Smart HDD Virus Help!!

Solved
Thread Status:
Not open for further replies.
  1. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    Hey gang, this site has helped me through so much, just from browsing. I couldn't find a topic on this though, perhaps I skipped over it, thought I'd make my own anyways.

    Long story short, was browsing one day and all of a sudden I got those fake security pop ups. Nod32 (my virus program) caught the detection a few times, quarantined it, but this seemed to override it eventually. I shut my computer down right away, just out of sheer fear (lol) and when I restarted it, saw a few things

    a) There was a Smart HDD icon on my desktop and on my start up menu
    b) My icons were hidden. Quick launch icons and even some desktop icons (have since appeared)
    c) my internet usage is gone. Can't connect to the internet and really can't do anything on the computer.

    I deleted the Smart HDD Icon, but that obviously did nothing. It's still in the StartUp menu with an option to "uninstall"

    I've ran MalwareBytes,. SuperAntiVirus, and even my Nod32. They caught all the bugs, and since I've ran those the first time, nothing else has been caught. Hope you guys can help... I'm gonna giver all night long here, but I'm not the best with computers or computer tech... I can get by. Thanks in advance and let's kill this thing!
     
  2. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    08:59
    My System
    Loading...

  3. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    Sorry about that Pancake, I knew I was forgetting to do something. In regards to the prework, what if I can't access downloads on the virus-infected computer? I'm using my desktop at the moment, so should I just download everything here, put it on a USB and transfer it on there? I'm also not 100% sure I can access my usb on the aforementioned computer.
     
  4. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    08:59
    My System
    Loading...

    Try a usb.
     
  5. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    sorry it took so long. attached are the 3 files.
     

    Attached Files:

  6. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    08:59
    My System
    Loading...

    Please download Malwarebytes Anti-Malware from Malwarebytes.org
    Alternate link: Download Mirror

    (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

    Double Click mbam-setup.exe to install the application.

    (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
    Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select "Perform Full Scan", then click Scan.
    The scan may take some time to finish,so please be patient.
    When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected.
    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    Please save the log to a location you will remember.
    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Copy and paste the entire report in your next reply.
    If Malwarebytes fails to download please use the following link:

    http://malwarebytes.org/mbam-download-exe-random.php

    =============================================

    Download Combofix from any of the links below, and save it to your desktop.
    Link 1
    Link 2
    Link 3
    When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

    Refer to this image:
    To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click PCHelpForum.exe to run it.
      You will see the following image:
    [​IMG]

    Click I Agree to start the program.
    ComboFix will then extract the necessary files and you will see this:

    [​IMG]

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If you did not have it installed, you will see the prompt below. Choose YES.

    [​IMG]

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.
    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
     
  7. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    This may be minor or an easy fix. But I can't check for updates on the MalwareBytes. Perhaps it's because I can't achieve the internet connection on my laptop? Any way around this?
     
  8. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    08:59
    My System
    Loading...

    You should be able to run it without updates.Just ignore them.
     
  9. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    Attached are two MBAM logs. One was done before this whole PCHelpForum process. When I ran it recently, there was nothing detected, but the March log shows the defects, I believe. CFlog is the combofix log. Thank you!
     

    Attached Files:

  10. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    08:59
    My System
    Loading...

    Did you get to to get on the internet now and update MBAM.If not you should be able to now.
     
  11. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    I was able to update. Re-running the program now. Shall I post that log once completed a full scan?
     
  12. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    Being progressive and attaching it anyways!

    A few updates:
    - Internet is now accessible
    - "New programs have been installed" shows up on my Start option, but it has old programs that were previously "hidden" or not shown.
    - Some programs, most notably my iTunes, are there, but the icon is the white window with the blue header (when I click on it, it says "this action is only valid for programs that are installed" or something along those lines)
    - I've still left all of my previous anti-viruses and such until further instruction from you. I'm currently using Nod32.
     

    Attached Files:

  13. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    08:59
    My System
    Loading...

    Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.

    You can now uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall
    [​IMG]

    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

    Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

    Please download OTC to your desktop.

    Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
    Click on the CleanUp! button and follow the prompts.
    You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
    After the reboot all the tools we used should be gone.
    Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

    Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
    Afterwork
    Malware Prevention
    How Did I Get Infected
    More Tips on Prevention

    =============================
     
  14. sdeaz31

    sdeaz31 New Member Bronze Member

    Joined:
    May 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    18:59
    My System
    Loading...

    Hands down one of the best sites on the internet... absolutely unreal. Thank you so much. I can't give this site enough praise. I may be back here again shortly as my parent's desktop is also infected. One last thing though, as I mentioned, this virus hid or deleted a lot of programs already on my computer. I haven't come across one that I would recognize right away that wouldn't be there anymore, but is it possible that it would've completely erased/deleted a program?
     
  15. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    18:59
    My System
    Loading...

    No, the files are just hidden, an after affect of the malware.

    Please download Unhide by Grinler from here

    Save it to your desktop and double click Unhide.exe to run it

    Has that resolved the hidden files issue?
     
Similar Threads
Forum Title Date
System Security Smart HDD virus Dec 16, 2010
System Security smart security virus removal Nov 1, 2010
System Security Seeking help from someone smarter! (virus?) Sep 18, 2008
System Security "Total Uninstall Eset" Eset Smart Security Gives me Trojan Warning!!!! Jul 9, 2013

Thread Status:
Not open for further replies.