Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: How to Remove Fakerean/FakeHDD Malicious Items

15 Jun 2012   #1

Windows 7 Home Premium 64 Bit
How to Remove Fakerean/FakeHDD Malicious Items

I was recently helping out in:

Lost User Profile/directory

I have seen these Fakerean/FakeHDD problems numerous times in the past year or so. My mom actually had one get on her system and she was unable to log in. I now know icacls commands and attrib changes probably would have fixed it, but I did not know that at the time. In the past few months, I have asked some of the big name security software providers (Norton, Bitdefender, Kaspersky, etc.) about these malicious items and how to restore the system once the items are removed.

Many of the programs do not even detect the variants of Fakerean/FakeHDD that exist, and even when they do, they do not restore the system to a usable state. I asked a few companies what to do in this case where the malicious items are removed but the system does not log in, and they said their program did its job detecting/removing it, and it is now a Windows issue to take up with Microsoft.

The only security program I know of that is given out free, removes the malicious items, and restores the files and system settings is the Fakerean removal tool. Sometimes it also requires the unhide tool to get everything back as it is supposed to be.

Any security experts able to offer reasons why these malicious items are not well supported by most security software companies? What do you suggest for users who run into these variants of the Fakerean/FakeHDD malicious attacks?

Appreciate any help or insight people may provide.


EDIT: I just spoke with a Microsoft representative, and anyone having similar issues is welcome to contact them to resolve the permissions/hidden file issues.

EDIT2: I just read a little bit more about the service offered from Microsoft that I mentioned in my previous edit. It may or may not be free; possibly a $99 fee is required...

My System SpecsSystem Spec

15 Jun 2012   #2
Night Hawk

W7 Ultimate x64, W10 Pro x64 dual boot - Second remote tower W7 Pro x64

I am well familiar with that one! GFI support passed along the link for their security tool when reporting VIPRE was able to remove a fake Security Essential variant scam ware plus the four trojans it downloads on purpose prompting the user to buy a non existant program! New Variant of "FAKE" Security Essentials to be aware of!

Upon renewing the first subscription for their VIPRE Internet Security 2012 av software I mentioned the fake ware had gotten onto a laptop a friend's kis borrowed since the kid clicks to install everything! That was recommended despite already having removed the hidden executable and rogue program as well as the four trojans.

They have a March 9, 2012 report on the resurgence of Fakewares for anyone interested seen at

Their older VIPRE Rescue Program is another free download for bumping bugs off and getting Windows back running again! VIPRE Rescue - VIPRE Computer Recovery Solution from GFI Software On another laptop another fakeware created a new admin account that locked the user out much like the situation you described. Once the process could be ended in either case the removal tools would then clean things up.
My System SpecsSystem Spec

 How to Remove Fakerean/FakeHDD Malicious Items

Thread Tools

Similar help and support threads
Thread Forum
Remove Context Menu Items
Hi, Does anyone know how to delete the highlighted items in the image below? My Googling failed. Rand Marks
How to remove this malicious, mal-ware screen?
Hello, Will appreciate your help please. From a few days I have pictures and sound on my monitor screen.They are: http:// and after:, http:// and after: My MAM block access to malicious web site type outgoing, Port 49894. I have Avast up...
System Security
Remove items from Start Menu
I am trying to remove everything from my Start Menu shutdown menu. It currently has Shut Down as the main button, then the arrow shows Switch User, Log off, and Lock all greyed out, and Restart, Sleep and Hibernate Enabled. I have tried looking, but found no way. I am trying to...
How do I remove deleted items??
I think I know when I delete things they are still on the hard. They are there and can be wrote over. Is there a way to clean those things that can be wrote over? Does Ccleaner (clean free space) do that?
General Discussion
how to remove a malicious script
I have a malicious script file that prevents Adobe flash from opening Youtube or browser sites that need flash to view. This is the script file: Script: file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/components/nsPlacesDBFlush.js:235 I have uninstalled IE 8 and IE9 tried Firefox....
Browsers & Mail
How to remove recent items from programs
I followed the tutorial here but that's not necessarily what I need, I wanted to know if there was a way to turn off recent docs that can be viewed when highlighting on a certain program. For example, Paint in the screenshot.
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:00.

Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App