Spyware, Viruses, & Security forum

Alert

S.M.A.R.t HDD virus

by Ralphw62 / April 8, 2012 11:33 PM PDT
Post a reply
Discussion is locked
You are posting a reply to: S.M.A.R.t HDD virus
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: S.M.A.R.t HDD virus
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Did you try?
by Carol~ Forum moderator / April 9, 2012 12:21 AM PDT
In reply to: S.M.A.R.t HDD virus

Ralph..

Did you try the instructions in the below removal guide?

Remove Smart HDD (Uninstall Guide)

I would suggest scanning with Malwarebytes' Anti-Malware in addition to SUPERAntiSpyware, as indicated in the guide. It's free. And there's never harm in another opinion. Wink

Best of luck..
Carol

Collapse -
Remove Smart HDD
by Ralphw62 / April 9, 2012 12:28 AM PDT
In reply to: Did you try?

yes I actully spent a lot of time on that page yesterday. I think Malwarebytes' Anti-Malware helped the most. after I did all this I ran Microsoft security essentials which found more. .. ran Malwarebytes' Anti-Malware again... till it came up clean.. the did a system restore to the day before I got it and 90% of everything is back. but there are a few things that aren't right like If I right click on anything in My Computer explorer stops working and restarts,,,, so I can't see in these drives.... driving me nuts..

Collapse -
System restore was not designed as removal tool..
by Carol~ Forum moderator / April 9, 2012 1:09 AM PDT
In reply to: Remove Smart HDD

Ralph..

I just now noticed you posted at another forum. As I just mentioned to a another member, creating duplicate posts, creates confusion and duplicate work.

The only further suggestion I will make is to start from scratch and follow ALL the steps in the guide. To include making use of the Rkill and Unhide tools.

System restore will help in some instances. In my opinion, it should only be used as a last resort.

Best of luck..
Carol

Collapse -
repost
by Ralphw62 / April 9, 2012 1:23 AM PDT

yeah I did that by accident.. I couldn't find a way to delete it....so sorry

Collapse -
Absolutely
by mchainmchain / April 9, 2012 2:28 AM PDT
In reply to: repost

Please follow Carol's advice to the letter.

Be aware that there is a possibility that a rootkit has been installed as well. Alureon-K is one such. RogueKiller is a good antimalware app to unhide folders that are hidden as it will stop the processes running by HDD S.M.A.R.T rogue program. It is important to not reboot after running RogueKilller as rebooting will cause the rogue processes to start up once again.

Proceed with your cleaning process as described above in Carol's first post.

It is also important to not run any temporary file cleaners, as doing that may remove some files/folders you may want to keep. If you do, it may be difficult to restore these files later. A popular temp cleaner is CCleaner, for example.

Again, do not run a temp file cleaner until your system is clean of this infection

Collapse -
Things seem as though I got it
by Ralphw62 / April 9, 2012 2:56 AM PDT
In reply to: Absolutely

found 4 instances of Alureon-K as well as others.

when all was done I ran a system restore and got everything back..
the right click problem i was having may have been from having multiple antivirus programs nig at one time. now the only thing I notice diferent is my system restore takes forever to get past " initializing"

Collapse -
Start with removing ALL A/V's with the exception..
by Carol~ Forum moderator / April 9, 2012 3:24 AM PDT

Ralph...

>>..may have been from having multiple antivirus programs nig at one time<<

That "changes the picture"...

Have you uninstalled ALL anti-virus software, with the exception of the one which you plan to keep? Microsoft Security Essentials (MSE) especially, does not "play well" with other's. By uninstalling the other's, It should eliminate any problems which were due to conflicts. Make use of the A/V uninstall utilities listed below. It is in your best interest to remove all other A/V's. Not just disabling them.

See Microsoft Security Essentials - Installation Checklist and Frequently Asked Questions

Take special note to #3 where it states:

Remove ALL real-time anti-malware products that were ever installed on your PC (Norton, McAfee, TM, AVG, Avast, Avira, ESET, etc.) Uninstall your previous real-time anti-malware. Then, use the removal/cleanup tools in this article. Not only should you remove your current anti-malware product(s), you should also uninstall any free or trial anti-malware products that may have been installed on your PC when purchased, even if never activated. Some anti-malware products have their own firewall. Removing/uninstalling these products will (or should) enable the Windows Firewall. MSE will use the Windows Firewall by default. After removal and cleanup of all other anti-malware products, restart your PC and check that the Windows Firewall is ON. You can check the status of the Windows Firewall in the Action Center (or Security Center if XP) of your PC, or via the Control Panel.

I'm questioning 4 instances of Alureon K. Did MSE report it? How did you go about removing it. It involves more than just a "quick scan" with A/V or A/S software.

Carol

Collapse -
followed Remove Smart HDD Guide => almost there BUT
by udscbt / June 3, 2012 7:11 PM PDT
In reply to: Remove Smart HDD

Hello Carol et al,

Thanks for your very clear guide. I am almost there after eliminating the virus from my Dell Dimension 5100 desktop using Windows XP, but I have the following remaining problems:

1. I followed your point 21 concerning the Windows Start Menu. The following items were selected: Control Panel, My Computer, My Documents, My Music and My Pictures. But after rebooting the computer out of Safe Mode and back to the normal Windows Mode, I do not see these items after clicking on the Start button. What can I do?
2. I followed your point 23 and tried to save Secunia PSI to my desktop but it is not found there. In fact, there are no longer any icons on my desktop.

Should I try to reset to a previous configuration, using the Safe Mode?

If you have any suggestions, I would be quite grateful.

Best, udscbt

Collapse -
last problem : missing shortcuts on Desktop
by udscbt / June 4, 2012 10:44 PM PDT
In reply to: Did you ..

Carol,

Thanks for your rapid and clear reply. Here is what I have done:

1. (your item 19) Executed unhide.exe for 2nd time => same response as in 1st try: "Unhide did not restore missing shortcuts. %Temp%\smtmp folder does not exist". I searched for such a folder and found folder "Documents and Settings\My Name\Local Settings\Temp\smtmp" with two subfolders called "1" and "2". Don't know what to do here.

2. (your item 21) I manually restored Start Menu items, but did not find how to restore Desktop items. Same problem?

3. I executed Secunia from your link => 103 applications: 9 Insecure, 12 End-of-LIfe, 82 Patched. Not knowing what to do, I did nothing with this information

4. I executed Hitman Pro from your link. It found many problems: Master Boot Record/Bootkit file, TIkrVU...exe/Trojan file in Appli Data, mMNGT...exe/Trojan file in Appli Data, dds.scr/Suspect file in applications, two Adware.MyWeb Search files and many many Tracking Cookies. I activated the 30-day option and removed these ugly beasts.

5. I have not done a System Restore

6. I probably now have several anti-virus applications. McAfee is the one I paid for, for the moment.

So, much progress but I would still like to have my Desktop items restored even though I can live without them of course.

If you have any further suggestions, I would be quite grateful.

Have a good day, udscbt

Collapse -
response in 2 weeks
by udscbt / June 5, 2012 5:25 PM PDT
In reply to: Last Problem?

Carol,

Thanks once again for your rapid reply.

I will be absent for about 2 weeks starting in an hour. My computer will be inactive in the mean time though I will be in email contact.

I will get back to you during the week of 18 June at which time I will try out your various suggestions.

Thanks a lot. udscbt/aka Georges

Collapse -
See you then, George
by Carol~ Forum moderator / June 5, 2012 8:36 PM PDT
In reply to: response in 2 weeks

History shows.......

Whether it be 2 weeks or 2 months, I'll still be here.

Carol

Collapse -
all OK, I think, after some work
by udscbt / June 22, 2012 12:16 AM PDT
In reply to: See you then, George

Carol,

Well I'm back after 2 weeks in wet London!

I have done the following:

0. eliminated many unused programs

1. reran unhide.exe for the nth time

2. reran secunia.psi =>
a. 8 Insecure files: Adobe Flash Player 11.x, Microsoft.NET Framework (1x, 2x and 3x), Microsoft Internet Explorer 8x, Microsoft Windows XP Professional, Open Office.org 3.x and Sun Java JRE 1.6.x/6.x
b. 6 End-of-Life files: Adobe Acrobat Reader 5.x, Adobe SVG Viewer 2.x, Google Earth 5.x, Opera 11.x, Sun Java JRE 1.4.x and 1.5.x/5.x
c. 90 Patched files
d. Should I do something about a. and/or b.?

3. reran Hitman => 5 tracking cookies + dds.scr file => eliminated 3 tracking cookies and dds.scr file (remaining tracking cookies: kontera.com and revsci.net)

4. ran Kaspersky's TDSS Killer => no threats

5. after Google search, tried many things to get back my Desktop icons. One of them worked but, unfortunately, I don't know which one.

Apparently, I am back to where I was before the S.M.A.R.t HDD virus hit, except that my computer has been cleaned, so I am relieved. However, do you have any suggestions for any on-going maintenance? Do I continue to run Secunia? Do I buy Hitman? Should I change my anti-virus program, McAfee which is up for renewal in 60 days?

Thanks for all your help, udscbt aka georges

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.