HDZero.exe - anyone heard of it?

**elliott94** · 12:48 AM

Hi everyone.

I was recently looking through some old HD backups, when I saw the name of the above file. I seem to recall that it apparently can remove all files on the drive, which I assume isn't true; as far as I know, this can't be done when Windows is booted.

I actually ran the file, and a dialog pops up asking if you want to shut down/restart the PC. There's a Help button in the window, but I'm not sure if it gives any useful info; I'm using a screen reader, which unfortunately doesn't read the text that well.

I've uploaded the file to my server, would anyone be able to take a look and see what changes (if any) are made to the system?

I would obviously advise running this in a virtual environment or anything similar, or at least a machine that you don't have any important data on.

Here's the link:

[link removed]

Thanks,

Elliott.

**leofelix**

Hello
please do not post direct download links from sources with no myWOT scorecard.

Thank you

**Ceyfer √** · 02:45 AM

See the ff modifications:

Code:

The following files were deleted:
c:\AUTOEXEC.BAT
c:\boot.ini
c:\CONFIG.SYS
c:\contacts.html
%CommonDocuments%\desktop.ini
%CommonDocuments%\My Music\Desktop.ini
%CommonDocuments%\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
%CommonDocuments%\My Music\Sample Music\desktop.ini
%CommonDocuments%\My Music\Sample Music\New Stories (Highway Blues).wma
%CommonDocuments%\My Pictures\Desktop.ini
%CommonDocuments%\My Pictures\Sample Pictures\Blue hills.jpg
%CommonDocuments%\My Pictures\Sample Pictures\desktop.ini
%CommonDocuments%\My Pictures\Sample Pictures\Sunset.jpg
%CommonDocuments%\My Pictures\Sample Pictures\Water lilies.jpg
%CommonDocuments%\My Pictures\Sample Pictures\Winter.jpg
%CommonDocuments%\My Videos\Desktop.ini
%CommonStartMenu%\desktop.ini
%CommonPrograms%\Accessories\Accessibility\Accessibility Wizard.lnk
%CommonPrograms%\Accessories\Accessibility\desktop.ini
%CommonPrograms%\Accessories\Calculator.lnk
%CommonPrograms%\Accessories\Communications\desktop.ini
%CommonPrograms%\Accessories\Communications\HyperTerminal.lnk
%CommonPrograms%\Accessories\Communications\Network Connections.lnk
%CommonPrograms%\Accessories\Communications\Network Setup Wizard.lnk
%CommonPrograms%\Accessories\Communications\New Connection Wizard.lnk
%CommonPrograms%\Accessories\Communications\Remote Desktop Connection.lnk
%CommonPrograms%\Accessories\Communications\Wireless Network Setup Wizard.lnk
%CommonPrograms%\Accessories\desktop.ini
%CommonPrograms%\Accessories\Entertainment\desktop.ini
%CommonPrograms%\Accessories\Entertainment\Sound Recorder.lnk
%CommonPrograms%\Accessories\Entertainment\Volume Control.lnk
%CommonPrograms%\Accessories\Paint.lnk
%CommonPrograms%\Accessories\System Tools\Backup.lnk
%CommonPrograms%\Accessories\System Tools\Character Map.lnk
%CommonPrograms%\Accessories\System Tools\desktop.ini
%CommonPrograms%\Accessories\System Tools\Disk Cleanup.lnk
%CommonPrograms%\Accessories\System Tools\Disk Defragmenter.lnk
%CommonPrograms%\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
%CommonPrograms%\Accessories\System Tools\Scheduled Tasks.lnk
%CommonPrograms%\Accessories\System Tools\Security Center.lnk
%CommonPrograms%\Accessories\System Tools\System Information.lnk
%CommonPrograms%\Accessories\System Tools\System Restore.lnk
%CommonPrograms%\Accessories\WordPad.lnk
%CommonPrograms%\Administrative Tools\Component Services.lnk
%CommonPrograms%\Administrative Tools\Computer Management.lnk
%CommonPrograms%\Administrative Tools\Data Sources (ODBC).lnk
%CommonPrograms%\Administrative Tools\desktop.ini
%CommonPrograms%\Administrative Tools\Event Viewer.lnk
%CommonPrograms%\Administrative Tools\Local Security Policy.lnk
%CommonPrograms%\Administrative Tools\Performance.lnk
%CommonPrograms%\Administrative Tools\Services.lnk
%CommonPrograms%\Adobe Reader 6.0.lnk
%CommonPrograms%\desktop.ini
%CommonPrograms%\Startup\desktop.ini
%CommonPrograms%\Windows Messenger.lnk
%CommonStartMenu%\Set Program Access and Defaults.lnk
%CommonStartMenu%\Windows Catalog.lnk
%CommonStartMenu%\Windows Update.lnk
%Favorites%\Desktop.ini
%Favorites%\MSN.com.url
%Favorites%\Radio Station Guide.url
%MyDocuments%\desktop.ini
%MyDocuments%\My Music\Desktop.ini
%MyDocuments%\My Music\Sample Music.lnk
%MyDocuments%\My Pictures\Desktop.ini
%MyDocuments%\My Pictures\Sample Pictures.lnk
%UserProfile%\ntuser.ini
%UserProfile%\ntuser.pol
%StartMenu%\desktop.ini
%Programs%\Accessories\Accessibility\desktop.ini
%Programs%\Accessories\Accessibility\Magnifier.lnk
%Programs%\Accessories\Accessibility\Narrator.lnk
%Programs%\Accessories\Accessibility\On-Screen Keyboard.lnk
%Programs%\Accessories\Accessibility\Utility Manager.lnk
%Programs%\Accessories\Address Book.lnk
%Programs%\Accessories\Command Prompt.lnk
%Programs%\Accessories\desktop.ini
%Programs%\Accessories\Entertainment\desktop.ini
%Programs%\Accessories\Entertainment\Windows Media Player.lnk
%Programs%\Accessories\Notepad.lnk
%Programs%\Accessories\Program Compatibility Wizard.lnk
%Programs%\Accessories\Synchronize.lnk
%Programs%\Accessories\Tour Windows XP.lnk
%Programs%\Accessories\Windows Explorer.lnk
%Programs%\desktop.ini
%Programs%\Internet Explorer.lnk
%Programs%\Outlook Express.lnk
%Programs%\Remote Assistance.lnk
%Programs%\Startup\desktop.ini
%Programs%\Windows Media Player.lnk
c:\IO.SYS
c:\main.wab
c:\MSDOS.SYS
c:\NTDETECT.COM
c:\ntldr
%ProgramFiles%\Internet Explorer\HMMAPI.DLL
%ProgramFiles%\Internet Explorer\iedw.exe
%ProgramFiles%\Messenger\custsat.dll
%ProgramFiles%\Messenger\logowin.gif
%ProgramFiles%\Messenger\lvback.gif

Processing time: 8 min 0 sec
File MD5: 0xC0CD845532AA3484D9E6FB2AAB51837E
File size: 263,680 bytes

Threatexpert Analysis. - Full Report
Kaspersky File Advisor - Low
VT - Clean

Make sure to know first, the reputation of the vendor and its dedicated hosting/partner site before attempting to download and execute any unknown file ( signed or not).

**elliott94**

Holy crap, are those all of the files that get removed when it's run?

How did you get that report, and is anything changed before the OK button is clicked?

Sorry for the trouble.

Cheers.