Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How to Remove Fakerean/FakeHDD Malicious Items


15 Jun 2012   #1

Windows 7 Home Premium 64 Bit
 
 
How to Remove Fakerean/FakeHDD Malicious Items

I was recently helping out in:

Lost User Profile/directory

I have seen these Fakerean/FakeHDD problems numerous times in the past year or so. My mom actually had one get on her system and she was unable to log in. I now know icacls commands and attrib changes probably would have fixed it, but I did not know that at the time. In the past few months, I have asked some of the big name security software providers (Norton, Bitdefender, Kaspersky, etc.) about these malicious items and how to restore the system once the items are removed.

Many of the programs do not even detect the variants of Fakerean/FakeHDD that exist, and even when they do, they do not restore the system to a usable state. I asked a few companies what to do in this case where the malicious items are removed but the system does not log in, and they said their program did its job detecting/removing it, and it is now a Windows issue to take up with Microsoft.

The only security program I know of that is given out free, removes the malicious items, and restores the files and system settings is the Fakerean removal tool. Sometimes it also requires the unhide tool to get everything back as it is supposed to be.

Any security experts able to offer reasons why these malicious items are not well supported by most security software companies? What do you suggest for users who run into these variants of the Fakerean/FakeHDD malicious attacks?


Appreciate any help or insight people may provide.

-Mike



EDIT: I just spoke with a Microsoft representative, and anyone having similar issues is welcome to contact them to resolve the permissions/hidden file issues.

EDIT2: I just read a little bit more about the service offered from Microsoft that I mentioned in my previous edit. It may or may not be free; possibly a $99 fee is required...


My System SpecsSystem Spec
.

15 Jun 2012   #2

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

I am well familiar with that one! GFI support passed along the link for their security tool when reporting VIPRE was able to remove a fake Security Essential variant scam ware plus the four trojans it downloads on purpose prompting the user to buy a non existant program! New Variant of "FAKE" Security Essentials to be aware of!

Upon renewing the first subscription for their VIPRE Internet Security 2012 av software I mentioned the fake ware had gotten onto a laptop a friend's kis borrowed since the kid clicks to install everything! That was recommended despite already having removed the hidden executable and rogue program as well as the four trojans.

They have a March 9, 2012 report on the resurgence of Fakewares for anyone interested seen at http://www.gfi.com/page/117487/gfi-l...-and-consumers

Their older VIPRE Rescue Program is another free download for bumping bugs off and getting Windows back running again! VIPRE Rescue - VIPRE Computer Recovery Solution from GFI Software On another laptop another fakeware created a new admin account that locked the user out much like the situation you described. Once the process could be ended in either case the removal tools would then clean things up.
My System SpecsSystem Spec
Reply

 How to Remove Fakerean/FakeHDD Malicious Items




Thread Tools



Similar help and support threads for2: How to Remove Fakerean/FakeHDD Malicious Items
Thread Forum
Can anyone help me remove these context menu items? Customization
How to remove this malicious, mal-ware screen? System Security
Solved How do I remove deleted items?? General Discussion
how to remove a malicious script Browsers & Mail
How to remove recent items from programs General Discussion
Alert:Threat Type: Malicious Web Site / Malicious Code Security News
Remove start menu items Media Center

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:54 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33