HDD Doctor, just like Disk Repair, belongs to a new generation of malwares, fake defragmenters. Differently from other disk defragmenters, HDDoctor is more similar to ThinkPoint that Disk Repair or HDD plus.
HDD Doctor differences are the following. It does not show fake warnings non-related to hard disk. Only Hard disk errors are shown. Also, it has more crude user interface, which might be changed in the further version. Despite that fact, all errors HDDoctor reported are invented and have no value, so don’t fall into misleading recommendations to fix something. This malware may state:
The system will reboot in xxx seconds
Windows can not continue operating due to fatal system error.
Windows was forced to restart.
All unsaved data will be lost.
Additionally it will be reported:
Can not find : xxxx
File may be deleted or corrupt.
Is is strongly recommanded to scan the disk for errors.
The system disk contains a large number of critical errors.
Windows could not fix most of them.
You can install install trial version of the third party software “HDD doctor” to fix found bugs. Install “HDD Doctor” now?
HDD Doctor is distributed using trojans pretending to be legitimate software updates or codecs necessary to view video files on net. Typically, you will be offered to view some sort of movies for free, or a page will demand a specific codec. If you install these files, you will get infected with trojans. Never download software updates from the third party websites that you do not trust, or you will fall for similar scams.
At the moment a HDD Doctor payment page is broken (as reported by security researcher Siri) and it can not accept payments. This will likely to change soon and we will start seeing this family of rogues active too.
Paying attention to this scam and agreeing to scan the disk for errors is a bad idea because you will be returned useless results and then asked to pay some money for fixing services because that’s why these “defragmenters” are created for. The only possible way to fix your machine is to eliminate HDD Doctor and all the Trojans that distribute it.
Remember that you must remove HDD Doctor as soon as possible. At the moment most of the anti-malware tools will not detect it (HDDoctor is a very fresh rogue). Thus a manual removal is advisable together with scans with spyhunter AND Malwarebytes Anti-Malware. For a manual parasite removal follow these instructions:
1. Try starting a task manager or a process explorer. Kill the process hdddoctor.exe .
2. Run regedit and modify that registry key. Change hdddoctor.exe (which it references) to explorer.exe .
3. If the first step fails, search for this executable and rename ALL the files in that folder (should be AppData).
5. Do a scan with antivirus and antimalware tools. Update each of them before the scan.
We are thankful to security researcher Malekal for announcing this rogue.
Automatic Malware removal tools