How to Remove Fakerean/FakeHDD Malicious Items

writhziden

writhziden

Closed by request.
Local time
7:54 PM
Messages
11,269
Location
Colorado
I was recently helping out in:

http://www.sevenforums.com/general-discussion/234461-lost-user-profile-directory-2.html

I have seen these Fakerean/FakeHDD problems numerous times in the past year or so. My mom actually had one get on her system and she was unable to log in. I now know icacls commands and attrib changes probably would have fixed it, but I did not know that at the time. In the past few months, I have asked some of the big name security software providers (Norton, Bitdefender, Kaspersky, etc.) about these malicious items and how to restore the system once the items are removed.

Many of the programs do not even detect the variants of Fakerean/FakeHDD that exist, and even when they do, they do not restore the system to a usable state. I asked a few companies what to do in this case where the malicious items are removed but the system does not log in, and they said their program did its job detecting/removing it, and it is now a Windows issue to take up with Microsoft.

The only security program I know of that is given out free, removes the malicious items, and restores the files and system settings is the Fakerean removal tool. Sometimes it also requires the unhide tool to get everything back as it is supposed to be.

Any security experts able to offer reasons why these malicious items are not well supported by most security software companies? What do you suggest for users who run into these variants of the Fakerean/FakeHDD malicious attacks?


Appreciate any help or insight people may provide.

-Mike



EDIT: I just spoke with a Microsoft representative, and anyone having similar issues is welcome to contact them to resolve the permissions/hidden file issues.

EDIT2: I just read a little bit more about the service offered from Microsoft that I mentioned in my previous edit. It may or may not be free; possibly a $99 fee is required... :(
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium 64 BitIntel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz6.00 GB Hundai HMT125U6BFR8C-H9ATI Radeon HD 4850
Computer Manufacturer/Model Number
HP Pavilion e9110t
OS
Windows 7 Home Premium 64 Bit
CPU
Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz
Motherboard
Pegatron IPIEL-LA3
Memory
6.00 GB Hundai HMT125U6BFR8C-H9
Graphics Card(s)
ATI Radeon HD 4850
Sound Card
Realtek High Definition Audio/ATI High Definition Audio
Monitor(s) Displays
Acer AL2216W
Screen Resolution
1680x1050
Hard Drives
Hitachi HDP725050GLA360 ATA Device 500 GB
PSU
Unknown/installed by HP
Case
HP generic case
Cooling
Intel Stock Cooling
Keyboard
HP Keyboard
Mouse
HP Mouse
Internet Speed
Download: 19.15 Mbps Upload: 1.67 Mbps
Other Info
Network Adapter Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Network Adapter 802.11n Wireless PCI Express Card LAN Adapter
I am well familiar with that one! GFI support passed along the link for their security tool when reporting VIPRE was able to remove a fake Security Essential variant scam ware plus the four trojans it downloads on purpose prompting the user to buy a non existant program! http://www.sevenforums.com/system-security/222009-new-variant-fake-security-essentials-aware.html

Upon renewing the first subscription for their VIPRE Internet Security 2012 av software I mentioned the fake ware had gotten onto a laptop a friend's kis borrowed since the kid clicks to install everything! That was recommended despite already having removed the hidden executable and rogue program as well as the four trojans.

They have a March 9, 2012 report on the resurgence of Fakewares for anyone interested seen at http://www.gfi.com/page/117487/gfi-...us-programs-plaguing-businesses-and-consumers

Their older VIPRE Rescue Program is another free download for bumping bugs off and getting Windows back running again! VIPRE Rescue - VIPRE Computer Recovery Solution from GFI Software On another laptop another fakeware created a new admin account that locked the user out much like the situation you described. Once the process could be ended in either case the removal tools would then clean things up.
 

My Computers My Computers

System One System Two

  • At a glance

    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Bo...AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd r...Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper ...MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 o...
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    Custom builds = 2
    OS
    W7 Ultimate x64/W10 Pro x64/W11 Pro Triple Boot - Main PC W7 Remote PC Micro ATX W7 Pro x64/W11 Pro
    CPU
    AMD Phenom II X4 975 Deneb 3.6ghz - 965 2nd remote pc
    Motherboard
    Gigabyte GA-790XTA-UD4-Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X DDR3 1600 1.5v 16gb - Hyper X Fury 8gb 2nd
    Graphics Card(s)
    MSI HD Radeon 5750 1gb - MSI HD Radeon 6450 on mini tower
    Sound Card
    Creative Labs X-Fi Xtreme Audio P - Realtek onooard 2nd case
    Monitor(s) Displays
    ASUS VW199T-P 19" HP 2082a Main-HP 2082a 20" remote pc
    Screen Resolution
    Asus 1440x900 - HP 1600x900
    Hard Drives
    WD Black 1TB HD per OS W7, W10, and pending W11 presently on 500gb OS Drive - Pending Triple 1TB HDs for Spanned Storage/backup volume
    Single 2TB external USB enclosure, single 1TB System 7 Host/Boot drive, Pending 8TB external HD for system image b
    PSU
    Corsair 750TX - primary / Corsair CX600 - second
    Case
    Antec 900-2 - SSD compatible / NZXT Vulcan mini tower
    Cooling
    Zalman CNPS9900A
    Keyboard
    AZIO L70 Backlit Letters Gaming - ONN Cordless/USB
    Mouse
    MSI DS200 Programmable, Logitech Cordless
    Internet Speed
    30mbps upgrade - primary hard wired - mini tower usb WiFi
    Antivirus
    GFI VIPRE Internet Security 2014 on W7 2016 beta on W10,
    Browser
    Cyberfox, WaterFox 64bit FF variants, FireFox x64, Pale Moon
    Other Info
    Accomdata fan cooled usb 2.0 PIDE/Sata II, III external enclosure.
    Sambient usb/eSata PATA/Sata II, III external enclosure.

  • At a glance

    W7 Pro x64/W11 ProAMD Deneb 3.6ghz - 965Kingston Hyper X Fury 8gbMSI HD Radeon 6450 DVI Output
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    CUSTOM ASSEMBLY
    OS
    W7 Pro x64/W11 Pro
    CPU
    AMD Deneb 3.6ghz - 965
    Motherboard
    Gigabyte GA-880GM-D2H remote pc
    Memory
    Kingston Hyper X Fury 8gb
    Graphics Card(s)
    MSI HD Radeon 6450 DVI Output
    Sound Card
    Realtek onooard Creative or Other separate PENDING
    Monitor(s) Displays
    VIZIO 32" LCD TV Separate LCD Pending
    Screen Resolution
    1600x1080
    Hard Drives
    WD 500GB OS Host/Boot WD Green 1TB Storage/Backup
    PSU
    Corsair 600W - THERMALTAKE 600W spare case
    Case
    NZXT Vulcan mini tower
    Cooling
    Twin 120mm Top Fans - 240mm Side Cover
    Keyboard
    ONN Cordless/USB Logitech Cordless
    Mouse
    ONN USB/Cordless - Logitech Cordless
    Internet Speed
    DSL 5G
    Browser
    MS Edge, FireFox, WaterFox x64, FireFox Nightly
    Other Info
    OS Testing-Remote Access to Main TeamViewer
You must log in or register to reply here.

Similar threads

Locks appearin on certain sub folders of main user account, how to fix
Replies
3
Views
1K
sono
S
How can I completely remove and uninstall all components of Chinese?
Replies
1
Views
550
disu1950
disu1950
Solved Startup Folder Problem
Replies
2
Views
2K
BuckSkin
B
Cursor jumping randomly on black screen when wifi adaptor is on
Replies
0
Views
3K
Grumpy Old Man
G
System locks up solid
Replies
6
Views
2K
originaljgf
O
Back
Top