Win Disk
Win Disk is a fake hard drive utility program that will be dropped and installed on computers by a Trojan and sometimes without users intervention. Coming from the family or rogue program where Windows Scan and Memory Scan also belongs, Win Disk virus also adopted its graphical user interface and method of propagation. Fake online antivirus web sites also hosts the executable files of Win Disk where users will be redirected by a Trojan infection. Keep away from downloading files from file-sharing networks, they may also contain an embedded code for this malware. When installed on the PC, Win Disk will produce false error in the following alerts:
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can’t find hard disk space. Hard drive error
As already mentioned, these alerts are just part of an scare tactics being employed by Win Disk virus. Never believe in any of these and as much as possible do a full scan of the computer right away. Having these errors poped-out on the computer means that the system is already contracted with Win Disk virus. A simple and automatic removal guide is provided on this page to help victims in getting rid of Win Disk and all of its components planted on the PC.
Screen Shot Image:
Alias: WindDisk Virus
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Win Disk Removal Procedures
Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Win Disk”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe
2. You need to update your installed antivirus application to have the latest database.
3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Win Disk Virus.
4. Registry entries created by Win Disk must also be remove from the Windows system. Please refer below for entries associated to the rogue program. [how to edit registry]
5. Exit registry editor.
6. Get rid of Win Disk start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe
7. Click Apply and restart Windows.
Win Disk Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.
Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.
Technical Details and Additional Information:
Malicious Files Added by Win Disk:
%UserProfile%\Desktop\Win Disk.lnk
%UserProfile%\Start Menu\Programs\Win Disk\Uninstall Win Disk.lnk
%UserProfile%\Start Menu\Programs\Win Disk
%UserProfile%\Start Menu\Programs\Win Disk\Win Disk.lnk
%AllUsersProfile%\Application Data\~
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\.dll
%AllUsersProfile%\Application Data\.exe
%AllUsersProfile%\Application Data\
%AllUsersProfile%\Application Data\.exe
Win Disk Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “<random>.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “<random>”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
Comments and Suggestions
On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Win Disk payment refund or lost serial key, kindly check the FAQ for rogue program first.
Disclaimer:
Read our article disclaimer about Win Disk.