Malware That Fakes Hard Drive Failure

From precious photos to important work documents, a computer’s hard drive typically contains heaps of priceless data.  That’s why losing everything in the hard drive is a great fear for many—especially those who haven’t taken precautions to back their files up, either in the cloud or on an external hard drive.  A new piece of malware called Trojan.Fakefrag capitalizes on this fear with a pretty elaborate ruse.

Trojan.Fakefrag differs from other malware in that it actually moves files from the desktop and Start menu to hidden locations in the computer, making it appear as though the hard drive is being attacked and important files are being deleted.

How Trojan.Fakefrag Works

Trojan.Fakefrag can evidently make it onto a computer through a variety of methods, but a common method of infection is through drive-by-download.  Once the Trojan executes, an error message appears, citing a “Problem with the hard disks” and asking that you restart your computer.

Helping to further incite a sense of urgency, the malware causes icons to disappear from your desktop and Start menu.  However, further investigation into the matter reveals that the files haven’t been deleted; they’ve just been relocated to hidden or inconspicuous locations on the computer.

Soon, other alerts pop up, including one that encourages the victim to run a (fake) diagnostics scan.  The fake diagnostics scan is actually a variant of the UltraDefraggerFraud family.  When it has finished “scanning,” it finds that the computer has been infected—surprise, surprise—and offers a malware removal tool for $79.50.

If these messages are ignored, other increasingly urgent warnings appear, and eventually, the malware renders the computer unusable.

What to Do if Your Computer’s Infected with Trojan.Fakefrag

Firstly, make sure you don’t pay the $79.50 for the fraudulent removal tool.  That’s just what the cybercriminals behind the malware attack want you to do, and it really doesn’t fix anything anyway.  On the contrary, Trojan.Fakefrag not only results in you losing 80 bucks; it leaves your personal information in the hands of criminals.

Trusted Antivirus programs should be able to clean the infection, and your missing files can be recovered with some digging (use Windows search tool or Windows Explorer and browse to %temp%smtemp).  And if you haven’t done so already, make sure to back your files up!  A hard drive’s a terrible thing to lose.

This entry was posted in Malware Alerts and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>