the last of Hitman Pro’s cleaning process, then Windows will start.
Step 10: Open up the USB key in Windows Explorer again and double click the Malwarebytes file. Allow it to install on your computer.
Step 11: Once installed, the program will ask if you want it to Update and Launch. Leave both options checked and click OK.
Step 12: Once updated, Malwarebytes will launch. Click the Perform a Full Scan option, then Scan.
Step 13: When the scan is complete a dialogue box will pop up. Click OK and then the Show Results button. There will probably be a few leftover issues. Click Remove Selected.
Your computer is now clear of the HDD Scan / WinHDD virus.
If some of your Start Menu items, files, or programs are still missing, download the Unhide.exe utility. This will remove the “hidden” attribute the virus applies to some files to make it look like they disappeared.
One last thing: if your current virus software didn’t stop HDD Scan this time, it won’t next time, either. Which means it’s time to upgrade. Both Malwarebytes and Hitman Pro have full, paid versions available to you for long-term protection.