I was recently helping out in: Lost User Profile/directory
I have seen these Fakerean/FakeHDD problems numerous times in the past year or so. My mom actually had one get on her system and she was unable to log in. I now know icacls commands and attrib changes probably would have fixed it, but I did not know that at the time. In the past few months, I have asked some of the big name security software providers (Norton, Bitdefender, Kaspersky, etc.) about these malicious items and how to restore the system once the items are removed.
Many of the programs do not even detect the variants of Fakerean/FakeHDD that exist, and even when they do, they do not restore the system to a usable state. I asked a few companies what to do in this case where the malicious items are removed but the system does not log in, and they said their program did its job detecting/removing it, and it is now a Windows issue to take up with Microsoft.
The only security program I know of that is given out free, removes the malicious items, and restores the files and system settings is the Fakerean removal tool
. Sometimes it also requires the unhide tool
to get everything back as it is supposed to be.
Any security experts able to offer reasons why these malicious items are not well supported by most security software companies? What do you suggest for users who run into these variants of the Fakerean/FakeHDD malicious attacks?
Appreciate any help or insight people may provide.
EDIT: I just spoke with a Microsoft representative, and anyone having similar issues is welcome to contact them to resolve the permissions/hidden file issues.
EDIT2: I just read a little bit more about the service offered from Microsoft that I mentioned in my previous edit. It may or may not be free; possibly a $99 fee is required...