This page contains a single entry from the blog posted on December 4, 2010 1:04 AM. The previous post in this blog was Have a great weekend. The next post in this blog is Failed sales pitch no more convincing for repetition. Many more can be found on the main index page or by looking through the archives.

E-mail, Feeds, 'n' Stuff

Saturday, December 4, 2010

Another virus waltzes right in past Microsoft Security Essentials

Tonight I managed to pick up something called HDD Control on my Windows Vista desktop computer. That's three viruses in less than a month, and two since I switched my security over to the wonderful MSSE. Anyway, HDD Control is a highly annoying and stubborn virus that tries to get you to give it your credit card information to buy supposed anti-malware software. It keeps telling you that your computer is out of memory, it can't find a hard disk, some sectors of the hard drive have gone bad, etc. It runs a little script that makes it look as though "HD Scan" is running and finding problems of various kinds. It installs a shortcut to "HD Scan" on your desktop.

Having been through basically the same thing a couple of weeks ago, I knew right away that it was likely malware. Googling around on another computer confirmed my suspicions.

Anyway, here's how I got rid of it (I think): Go to Start Task Manager and see what programs are running. If there's one with a name that's a string of numbers or gibberish followed by exe, that's it. It may be described as HD Control. End that process.

Then get a command prompt and go to Startup programs, disabling HD Control. There may be more than one of those listed. Uncheck all HD Control entries to run at startup. Restart the computer. Clear out temporary files using a program such as ATF-Cleaner. Run Super-Anti-Spyware on Quick Scan. Run MalwareBytes' Anti-Malware on Quick Scan. With that, it should be gone. At least, I think it is gone from me.

Comments (33)

Wow Jack, talking about bad luck.
First, ditch vista for win 7

Second, Figure out just what web site is infecting your computer.

Stop going there. :)

I sympathize Jack and I've seen several folks get hit lately, myself included. I'm still a fan of MSE for a free AV program myself. You might try AVG 11 but its new and had some issues lately (messing with win7 partitions no less). Supposedly thats fixed now... Avira is another high rated free AV program. I'd agree that you find out which website is infected with malware and avoid it.

I got hit on an old laptop last week that I hadn't updated adobe acrobat reader (get 9.0 or better) and java on for awhile. Got hit with a rootkit and trojans/viruses/malware. Took two days off and on to clear it all up. The folks at the malwarebytes support forums are a great help. Also make sure Adobe Flash is version 10+. Major security issues with Adobe stuff these days.

Another on demand program to look at besides SAS and Malwarebytes is Spybot-Search and Destroy for browser protection. I don't use their active "tea time" spyware protection but the basic scanner is good. I think vista comes with "windows defender" (its in win7 and downloadable for XP), you might check to see that is turned on for real time spyware protection. Malwarebytes does that in their Pro version and many AV programs come with that built in now.

A good online scanner is the Eset one. Rootkit scanners to use are TrendMicro's RootkitBuster and Kaspersky's TDSSKiller. "Hijackthis!" is a handy diagnostic tool but can easily bork your system further if not careful.

Hope this helps.

I agree with Lc Scott. And if you are getting it from a website you are visiting, Security Essentials won't stop it nor will many others unless you give them a heavier hand in policing your uses. I had to abandon first Norton, then Panda (which I really liked, until it decided that Photoshop was a virus but Bridge wasn't etc and they went ho hum on my complaint), then AVG. Now MS is doing so well that Spybot has nothing to do. For at least a year.

Jack, you might want to do a scan on a daily basis (manually as MS only allows weekly auto scans). That way you can zero in on what you did that day to find the culprit.

Does your e-mail provider run scans on e-mails? If not, consider a provider like Netaddress. Also, be sure your downloads are being scanned by SE after the d/l is completed.

Re reading your post, did SE not find it with quick scan?

Or...get a MAC.
The viruses will come but not yet.

I've got a mac. I don't have viruses, but when I had pc it was bad stuff happening ALL the time.

Jack, if you are going to be doing your own IT, here's an interesting presentation on using Sysinternals tools for troubleshooting by Mark Russinovich.


It is interesting that, after posting earlier, I went and did a search on HDD. When I clicked a "help" site, I got an exception thrown message that said a bunch of stuff (I didn't read it). I clicked ok. Nothing happened! Uh, oh! I could not get out of it or FF. So I went to Processes and found they already started a process! I stopped it, ran MSSE, no problems, then used Sysinternals Autorun (which is Startup on steroids!) to do a search for anything suspicious.

For a moment, I had to consider that the "help" site for HDD might actually be the infector masquerading as help!

Ballmer counts on you getting that satisfied feeling of accomplishment that comes from solving unnecessary problems.

My Avira (and MSSE)nailed some malware just yesterday. That's good advice about running daily manual scans as opposed to waiting.

Has anybody been reading about this Stuxnet worm designed to damage Iran's nuclear enrichment program? It could foreshadow what's ahead for the rest of us. They call it a game changer that's equivalent to introducing an F-15 into a World War 1 battlefield.
After it somehow managed to get inside the Iranians' stand alone computer system, this "cyber missile" was designed to damage the centrifuges by making them run very fast and then stop, all while it told the operators that everything was fine. After it did its deed, it vanished without a trace.

MSSE "realtime protection" (joke) is on, and has been on. But it didn't protect me.

We can be thankful that Microsoft doesn't make and sell condoms.

They give MSSE away.

Maybe a ribbed version would work better.

Honestly not trying to blame you here, Jack... but that's alot of infection in a short period of time... Take a good look at your browsing habits, and see if you can nail down where it's coming from originally. Also make sure that you are actually getting rid of the funk for good... Usually you can get rid of "traces" of a virus, but they just end up opening backdoors for other ones.

Hopefully you have all your important data backed up externally, but it's wise any time you get virus-inated to assume you can't get rid of it, and that any sensitive info from this point on (credit card info, etc) is comprimised.

It's kind of a pain in the butt, but it's sometimes quicker and easier to just re-format your hard drive and start over... That's really the only 100% foolproof way of knowing you're clean.

Good luck!

Following up on Bill McD's comment, I checked out this source for info:


Great informative reading, and some of the comments are very entertaining. Kinda like here, maybe?

Anyway, I've used Mac since my Centris 650, which I still have for fun's sake. But I do sympathize.

Stuxnet is a highly targeted worm that is specifically designed for transport by flashdrive. The targets it seeks are not networked and it is specific in its search for hardware configuration.

While sophisticated, its antecedents arose some 2.5 decades ago in the form of worms transmitted by floppy disk which subsequently attacked the stepping motors on every drive it could locate, burning them out.

Professor Bogdanski: The malware you encountered sounds very much like one my daughter picked up on her Vista machine some months back, and it seemed to be a Vista-targeted annoyance. It did not propagate to the XP and Linux units on my network, so that's the good news.

Microsoft's Windows 7 is generally considered the best OS that they've brought out to date. You can upgrade painlessly from Vista, but you cannot upgrade from XP - in order to upgrade to 7 from XP (assuming your hardware configuration is up to snuff) you must remove the OS and run a "clean install" - which will, of course, trash everything on your boot disk.

The only real option for an XP box involves backing up all data and wiping the disk, and I suspect that this is why 7 has been so slow to pick up traction - most corporate systems run XP, not Vista.

Best regards.

Jack go to Start menu and click Run... (if run isnt there You can use taskbar control panel to makr it appear). Type msconfig anf hit enter. Go to startup and services tabs and uncheck the viruses there.

Might grab the free version of Avast too.

The only real option for an XP box involves backing up all data and wiping the disk, and I suspect that this is why 7 has been so slow to pick up traction - most corporate systems run XP, not Vista.

Seven is designed for your convenience to encourage you to send your current XP computer to the landfill and replace it (the computer, but maybe the landfill too) with a new one.

it's sometimes quicker and easier to
just re-format your hard drive and start over

Yeah, right.

Take a good look at your browsing habits

Same as for the last 10 years.

You can upgrade painlessly from Vista

Yeah, right.

Windows 7, AVG free, Sybot Search & Destroy free, Malwarebytes Anti-Malware free, CCleaner free, Spiretech junk email filter $.50/month. My Portland DSL ISP provider Spiretech.com built my computer and stripped it of fluff.

Qwest provides 7MB DSL and it not 'Comcastic.'

All options for automatic scanning in the the free security programs are activated. Every week I perform a manual update scan of the four programs and manual scans.

Problem solved.

Also Windows 7 is a vast improvement over Vista and enables intuitive operation. File and folder searching is fast and easy.

Real Time Protection. What does it mean?

I did a search for some definitions and, while I didn't find anything specific as to meaning, I did find this test of MSE:

Now, while I know that AV and Malware can get into a computer even with the best Security software, I expected that basically, if a download containing av or malware starts which is not authorized, MSE would see it. According to this article, it doesn't necessarily see it. I agree with the conclusions that, because other freeware will see it, MSE is deficient.

So, back to the drawing boards. It may be necessary for me to actually run my photo work on a computer not connected to the Internet. The fact that no infections have occurred seems to be the luck of the draw.

I understand your frustration and/or crankiness... but honestly, ubless you have a TON of programs to re-install, a reformat/start from scratch doesn't take more than a couple hours at most, most of which is just letting the computer do it's thing... Assuming you have viable backups of photos, importnat files etc (which you're gonna want to do regardless, if you haven't already).

The ONLY reason that I suggested checking out your browsing habits is that you sounds like you have a TON of security related programs running, and you're still getting infected at a ridiculous rate-- so either your software isn't functioning correctly, or you're dipping into some stinky waters, so to speak. I'm also doubting that you're completely getting rid of the stuff you're getting infected with originally-- or the exploits that let them in in the first place.

Lastly, the Vista to Win7 switch really is pretty painless... My mom-in-law made the jump with only one phone call for help. :)

Anyway, I'm just trying to help, man...

I think Jack is under attack by the Chinese!
Or maybe the City of Portland?

Do like I do, just get a whole bunch of computers and use different ones as needed!

(also lots of free agent drives!)

Spiretech.com is a pretty expensive solution, and you still pay Qwest as well, as I read the page.

CC Cleaner is free to anyone. Just download it. Also their defrag is much better than MS, but then anything is better these days.

I don't agree that switching to Win7 is painless as all the programs and apps have to be re-installed. If you don't do a clean install, even Win7 can get cranky. I did mine with a dual boot and with the intention of running updated versions of important apps and programs so that the earlier stuff still runs on the alternate boot, XP. And, the legacy behavior is not that well done, so some things like printer and scanner drivers may not be available for use on Win7.

So, if you have a spare bay for a hard drive, and enough connections for it (power and data) then do a dual boot installation. You can access all the stuff on your current drive from the new drive. Buy a big enough drive and partition it so that your data can go on the partition which does not have the MBR. You can also build a mirror of the OS installation and software so that if you do have a bad crash of the OS, you merely need to use the mirror to re-install everything.

Buy the OEM version. It's around the same price as an upgrade and you avoid having to give up the OS you currently use in order to activate based on an upgrade. You do lose basic support from MS, however. For that, you will have to use the retail version.

Some thoughts on desktop security from the tech support trenches.

It's possible that it may be all the same virus. The underlying infection was never removed, and it may predate installing MSE. In many cases of multiple infections I've seen, it's all the same underlying infection with multiple payloads, or the original infection broke security to make future infections easier.

You may be well served to take it to a shop and have a good tech scan & clean it for you. It'll cost around $100 and probably take about 3 days. Be sure to take it to a good shop -- avoid big-boxes, places with cutesy names or promises of absurdly cheap software. I work with a couple of local shops that do excellent work.

No antivirus software will fully protect, and no cleanup software will guarantee a clean system. Kinda like airbags in your car - helpful, but you can still die.

Out of all the free AV packages, I still like MSE. It's got the same antivirus engine and signatures that Microsoft's enterprise security package, "Forefront" uses. The once great AVG kinda sucks now and has even been bricking systems lately, and Avast and Avira both have "features" that make them unusable in my book.

Of the paid AV software, I like ESET, Kaspersky and (tough to admit) Symantec. Get the antivirus only, not the full suite. I find 3rd party firewalls and all the rest of the crap to be more trouble than it's worth.

What I've found to help:

Daily full virus updates scans. Reconfigure your AV to be paranoid. Also, become familiar with your AV icon. (gray, red, yellow or orange usually mean bad things, green, blue or other soothing colors = good)

Perimeter firewall - If you don't already have one, get a decent NAT router and place it behind your modem. Don't trust your ISP's modem for perimeter security. Never connect your computer directly to the internet, regardless of the software firewall you have in place.

Check your windows firewall settings -- Is it turned on and are all the exceptions and open ports valid? Turn off anything that look suspect and then see if it breaks anything you need. If not, leave it off.

Windows 7 has fewer virus infections than XP and Vista (from a local tech who cleans systems all day long). If you can justify a new computer, it's worth it. I'm not a fan of in-place upgrades, so I'd leave an existing Vista machine alone.

Update, update, update...
Keep Windows and MS apps updated. Use Microsoft Update (it updates ALL MS products, like Office). There's a link on the Windows update website for XP and maybe Vista. Windows 7 has a link in the Automatic Updates control panel applet. Pick the option to update ALL microsoft products.

Keep Java updated. (control panel > java > update). I've seen lots of java drive-by infections.

Keep Adobe products up to date, expecially Acrobat. You can infect a PDF now. How cool is that?

Use a strong Windows password. Disable the local admin account, or apply a good password there too. (Some windows installs allow an active administrator account with no password.)

Keep your browser up to date. Chrome, Opera, Firefox are probably more secure than IE, but they are all vulnerable to infection.

Use Google's public DNS. It warns of sites they know to have been distributing malware. I've seen a significant reduction in web-based drive-by infections at my clients using it.

Don't use Internet explorer 6, be very wary of file-sharing and torrent sites, be careful clicking on random links or services like Stumbleupon. Don't click on links or open email attachments you didn't expect to receive. (if you get an unexpected attachment, email the person and ask if they meant to send it)

Sadly, the bad guys are ahead right now. These tips can help, but not prevent problems.

IT Guy:

Why wouldn't MSE catch that av/malware if it predates the installation? I would hope (no longer assume!) that the definitions are updated so that the older infection is known.

So despite the findings on the link I posted about testing MSE, you support MSE as a good choice over others? I can't use AVG unless they fixed whatever caused my problems well over a year ago.

Lawrence -- It can be difficult for any antivirus to detect a virus when being installed on an already-infected system. That's not limited to MSE. Your best bet in that case is to do a thorough cleanup prior to installing the AV, preferably attaching the drive to another system or booting from a liveCD, or at least scanning in safe mode. Once a virus is resident in memory, it can use all kinds of stealth tactics to keep from being detected by the new antivirus. Just running Malwarebytes and Spybot (both good products), and then installing a new AV will not clean your system in most cases.

Antivirus software is only one layer of defense, and not a perfect one. All products have vulnerabilities, and the list of best to worst is constantly shifting. AVG used to be great, is awful now. Symantec's corporate line used to be a bloody nightmare, it's actually pretty decent now. MSE had a shaky start, but has matured nicely, but needs to be changed from the default config to be effective

Regarding MSE in particular, I think it's a decent, but not great antivirus program, and the best of the currently available free programs. That review compared it to NOD32 from ESET, a good package, but not without its own problems. (I've seen it totally cripple Vista machines when scanning). Also, not free and the firewall can be a real pain.

I can't speak to the results in the review you linked to, but my experience lately has been fewer problems with MSE than AVG. I typically don't recommend free antivirus to my clients, but if they insist on using a free product, I point them to MSE.

Avast here, no virus since I installed it.
Been using it for a few years. Not a single problem with the program either.

I dont trust MSE. If MS cant keep something out the OS in the first place, I dont see how we can trust them to do it with yet another program.

Thanks, It Guy. My inclination is to wipe the drive and start over. Lessons in doing software validation taught me that. The time lost by doing running a validation suite on a less than clean install is far worse than doing the clean install in the first place. If I cannot be absolutely sure that I did get the virus, then I may as well reformat and re-install. When Norton went ape crap some years back, I did exactly that. The "tool" to remove all traces of Norton did not fill me with confidence.

It would also seem that, even in the case of a recent infection, as happened to my Dell office computer, that perhaps the virus has yet some presence.

Your advise about a hard firewall like a router is an important one, and one that even some Mac users do.

Download wireshark and note that with this app you can see everything anyone is doing on any public wifi network. Be afraid, be very afraid (or never log into a public wifi).

You can upgrade painlessly from Vista

Yeah, right.

Okay, make that relatively painless.

You want some real fun? Try upgrading an XP box. Hoo boy! Kick off the shoes and bring on the popcorn.

I use ESET nod32 antivirus, and browse with Firefox on a Vista computer. No viruses in over two years.

Clicky Web Analytics