It’s not new; it’s been around since 2010. But the SMART HDD Rogue is all over the Web right now. As we’ve said many times in the past couple of years — you’re much more likely to encounter a Rogue than you ever are to encounter a virus or Trojan. Why? Because Rogues are drive-bys that trick you into installing them. The do this by popping open a new browser window that looks exactly like a Windows dialog or a Windows program. You may think that these windows are actually coming from your computer — but they are not. They are coming from the Web.
The worst thing you can do when you encounter a Rogue is to touch your browser window or try to close the dialog window with the Rogue program. Doing this is the same as clicking “Install”.
The SMART HDD (Alueron) Rogue is tricky to get rid of and it adds the -H attributes to many files on your computer to make you think that hard drive is failing and that you’re losing files. This is to trick you into installing the program to “fix” your hard drive. There is, of course, probably nothing wrong with your hard drive — and even if there were this program won’t fix it. What it will do is mess up your computer and steal your money. In order to “fix” the hard drive, you’ll have to pay $39.95 to $59.95. For your money, you’ll get nothing but a fake program that will fix all the fake errors it created in the first place.
Removing the program can be done with Malwarebytes and the -H (Hidden) attributes can be removed with a freeware program called Unhide.exe. But the easiest way to get rid of it is not to get it in the first place — and that’s why we’re including this article in this week’s newsletter: So you don’t get it. We’re going to help you recognize it and tell you what you need to do when you see it, because if you see it and do anything other than what we’re telling you here, you’re computer will be infected and you’ll have use a lot of time and go through a lot of agony to remove it.
First of all we’re going to show you what SMART HDD looks like. If you see anything that looks like the images below, the safest and quickest way you can prevent an infection is to:
1. Shut your computer down using the power button. Yes, it’s not the way you’re supposed to shut off your computer — but Windows XP, Vista, Windows 7 and Windows 8 are much more forgiving of you shutting down your computer using your power button than previous versions of Windows. (We’re not telling you to shut your computer down routinely using the power button!).
2. Restart your computer in Safe Mode with Command Prompt. To start your computer in safe mode, power-on the computer and tap the F8 key continuously and repeatedly until the Safe Mode Boot Screen appears. Choose Safe Mode with Command Prompt from the menu. You’ll see Windows loading files for a few minutes — this is normal.
3. When Windows has booted into Safe Mode with Command Prompt you’ll be looking at black screen with white text. At the prompt type RSTRUI.EXE and press Enter. Nothing will happen for a few minutes while Windows loads the System Restore dialog (GUI). When the System Restore dialog window appears choose any date prior to the current day — i.e. any time before you encounter the rogue.
4. Do a System Restore back to a date previous to the current day. This ensures that any files that may have come from the rogue will be gone and your computer returned to the state it was in before you saw the SMART HDD rogue.
This is a failsafe way to prevent your computer from being infected and to keep you from spending a lot of time repairing the damage caused by this rogue.
Here are the screen shots we promised. Familiarize yourself with them so if you see this rogue on your travels around the Web you’ll know what to do. The first thing you should not do is panic. Stay calm and follow the instructions above and you’ll be OK.
You’re ten times more likely to run into this or another rogue than you are contracting a virus or another type of Trojan. Being forewarned is indeed being forearmed.
Here’s more about the SMART HDD rogue from www.bleepingcomputer.com —
“Smart HDD is a fake hard drive optimization and analysis program that displays false information so that it can scare you into thinking that there is something wrong with your computer’s hard disks. This program is part of the Rogue.FakeHDD family of scareware programs. Smart HDD is installed via Trojans that display fake error messages on the infected computer. These messages will state that there is something wrong with your computer’s hard drive in order to scare you into purchasing the program.
Once installed, Smart HDD will be configured to start automatically when you login to Windows. Once started, it will pretend to perform a S.M.A.R.T. Check routine that supposedly examines your hard drive for S.M.A.R.T. errors. When it has finished it will present you with a S.M.A.R.T. Repair screen where it will display a fake hard drives diagnostic report. This report will state that there are numerous issues with your computer’s hard disks and then prompt you to repair these issues. If you attempt to repair any of these issues, though, it will first state that you need to purchase a license. ..”