S.M.A.R.T. - malware or legit?

My elderly mother called me today because a S.M.A.R.T. warning has popped up on her Windows XP computer. I see from a quick Google that this could be legit (Self-Monitoring, Analysis and Reporting Technology) or a well-known piece of malware. Unfortunately my mother lives 400 miles from me and becomes largely incoherent when faced with computer woes so I can’t get a good diagnosis over the phone. I am hoping some dopers have experienced this and can tell from what little I have gleaned if it looks like the malware, which I suspect is most likely.

It first appeared when she opened an email. A dialog box opened which she read through but can’t remember much of. Not 100% sure of this but I think at the bottom it prompted her to install some recovery software, which she declined to do.

Next all sorts of warning pop-ups appeared. Surely this is malware-like behaviour rather than legit?

When re-booting she says the same thing happens as soon as the desktop appears. She says she can’t access any of her installed programs which, if true, sounds very suspicious to me. If the machine can boot into windows I see no reason why it can’t open applications.

I have never personally experienced this myself, I am hoping some of you have (OMG that sounds awful - “I hope some of you have suffered HDD failure or malware attacks”) and can advise.

My mother is convinced that her computer is about to die a horrible death. It would be ironic if the first computer problem she hasn’t blamed on “… it must be a virus!” actually turned out to be the first one that was.

That alone sounds very malware-y. If this was a utility warning her that her disk was starting to fail, it wouldn’t be restricting access to files, but I know there are malicious apps out there that hijack Windows in such a way that attempting to launch any program runs the malware.

Malware for sure. A SMART warning should kick in at the BIOS level during the boot - before she even got to Windows (seen that on Dell and HP boxes). Plus she can’t open any of her apps yet Windows starts.

This is a nasty piece of malware I have fixed by connecting remotely using Teamviewer - reboot in Safe Mode with Networking, run Internet Explorer manually, download and run Teamviewer then Malware Bytes, find out exactly which variant of malware you have, locate and copy back shortcuts, but you need to know what you’re doing, and you need a lot of patience at both ends.

Given your mother is elderly, it sounds like your she would be best advised to go to a local repair shop. It should take an hour or so, mostly waiting for Malware Bytes to run.

Thanks Quartz and Mangetout for your replies. Yes you are confirming my thoughts.

My mother has a repair man coming this afternoon. He apparently said, based on my mothers possibly garbled explanation, that she probably needed a new HDD. I hope he is not going to rip her off.

Given the symptoms described, this is most unlikely.

Interesting - that sounds like he might be thinking it’s not malware.

It is very likely that she has not described the situation to the repair guy very well. It took me some careful questioning to get the scamnt details I did.

Sounds like the repair guy only heard the part about the SMART warning and assumed it is the hard drive.

Gateways also. Mine will not boot if a SMART error is detected until the user intervenes. It’s actually rather frustrating.

Failing a SMART check can indicate a failing hard drive, and the inability to start installed programs can indicate that a bad sector is involved.

Here’s something you can try to fix it (I’m running Windows 7, but XP will have something similar):

Click on/select:

OS(C: ) (right click this one)
Error Checking
scan for and attempt recovery of bad sectors (check box for this)

You’ll get a message saying that the machine can’t do this while you are actually using it – would you like to run the diagnostic/repair next time you boot up.

YES, you would! Shut down and restart.

The machine will run a lot of stuff and may take as long as a couple of hours to do it.

If it finds and can repair any bad sectors, it will be relatively early in the process. It will post messages saying that that’s what it did (and hides the messages in a log somewhere).

Then it will boot up and you can see whether the fix worked.

Your SMART test will never run clean again, but you can keep the drive limping along for a while with this. Re-run the above maybe every month or so.

The repair man, who was adamant on the phone that it was a failijg drive, took seconds to concede that it was indeed malware when he saw the screen himself. Thankfully NOT a rip-off merchant and all fixed now. Thanks people.

I just got the S.M.A.R.T. malware on my PC last night. :frowning:
No idea when/how…the only app I was running was OpenOffice when suddenly this sht started.
It’s one of the nastier ones I’ve seen as it hides folders and apps and it took some playing around to even access my C: drive.

According to this site you can delete the exe itself by just logging in as a different user.
And this site claims there’s just a couple of registry entries to blow away.

Wish me luck for expunging it from my own PC tonight…

ETA: Sorry, didn’t see you already have it sorted.

God to see there are some honest people left in this world. Lord knows that taking advantage of an elderly woman who doesn’t know anything about computers would be easy for some. Glad it went well for your mom.

I got it last week. I fooled me for a little bit, but began overplaying it’s hand and then it wanted money which is strange behavior for a system level diagnostic routine.

Anyway. The easiest way to get rid of it is to cooperate with it per Kaspersy’s cleaning directions. using a universal registration unlock code.
Per item 6 if you enter these parameters it will unwind the damage and return your system to normal. Once your system is back to normal you need to use the virus cleaners to get rid of it after cleaning up the registry per the video below.

This video has a good step by step for the final clean out procedures before using the virus checkers. It’s the one I used.