SanitarDiska Is The New Threat From Eastern Europe

Most of the world rogue applications come from Eastern Europe and there rate of growth is exploding. SanitarDiska is part of many well known rogue applications that are spreading across Europe and the Americas.

AKA:

Sanitar Diska

SanitarDiska file contents:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\Install PCPrivacyTool .lnk

Running Processes:
AntiVirusInstallFree_en[1].exe

Registry values:
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_ALL_USERS\Software\PCPrivacyTool
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\CLSID\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyTool
HKEY_LOCAL_MACHINE\SOFTWARE\ugdccw
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ugdccw” = “C:\PROGRA~1\PCPRIV~1\UGDCcw.exe” -start”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\”{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” = “secure_del”

Unregistered DLLs:
HKEY_ALL_USERS\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ugdccw = C:\\PROGRA~1\\PCPRIV~1\\UGDCcw.exe -start HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} = secure_del HKEY_ALL_USERS\\Software\\PCPrivacyTool HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.exe\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.lnk\\ShellEx\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\CLSID\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} HKEY_CLASSES_ROOT\\Directory\\Background\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Drive\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Audio\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Image\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Video\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\exefile\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\lnkfile\\shellex\\ContextMenuHandlers\\secure_del HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\GDC_is1 HKEY_LOCAL_MACHINE\\SOFTWARE\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\PCPrivacyTool HKEY_LOCAL_MACHINE\\SOFTWARE\\Purchased Products\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\ugdccw

Associated Files:
%ProgramFiles%\PCPrivacyTool
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyTool

 

Recommended Action:  Immediate Removal

PCPrivacyTool is one such group of rogue applications that contains SanitarDiska. If you discover during a scan that your computer is infected with SanitarDiska you should take action to remove it. If your computer is infected with multiple threats this might prove difficult. In that case you might need the help of a reliable malware protection and removal program. Only Spyzooka offers a 100% guarantee to completely eradicate SanitarDiska and the rest of the associated infection.

Download Free Scan

Leave a Reply

Your email address will not be published. Required fields are marked *

Products

Contact

css.php