SanitarDiska Is The New Threat From Eastern Europe

Most of the world rogue applications come from Eastern Europe and there rate of growth is exploding. SanitarDiska is part of many well known rogue applications that are spreading across Europe and the Americas.

AKA:

Sanitar Diska

SanitarDiska file contents:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\PCPrivacyTool unregistered.lnk
%UserProfile%\Desktop\Install PCPrivacyTool .lnk

Running Processes:
AntiVirusInstallFree_en[1].exe

Registry values:
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”PCPrivacyTool” = “C:\Program Files\PCPrivacyTool\GDC.exe”
HKEY_ALL_USERS\Software\PCPrivacyTool
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\CLSID\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyTool
HKEY_LOCAL_MACHINE\SOFTWARE\ugdccw
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ugdccw” = “C:\PROGRA~1\PCPRIV~1\UGDCcw.exe” -start”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\”{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}” = “secure_del”

Unregistered DLLs:
HKEY_ALL_USERS\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\PCPrivacyTool = C:\\Program Files\\PCPrivacyTool\\GDC.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ugdccw = C:\\PROGRA~1\\PCPRIV~1\\UGDCcw.exe -start HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} = secure_del HKEY_ALL_USERS\\Software\\PCPrivacyTool HKEY_CLASSES_ROOT\\*\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.exe\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\.lnk\\ShellEx\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\CLSID\\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21} HKEY_CLASSES_ROOT\\Directory\\Background\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Directory\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Drive\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\Folder\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Audio\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Image\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\SystemFileAssociations\\Directory.Video\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\exefile\\shellex\\ContextMenuHandlers\\secure_del HKEY_CLASSES_ROOT\\lnkfile\\shellex\\ContextMenuHandlers\\secure_del HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\GDC_is1 HKEY_LOCAL_MACHINE\\SOFTWARE\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\PCPrivacyTool HKEY_LOCAL_MACHINE\\SOFTWARE\\Purchased Products\\PC Drive Tool HKEY_LOCAL_MACHINE\\SOFTWARE\\ugdccw

Associated Files:
%ProgramFiles%\PCPrivacyTool
C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyTool

 

Recommended Action:  Immediate Removal

PCPrivacyTool is one such group of rogue applications that contains SanitarDiska. If you discover during a scan that your computer is infected with SanitarDiska you should take action to remove it. If your computer is infected with multiple threats this might prove difficult. In that case you might need the help of a reliable malware protection and removal program. Only Spyzooka offers a 100% guarantee to completely eradicate SanitarDiska and the rest of the associated infection.

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php