- Connects to the internet without permission
- Slow internet connection
- Annoying Pop-up's
- Slow Computer
The continued success of destructive rogue defragmenter HDDoctor can be contributed to various factors. These include its sophisticated UIs, its effective distributing and infection methods and overhyped online marketing campaigns. But it is important to realize that these and many other factors work together in tandem to achieve HDDoctor’s continued success, and that no one aspect can work well in isolation. HDDoctor, like its fellow closely related rogue Think Point have both garnered reputations as very tough and resilient parasites with a flair for avoiding detection and removal. This, along with the destructive traits and qualities of the rogue has made industry professionals and users alike sit up and take notice of HDDoctor, and why the destruction of this rogue remains imminent.
As mentioned earlier, the popularity of the HDDoctor infection seems only to be on the rise, if current infection statistics are anything to go by. There are various websites littering the Internet which makes money from sales of HDDoctor. These websites are responsible for spreading the Trojans which roots the HDDoctor infection on host PCs. They have also been known to offer free movies and videos, on condition of the user downloading and installing codecs to view it. This type of user interaction is precisely what makes roguewares such as HDDoctor thrive, as it won’t be able to infect a PC without some type of action required on the part of the user.
The websites selling HDDoctor also hosts online payment portals which they claim to be safe and secure. These payment portals are only there to facilitate the sale of HDDoctor, and should never be trusted. Users who perform transactions through these payment portals will not only receive a dud for their money but will be handing over their sensitive billing information to ruthless and reckless cyber criminals. This may lead to further victimisation in the form of identity theft and credit card fraud.
As with all rogueware, HDDoctor makes use of fake security messages to inform the user that his PC is suffering from critical errors, and that it is not performing optimally. Where HDDoctor differs slightly from other roguewares is that it does not use generic or copied fake alerts. All of HDDoctor’s fake security messages have been written specifically for this rogue, and pertains personalised information such as screen shots and names of HDDoctor. This is all done in an effort to further cement HDDoctor’s legitimacy in the prospective mark’s mind. Some of these outlandish fake security messages reads as follows:
“The system will reboot in xx seconds
Furthermore, the following will be reported:
“Can not find : xx
“The system disk contains a large number of critical errors.
“Serious system error
Users are urged to take note of all the grammatical and syntax and spelling mistakes in these fake messages. Surely a professional, genuine security tool would present its alerts in proper English? This is only another clue as to the true nature of the sinister HDDoctor.
To help with HDD Doctor removal you can register using this code with any email C51ECA4062FA.
At the end of the day, HDDoctor is a fake security application which does not offer any benefit to an infected PC. It will be best to get rid of HDDoctor, and protect your PC against the imminent threat posed by this outrageous rogue. Invest in a powerful security application which will permanently erase HDDoctor from the system, and protect your PC against future threats.
How to manually remove HDDoctor
Files associated with HDDoctor infection:
%UserProfile%\Start Menu\Programs\HDD Doctor.lnk
HDDoctor processes to kill:
Remove HDDoctor registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPost"='0'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = '%UserProfile%\Application Data\hdddoctor.exe'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'