Strange Behaviors After I was Infected By "Smart HDD" Malware

Last response: in Windows 7
April 22, 2012 7:53:20 PM


2 days ago, i somehow got infected with somekind of fake antivirus program called Smart HDD...
As soon as I noticed that ( it was pretty easy to notice ) I used System Restore to restore my computer 1 day earlier.

Now, at first I thought this solved the problem... There were some annoying side effects though, Smart HDD set all my files/folders to be hidden so of course this caused some issues, I started manually unhiding folder by folder but eventually found out there was a tool to do this which saved me a lot of time.

I used a bunch of scanners to check my computer, and they didnt detect anything...
I used SpyHunter, Malwarebyte's Anti-Malware, RogueKiller and another program which i think was specifically designed to delete Smart HDD from your system, its called Rkill from

So after that, I thought everything was good... wrong... I started noticing 3 things:

1. My internet browsing was slower than usual...

2. Sometimes, randomly it seems, when I do a search on google and click one of the result links, I am redirected here :

or sometimes here :

3. I got a weird popup in windows, all my browser programs were closed , but I still got a tiny window popup ( which was not a FF or IE window ) that had this header : "message from webpage" and in the tiny window was this message : " thanks "

I dont know if these 3 issues are all related and if they were caused by Smart HDD or was I infected with more than 1 thing at once, I dont know... I just dont know what to do now, please help ?

April 22, 2012 9:10:29 PM

Hi J_E_D_70
Thanks for your suggestion, on kaspersky site they say :
"Kaspersky Rescue Disk is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system. "

Should I try Kaspersky Virus Removal Tool 2011 instead ?

Oh, there is also another thing that I noticed which I DONT KNOW if it is related with my infection or with the fact that I used windows system restore ( which can fuckup *** by itself ) ....

The restore point I used was a manual created just before installing an update for Adobe Illustrator CS 5 a few days ago, I had done the Illustrator update afterwards and it installed properly, Illustrator would show the latest version (Version 15.0.2). Now however, since I used that restore point, I see that Illustrator reverted back to older version 15.0.0, so I am trying to update it again but it's not working now... the installer says that the update was successful BUT illustrator is still stuck in version 15.0.0 ... I know this because it says so in "about illustrator" , and also I still have artifacts when exporting really high res jpegs ( which is why I updated to 15.0.2 as it solved this issue).

Any input greatly appreciated, thanks !

April 22, 2012 9:35:14 PM

yes thats the procedure I followed, BUT i think something else was going on at the same time... I installed kaspersky virus removal tool 2011 , and it detected virus mem:rootkit.win64.sst.b ...

Not sure if its a coincidence, but IT SEEMS like everytime I would do a google search on "virus mem:rootkit.win64.sst.b" either in IE or FF, well I'd have the time to click a link or two but soon enough the browser crashed !
April 22, 2012 10:11:58 PM

I have used combofix to great effect when used on infected machines when nothing else would fix it. It fixes _Everything_
a b $ Windows 7
April 23, 2012 3:19:11 AM

I'd try the other suggestions here then the removal tool.

My system was so hosed I used rescue even tho it warned it me that it might break windows and cause metorites to obliterate all life on earth.