At the Heart of Another Rogue Is Sanitar Diska

Over the years new rogue applications have become more dangerous to your privacy and Sanitar Diska is one of the newest privacy risks. What Sanitar Diska does is not completely known, but it is known that it is associated with a group of rogue applications known as PCPrivacyTool.

AKA:

SanitarDiska
FraudTool.Win32.SanitarDiska

Sanitar Diska file contents:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\Install PCPrivacyTool .lnk

Running Processes:
AntiVirusInstallFree_en[1].exe

Registry values:
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_ALL_USERS\Software\PCPrivacyTool
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\CLSID\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyTool
HKEY_LOCAL_MACHINE\SOFTWARE\ugdccw
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ugdccw” = “C:\PROGRA~1\PCPRIV~1\UGDCcw.exe” -start”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\”{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” = “secure_del”

Unregistered DLLs:
HKEY_ALL_USERS\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ugdccw = C:\\PROGRA~1\\PCPRIV~1\\UGDCcw.exe -start HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} = secure_del HKEY_ALL_USERS\\Software\\PCPrivacyTool HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.exe\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.lnk\\ShellEx\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\CLSID\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} HKEY_CLASSES_ROOT\\Directory\\Background\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Drive\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Audio\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Image\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Video\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\exefile\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\lnkfile\\shellex\\ContextMenuHandlers\\secure_del HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\GDC_is1 HKEY_LOCAL_MACHINE\\SOFTWARE\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\PCPrivacyTool HKEY_LOCAL_MACHINE\\SOFTWARE\\Purchased Products\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\ugdccw
Associated Files:
%ProgramFiles%\PCPrivacyTool
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyTool

Recommended Action:  Immediate Removal

If during a scan of you computer with a reliable malware protection and removal program you come across Sanitar Diska than it is a sure bet your computer is infected with some type of rogue application. To remove the threats associated with Sanitar Diska it is a good idea to use a 100% guaranteed malware removal and protection program like Spyzooka. With Spyzooka your computer will be 100% guaranteed to be rid of Sanitar Diska.

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php