How to remove HDD Low malware without paying for Anti-Spyware software or installing anything

For the first time in what seems like ages I somehow managed to catch a virus… this time a very annoying one called HDD Low. It’s one of those fake system optimisation utilities that keeps spamming you with false alerts about your system (low memory, hard drive error, etc) until you give in and buy their fake ‘repair’ software to fix the problem. This one was even almost convincing… the first screen had me almost convinced it was a genuine Windows alert.

The good news is that it’s pretty easy to get rid of, and you don’t have to install any extra anti-spyware software or pay anyone anything. Here’s what you need to do:

1. Press Control-Alt-Delete to get to your Task Manager. Open it up and kill the HDD Low processes. They won’t be labelled ‘HDD Low’ – they will be labelled with a random string of letters and numbers. If you’re not sure, just kill any processes that look suspicious. I found that one of the HDD Low processes kept re-opening itself directly after I killed it – but if you kill it again as soon as it pops back into the process list, it is gone for good.

a) If Task Manager isn’t visible in the list when you press Control-Alt-Delete, try restarting your computer. HDD Low will start again automatically, but Task Manager should be visible now.

2. That should have taken care of the pop-up messages that keep annoying you. If you are still seeing pop-up messages, or if the HDD Low Icon is still visible in the task bar, then the processes aren’t dead yet… go back to Task Manager and try again.

Now you need to remove the registry entries to stop it coming back again. Go to Start –> Run, and type regedit. You’re now looking at the registry editor. Be careful! If you remove the wrong registry keys from here your programs or Windows may stop working. Navigate using the tree to the Run folder: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

This folder specifies what should run when windows starts. There will be (at least) two registry keys that look like random numbers, and the entry in the ‘value’ column will link back to a folder in your User Data’s temporary folder (something like: C:\Users\Your_Username\AppData\Local\Temp\47456096.exe). Delete these registry keys.

3. The hard part’s done. Now you just need to clean up the files HDD Low leaves lying around. First remove the application files from your Temp directory: C:\Users\Your_Username\AppData\Local\Temp\47456096.exe. Again, the file will be a random string of numbers or letters. Remove anything that looks suspicious. Then remove the Application shortcut from your desktop, and you’re done!

I hope this helped!


About Will

I'm Will. I'm a product creator, Scrum and Agile advocate, web enthusiast and change instigator. I work for Nokia and I am the Product Owner of Nokia's web social location platform,
This entry was posted in Hacks. Bookmark the permalink.

One Response to How to remove HDD Low malware without paying for Anti-Spyware software or installing anything

  1. Pingback: Don’t be evil (product designers) | Will's Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s