At the Heart of Another Rogue Is Sanitar Diska
Over the years new rogue applications have become more dangerous to your privacy and Sanitar Diska is one of the newest privacy risks. What Sanitar Diska does is not completely known, but it is known that it is associated with a group of rogue applications known as PCPrivacyTool.
AKA:
SanitarDiska
FraudTool.Win32.SanitarDiska
Sanitar Diska file contents:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\Install PCPrivacyTool .lnk
Running Processes:
AntiVirusInstallFree_en[1].exe
Registry values:
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_ALL_USERS\Software\PCPrivacyTool
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\CLSID\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyTool
HKEY_LOCAL_MACHINE\SOFTWARE\ugdccw
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ugdccw” = “C:\PROGRA~1\PCPRIV~1\UGDCcw.exe” -start”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\”{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” = “secure_del”
Unregistered DLLs:
HKEY_ALL_USERS\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ugdccw = C:\\PROGRA~1\\PCPRIV~1\\UGDCcw.exe -start HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} = secure_del HKEY_ALL_USERS\\Software\\PCPrivacyTool HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.exe\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.lnk\\ShellEx\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\CLSID\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} HKEY_CLASSES_ROOT\\Directory\\Background\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Drive\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Audio\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Image\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Video\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\exefile\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\lnkfile\\shellex\\ContextMenuHandlers\\secure_del HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\GDC_is1 HKEY_LOCAL_MACHINE\\SOFTWARE\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\PCPrivacyTool HKEY_LOCAL_MACHINE\\SOFTWARE\\Purchased Products\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\ugdccw
Associated Files:
%ProgramFiles%\PCPrivacyTool
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyTool
Recommended Action: Immediate Removal
If during a scan of you computer with a reliable malware protection and removal program you come across Sanitar Diska than it is a sure bet your computer is infected with some type of rogue application. To remove the threats associated with Sanitar Diska it is a good idea to use a 100% guaranteed malware removal and protection program like Spyzooka. With Spyzooka your computer will be 100% guaranteed to be rid of Sanitar Diska.