Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trouble with luhe.fiha.A virus ("windows detected a hard disk problem")

  • Please log in to reply
5 replies to this topic

#1 alittlehelp


  • Members
  • 88 posts
  • Local time:01:29 AM

Posted 06 June 2016 - 10:06 PM

Not really sure what action/software(?)  may have caused the actual problem to occur. but two days ago I began receiving a a dialogue box that keeps popping up while working on my laptop: "Windows Detected a Hard Disk Problem",  in addition to "back up my files immediately"... with the option to "Start the back up  process".


This is a lightly used, second hand Samsung PC Pro covertable pc/tablet, previously wiped and fresh install (1 year ago) running windows 8.1 that has worked flawlessly since I've owned it. The first indication that I noticed something was wrong was the Intel Rapid Storage icon in the system tray pops up a yellow caution marker.  Then a few moments later the Window dialogue indicating a hard drive issue popped up.


Thinking my SSD was about to go belly up, I did a Systems Image backup and began to download/backup all necessary drivers via Samsung's SW update utility (Samsungs OEM utility app). During the driver backup process, Avg detected the threat "Luhe.Fiha.A" in [ C:\Program\Data\Samsung\SWUpdate\Temp\Packages\231e2885-c0ab-4234-986a-72fc8a8f9a5c\delay.exe ]. Causing the SW utility to freeze. After selecting the "protect me button", Avg reports that the virus had been contained. However upon subsequent use and attempts (at least 15), to back up drivers with SWUpdate I continue to get the same cycle of warnings as previously described.

A search for the virus name and "affected files / folders" turns up nothing in file manager searches.


Running CCleaner, RKill, AVG, Malwarebytes, SAS, Mbar, Eset online scan in Normal & SafeMode - all report No infection. I tried System Restore but all of the previous months restore points seem to be missing. The current restore points earlier this month are there but fail to successfully restore. After several Google queries It is my understanding  that this is indeed how the Luhe.Fiha.A is known to behave; by hiding itself from AV and projecting these kinds of hardware/memory failure warnings(?) in some cases.


The machine continues to work wonderful without any indication of infection. But i do get the intermittent warnings and  I'm not so convinced that I'm not infected.


Can anyone  please assist me in making sure that my machine has not been compromised?

Thank you for your kind attention!


Edit: I neglected to add that I am unable to run Rkill in Safe Mode w/ Networking. I receive an error stating to the effect that "Rkill cannot run on this version of my operating system". But Rkill runs with no problem in Normal Mode. I'm using windows 64 bit. - Thanks!

Edited by alittlehelp, 07 June 2016 - 10:47 AM.

BC AdBot (Login to Remove)



#2 alittlehelp

  • Topic Starter

  • Members
  • 88 posts
  • Local time:01:29 AM

Posted 10 June 2016 - 11:09 AM

Well I posted this problem with Luhe.Fiha.A virus a couple of days ago.

I appreciate all the assistance I've received here, resolving my issues over the past few years and understand volunteered help is not always readily available.

Nonetheless I am grateful.


Upon further attempts to figure out the why i keep getting a "Windows detected a hard drive problem" popup waring / Intel Rapid  Storage monitor  warning when all my AV scans (in my previous post) in addition to running CHKDSK including Computer Management seem to state otherwise ie: No Problems / Healthy.


I recently narrowed down the cause for the virus detected alert I'm getting from AVG free while trying to backup/DL my device drivers via Samsung's SW Update Utility.

I managed to download all the drivers associated with my PC Pro 700t, after (finally) having discovered which driver/DL was triggering AVG virus warning. Now having backed up each driver one by one, the virus alert is triggered while  downloading Samsung's Sound Driver. Contacting Samsung's tech support was fruitless and at best reacting in total denial for any problems compromising their drivers. Fair enough. However, I have two un-networked PC Pro machines that exhibit the same virus detected warnings when attempting to download from SW Update/Samsung servers. AVG website describes it as not a false positive.


I've been unsuccessful at unhiding all systems files in an attempt to seek out the offending entry/virus on the Laptop even after careful analyzing of free DL software to assist me (and NOT create more problems). Running CrystalDiskInfo  told me a different story; that my HD (mSATA), was indeed failing.


I still don't know for sure if I have a virus.

I'm kinda on my own here. I'm not opposed to upgrading my PC/Laptop to a shiny new 500 gig SSD. I guess I'm more concerned about migrating any viruses to my

new HD without fully knowing and exhausting my efforts in making an informative decision.


I apologize for the winded "dissertation"....


Thanks again for any support you can offer.

Edited by alittlehelp, 10 June 2016 - 11:15 AM.

#3 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:12:29 AM

Posted 10 June 2016 - 02:48 PM

Are you using the paid version of AVG? I know that it can cause many problems, I recently ran into a machine that would not open command prompt among other things and removing AVG fixed all of the issues.


Can you remove it and then run the uninstaller, then let me know how things are. You can replace it with Sophos Home or Panda Free to remain protected.


Also, might be a good idea to go ahead and run a check disk on this machine as well.



Run chkdsk /f /r from elevated command prompt.



Also, lets just check the machine with a few scanners and see how things are as well. :)


Adware Cleaner Scan.


Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Adware Removal Tool Scan.


Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.





Hit Ok.




Hit next make sure to leave all items checked, for removal.





The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.


ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.




2. Once you have started the program, you will need to click the scanner button.


The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.


At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan



Run a full scan with Zemana AntiMalware!

Install and select deep scan.


Remove any infections found.

Then click on the icon in the pic below.


Double click on the scan log, copy and paste here in your reply

#4 alittlehelp

  • Topic Starter

  • Members
  • 88 posts
  • Local time:01:29 AM

Posted 12 June 2016 - 11:26 AM

InadequateInfirmity - Thanks for your through and helpful response!


I just handed over my PC tablet to our IT guy at work. Although he's a Linux guy, he's always up for a challenge. I managed to get a fair price on a 250 gig mSATA if the hard proves to be faulty. I hope to have my PC back on Monday 6.13.16.after he runs his analysis.

To answer your question; I am running AVG Free edition. I'm going to check out your recommendation for Sophos and Panda, as I can't stand the overhead and Popups that AVG Free imposes and runs in the background.


I have Adw Cleaner and JRT and have run those tools with clean results.

If not already done so by my IT friend, I'll pick up where we left off on this thread and let you know ASAP and proceed with your advice.


Thanks so much InadequateInfirmity - I'll be sure to follow up!

#5 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:12:29 AM

Posted 12 June 2016 - 03:34 PM

Keep me posted. :)

#6 alittlehelp

  • Topic Starter

  • Members
  • 88 posts
  • Local time:01:29 AM

Posted 24 June 2016 - 04:20 AM

InadequateInfirmity -


After handing off my PC tablet to my IT friend for analysis, I should be getting it back today. No infection was found. However it was determined that the hard drive was indeed failing. It is down to 1% health. I'm going to attempt to clone the drive.


Thank you for all your valuable suggestions and your patience :)!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users