Written by Tomas Meskauskas
Damage level: High
Win32/FakeSysDef family of rogue system optimizers
Win32/FakeSysDef family of rogue system optimizers are created by Cyber criminals. Fake programs from this family infiltrate user's computers using found security vulnerabilities and start performing fake system scans which end up in detection of serious hardware (most commonly HDD) issues. These programs display various imaginary hard disk drive errors hoping to scare PC users into purchasing it's full version. After successful infiltration rogue programs from this family alters one's operating system's settings and registry entries and sets themselves to start automatically on every system start-up. To make the fake hardware errors appear more realistic bogus system scanners will hide user's desktop icons and Start menu entries.
Such trickery is applied to make the situation appear that one's computer has serious HDD related issues. Notice that bogus program from this family doesn't actually delete any of computer users files - it hides them. Further research of FakeSysDef family reveals that programs from this family are similar to fake antivirus programs - however they use slightly different tactics to force computer users into paying for their full version - while fake antivirus software pretends to detects various viruses and Trojans, fake system hardware scanners pretends to identify various hardware issues - both type of rogue software are hoping that computer users will fall for such alerts and will pay for their full versions in order to fix their computer issues. If you see a program which you haven't installed and which generates various hardware related warning messages (statements about potential data loss possibilities) you can be sure that your PC was infected with a rogue program from FakeSysDef family. The right way of treating such bogus software is their elimination from one's computer. To protect your PC from such rogue software one should always use legitimate antivirus and anti-spyware programs. Don't forget that keeping your computer's operating system and all of your installed software up-to-date drastically decreases the chances of security issues.
Fake error messages generated by rogue programs from Win32/FakeSysDef family:
Windows detected a hard disk problem
A potential disk failure may cause loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced. Scan and fix (recommended) Cancel and reboot
Hard Drive Failure - The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system.
Your computer is in critical state. Hard disk error detected. As a result it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of lives, applications and documents stored on your computer.
Hard drive boot sector reading error - During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on the boot device.
System block were not found - This has most likely occurred because of hard disk failure. This may also lead to a potential loss of data.
List of known name variations used by rogue programs from FakeSysDef family:
Windows 7 Recovery
Windows XP Recovery
Windows XP Restore
Windows 7 Restore
|Hard Drive Diagnostic
Rogue programs from Win32/FakeSysDef family removal:
Cyber criminals who are responsible for creating rogue programs from this family are using identical license keys which can be used to fake register their bogus software. Such fake registration makes the removal process of fake system scanners less complicated - after successful registration fake programs from this family allows execution on installed software and stops generating fake hardware malfunction error messages.
Wait until rogue program finishes it's fake hard disk drive scan, click "Repair 7 Issues" button, in the opened window choose "I already have an activation code. Click here to activate" and enter this information (use one of the provided registry keys):
By entering this information you will make the removal process of any program from FakeSysDef family less complicated. Notice that entering the retrieved registry keys doesn't remove the rogue program from your computer - use the button below to download the recommended malware removal software, install it and run a full system scan to completely remove the fake system scanner from your PC.
If you can't download or run spyware remover try running a registry fix (link below). Download registryfix.reg file, double click it, click YES and then OK.
Notice that System Repair hides some of your files (desktop shortcuts, Start Menu items, etc.) - if after the removal of rogue you can't find you files please use the following instructions.
If you were unable to remove fake system scanners using the provided instructions, follow these steps:
FakeSysDef rogue removal using Safe Mode with Networking:
1. Start your computer in safe mode. Click Start, click Shut down, click Restart, click OK. During your computer starting process press F8 key on your keyboard multiple times until you see Windows Advanced Option menu, then select Safe mode with networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
2. Click Start then click Run. (Click Windows logo in Windows 7 and Windows Vista)
In Windows XP, When the Run dialog appears enter this text: www.pcrisk.com/download-spyware-remover and then press ENTER. In Windows 7 and Windows Vista you can type this line directly in search field and then press ENTER.
After pressing enter, the File download dialog of recommended malware removal software will appear. Click Run and follow the on-screen instructions.
3. After removing System Repair reset your Hosts files:
Hosts file is used to resolve some canonical names of websites to ip addresses. When it is changed, the user may be redirected to malicious site still seeing good URL in address bar. It is very hard to find out if the site is genuine or not, when hosts file is modified. To fix this, please download Microsoft Fix It tool, that restores your hosts file to windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
Complete these steps if after removal of FakeSysDef rogue your Desktop icons or files are hidden:
Rogue programs from this family hides almost all user files. If You can't see your files don't panic - your files are not removed, they are just hidden. After removing this rogue please download and run this tool to unhide your files (download link below). It is important to run this tool only when System Repair is already removed from your computer. This unhide files tool will be useless running it on the infected computer.
When unhide files tool finishes, your windows desktop icons may still be gone. To fix missing desktop items download this .REG file. Double click it, click "Yes" and then click "OK". Reboot your computer, your desktop should now be visible.
Reboot your computer and check if everything is OK. Check if you can find all of your files, if some of your files are still missing, open My Computer, Click Tools, then select Folder Options... and under View tab select radio button "Show hidden files and folders", press OK. Now you will see all hidden files and folders. To unhide them Right click on the file or folder, select Properties and uncheck "Hidden" Check box.
That's it! You're done.
Other tools known to remove FakeSysDef rogue programs: