Windows Disk

Windows Disk is nothing but a fake hard drive optimization tool. Typical scam web sites will spread a copy of this rogue software. Windows Disk virus also uses a Trojan to help extend infection on other computers by means of Internet. Moreover, people who frequently download programs from unsecured server have the tendency to acquire the same. Once installed on the computer, Windows Disk will begin to disseminate false information regarding errors and system malfunction. Posting of fake alert and simulated virus scan brings more uncertainty to the victim. Its malicious intent will begin to surface as it continues to promote self as protection software. Each move of Windows Disk equates in attempting to persuade users into getting the registration key of this rogue application.

Never believe what this rogue program is trying to prove. Every action of Windows Disk is just an scare tactics and aims to scam computer users. Later on, it will oblige users to pay for the program by redirecting them to a website where credit card transaction is the only means of payment. Not only that victim be charge for an indicated amount. The site also collects information such as credit card details and personal data that are useful for other online unlawful doings.

Screen Shot Image:

Image of Windows Disk Virus

Alias: WindowsDisk

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Windows Disk Removal Procedures

Manual Removal:
1. Press Ctrl+Alt+Del on keyboard to stop process associated to “Windows Disk”. When Windows Task Manager opens, go to Processes Tab and find and end the following process:
(random characters).exe

2. You need to update your installed antivirus application to have the latest database.

3. Thoroughly scan the computer and any detected threats must be removed. If removal is prohibited, it is best to quarantine the infected item. Manually locating and deleting of malicious files should also be performed. Please see files below that are related to Windows Disk Virus.

4. Registry entries created by Windows Disk must also be remove from the Windows system. Please refer below for entries associated to the rogue program.
- For Windows 2000/XP: Go to Start > Run, type “regedit” on dialog box then press Enter on keyboard.
- For Windows Vista/7: Go to Start > Search Program and Files, type “regedit” and press Enter.

5. Exit registry editor.

6. Get rid of Windows Disk start-up entry by going to Start > Run, type msconfig on the “Open” dialog box. A windows containing System Configuration Utility will be launched. Go to Startup tab and uncheck the following Start-up item(s):
(random characters).exe

7. Click Apply and restart Windows.

Windows Disk Removal Tool:
In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

Using Portable SuperAntiSpyware:
To thoroughly remove the virus, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Click here to download and run SAS Portable Scanner.

Technical Details and Additional Information:

If Windows Disk is installed, it will begin to display fake alerts as an scare tactics to mislead victims:

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Low Disk Space
You are running very low disk space on Local Disk (C:).

Malicious Files Added by Windows Disk:
%AllUsersProfile%\[random].dll
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random] %UserProfile%\Desktop\Windows Disk.lnk
%UserProfile%\Start Menu\Programs\Windows Disk\
%UserProfile%\Start Menu\Programs\Windows Disk\Uninstall Windows Disk.lnk
%UserProfile%\Start Menu\Programs\Windows Disk\Windows Disk.lnk

File Location for Windows Versions:

  • %UserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.
  • %AllUserProfile% for Vista/7 user is C:\Users\<Current User> for Windows Vista/7, for Windows XP/2000 this is C:\Documents and Settings\<Current User>.

Windows Disk Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Associations “LowRiskFileTypes” = ‘/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/ fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:’
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Attachments “SaveZoneInformation” = ’1′
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = ‘no’
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main “Use FormSuggest” = ‘yes’

Alternative Removal Method for Windows Disk

Option 1 : Use Windows System Restore to return Windows to previous state

If Windows Disk enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Windows Disk infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.