Written by Tomas Meskauskas
Damage level: High
Win32/FakeSysDef family of rogue system optimizers
The Win32/FakeSysDef family of rogue system optimizers are created by cyber criminals. Fake programs from this family infiltrate users' computers via security vulnerabilities and then perform fake system scans, resulting in the 'detection' of serious hardware (commonly, Hard Disk Drive HDD) issues. These programs display fake hard disk drive errors with the intention of scaring PC users into purchasing the 'full version' of the program. After successful infiltration, rogue programs from this family modify the operating system settings and registry entries, and configure themselves to start automatically on each system start-up. To make the fake hardware errors appear authentic, bogus system scanners hide users' desktop icons and Start menu entries.
This trickery is applied to give the appearance that the computer has acquired serious HDD-related issues. Note that bogus programs from this family do not actually delete any files - they merely hide them. Further research of the FakeSysDef family reveals that these programs are similar to fake antivirus programs, however, they employ slightly different tactics to coerce users into paying for the 'full version'. Whilst fake antivirus software mimics the detection of various viruses and Trojans, fake system hardware scanners 'identify' various hardware issues. Both types of rogue software are designed to encourage computer users to believe the alerts and pay for the 'full versions' - supposedly to fix the issues. If you observe a program, which generates various hardware-related warning messages (statements regarding potential data loss), and you have not willingly installed it, your PC is infected with a rogue program from the FakeSysDef family. The correct way to deal with this bogus software is to eliminate it from your system. To protect your PC from rogue software, use legitimate antivirus and anti-spyware programs and keep your operating system and installed software up-to-date - this drastically reduces the possibility of security problems.
Fake error messages generated by rogue programs from the Win32/FakeSysDef family:
Windows detected a hard disk problem.
A potential disk failure may cause loss of files, applications and documents stored on the hard disk. Please try not to use this computer until the hard disk is fixed or replaced. Scan and fix (recommended) Cancel and reboot.
Hard Drive Failure - The system has detected a problem with one or more installed IDE/SATA hard disks. It is recommended that you restart the system.
Your computer is in critical state. Hard disk error detected. As a result it can lead to hard disk failure and potential loss of data. It is highly recommended to repair all found errors to prevent loss of lives, applications and documents stored on your computer.
Hard drive boot sector reading error - During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on the boot device.
System block were not found - This has most likely occurred because of hard disk failure. This may also lead to a potential loss of data.
List of known name variations used by rogue programs from the FakeSysDef family:
Windows 7 Recovery
Windows XP Recovery
Windows XP Restore
Windows 7 Restore
|Hard Drive Diagnostic
Rogue programs from Win32/FakeSysDef family removal:
Cyber criminals responsible for creating rogue programs from this family use identical license keys, which can be used to 'fake register' their bogus software. Fake registration makes the removal process of fake system scanners less complicated since, after successful registration, fake programs from this family allow execution on installed software and cease generating fake hardware malfunction error messages.
Wait until rogue program completes the fake hard disk drive scan, click "Repair 7 Issues" button, in the opened window choose "I already have an activation code. Click here to activate" and enter this information (use one of the provided registry keys):
By entering this information you will make the removal process of any program from the FakeSysDef family less complicated. Note that entering the retrieved registry keys does not remove the rogue program from your computer - use the button below to download the recommended malware removal software, install it and run a full system scan to completely remove the fake system scanner from your PC.
If you are unable to download or run the spyware remover, try running the registry fix (link below). Download registryfix.reg file, double click it, click YES and then OK.
Note that System Repair hides some of your files (desktop shortcuts, Start Menu items, etc.) - if after removal of the rogue program you are unable to find your files, use the following instructions.
If you were unable to remove fake system scanners using the provided instructions, follow these steps:
FakeSysDef rogue removal using Safe Mode with Networking:
1. Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer starting process press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
2. Click Start then click Run. (Click Windows logo in Windows 7 and Windows Vista)
In Windows XP, when the Run dialogue appears, enter this text: www.pcrisk.com/download-spyware-remover and then press ENTER. In Windows 7 and Windows Vista you can type this line directly into the search field and then press ENTER.
After clicking enter, the File download dialogue of recommended malware removal software will appear. Click Run and follow the on-screen instructions.
3. After removing System Repair, reset your Hosts files:
The Hosts file is used to resolve canonical names of websites to IP addresses. When it is changed, the user may be redirected to malicious sites, despite seeing legitimate URLs in address bar. It is difficult to determine sites are genuine when the Hosts file is modified. To fix this, please download the Microsoft Fix It tool, that restores your Hosts file to the Windows default. Run this tool when downloaded and follow the on-screen instructions. Download link below:
Complete these steps if after removal of FakeSysDef rogue your Desktop icons or files are hidden:
Rogue programs from this family hide most user files. If you cannot see your files, do not panic - your files are not removed, they are simply hidden. After removing this rogue program, download and run this tool to unhide your files (download link below). It is important to run this tool only when System Repair has been removed from your computer. This unhide files tool will be useless if run on an infected computer.
When the unhide files tool completes, your Windows desktop icons may still be missing. To fix missing desktop items, download this .REG file. Double click it, click "Yes" and then click "OK". Reboot your computer, your desktop should now be visible.
Reboot your computer and check if everything is OK. Check if you can locate all files. If some remain missing, open My Computer, Click Tools, then select Folder Options... and under View tab select the radio button "Show hidden files and folders", press OK. Now you should see all hidden files and folders. To unhide them, Right click on the file or folder, select Properties and uncheck the "Hidden" Check box.
That's it! You're done.
Other tools known to remove FakeSysDef rogue programs: