It’s scary. My computer became infected with malware. A program masquerading as a system utility suddenly took over everything. I almost fell for it. Almost.
The malware was named S.M.A.R.T. HDD. The program masqueraded as a disk maintenance program. My computer is a fairly new laptop and still has lots of the vendor specific programs loaded and running. My initial thought was the program was one of those. That is how I was almost fooled.
The first message the program tossed out said the my Hard Drive Boot Sector Reading Error then lots of messages started popping up about not being able to access the drive.
Here are some notes about what I did. I’ll clean these up shortly.
IMPORTANT: The various instructions below are only if you already have the S.M.A.R.T. HDD malware. If you don’t have it don’t change things. But do make a mental note that these instructions are here should you ever need them.
The first thing I did was reboot the machine. Of course it came right up. So much for my boot record being bad. After going into Safe Mode I searched for the program name and found some instructions on how to get rid of the problem. Those instructions only partially worked. After a little bit of manual tweaking I was back to normal. You can see the instructions I followed here:
There is a screenshot of what the program looks like there as well. If you aren’t very technical you may be a little intimidated.
On more recent versions of Windows you can run Windows Defender and it will do a decent job of cleaning up the system. If you do this then you can skip to Step 6 of the instructions at the link above. You need to run the unhide utility mentioned at that site so you can see all of your files again.
In my case I still needed to edit a registry entry to find the actual program, delete the files, and remove it from trying to start. To do this open the registry editior (Start / regedit) then locate the following key:
Look through the entries for something with gibberish. In my case it was this:
Your entry may be different but it will be gibberish. Look at the bolded part of my entry. That is where the program is installed on your hard drive. If the program still exists after you run Windows Defender you can go delete the gibberish files. After the files are gone you can safely delete this registry key.
Note – I’m intentionally leaving some details out here. If you aren’t comfortable editing your registry find someone you know and trust to do it for you. And always make sure and back up the registry before making changes.
One other thing. After booting back in to a normal login I had to reset up my Desktop settings – wallpaper, colors, etc. The other thing that happened was my anti-virus program flagged at least one of the programs I used in the Bleeping Computer instructions as being suspicious. I expected that because those programs are looking for programs that are suspicious.
That is what I needed to do to clean up my system. Haven’t had any problems since.
Hope you found something useful here. If you have had problems with this particular malware or other malware share your experience below.