05/20/2011

Is That Your Hard Drive Failing? Nope, It's Probably Malware

If you've never experienced a real-life hard drive failure consider yourself lucky. And warned.

It's only a matter of time before yours goes south. In my case, being a geek both in my personal and business lives for many years now, I've had more hard drives fail than I can count.

Even if you've got good backup software (and you're sure the backups restore properly), the restoration process is always painful and more time consuming than you expect. If you don't have backups, well, well... you may just be screwed.

Sure, there's special hard drive recovery software that can often be brought in to save the day and there are hard drive recovery services, too, although these services can carry a staggeringly hefty price if you have a lot of data to recover, a complex RAID hard drive setup, and/or an especially tricky drive crash.

No matter what, no one, except those folks in the data recovery business like hard drive failures.

It's this fear of data loss that's motivating the latest malware writers to do their thing and create craptastic software no one needs--and certainly no one wants.

Our friends at Symantec, makers of Norton Antivirus Software have spotted something new: malware that fakes hard drive failure. How icky is that?

In this particular case, the malware, which Symantec is calling, "Trojan.Fakefrag" is they say, essentially a wrapper around UltraDefragger.

How do you know if you've been infected? Here's what Symantec says to look for:

  1. It moves all the files in the "All Users" folder to a temporary location and hides files in the "Current User" folder. This makes it look like you have lost all the files on your desktop.
  2. It stops you from changing your background image.
  3. It disables the Task Manager.
  4. It sets both the "HideIcons" and "Superhidden" registry entries to give the impression that more icons have been deleted.

Wow. Just about anyone experiencing these things would probably think their hard drive were failing, too.

What next? Again quoting the Symantec researchers,

It then "helpfully" displays a message recommending that you run a diagnostic utility on your computer, launches the Windows Recovery misleading application, and adds a link it on both your desktop and the start menu.

"The misleading application finishes the job, hoping that the victim will pull out their credit card for the $79.50 price tag.

So what's it look like?

Thankfully, they included a screenshot:
.

If you see this on your PC, and you're running antivirus software already, make sure your antivirus definitions are updated and run a full system scan immediately.

If you're not, now's a good time to take a look at getting some. It's cheaper than the malware's $79.50 price to "fix" your PC, and you'll actually be getting something for your money.