WinDisk
Posted: February 2, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 14 |
| First Seen: | February 3, 2011 |
|---|---|
| Last Seen: | January 8, 2020 |
| OS(es) Affected: | Windows |
Arising from the Russian Federation, WinDisk is just a fresh layer of paint slapped on the rogue System Defragmenter. Although it follows many of the usual strategies of rogue software such as Security Shield, WinDisk does more than just create fake error messages to annoy users. While WinDisk may be new, it's still no better than yesterday's rogue malware; be prepared to catch it and wipe it from existence! On the bright side, WinDisk detection and removal is a cinch, due to its strong similarities to preexisting and well-documented rogues
WinDisk is Just Another Wolf in Sheep's Clothing
WinDisk is part of a time-saving scheme that malware creators are using particularly frequently these days. Instead of creating a whole new piece of malware software when one is caught, they simply tweak the appearance, call it something else, and send it out into the web again to wreak havoc. Although it's also known as Win-Disk and Win Disk, WinDisk is actually the same essential malware as System Defragmenter, which first appeared on the scene in 2010, one year before WinDisk. This is, believe it or not, good for you.
In using the same old tricks as older malware, WinDisk becomes almost painfully easy to detect for those who are aware of it. Are you noticing a lot of familiar pop-up advertisement from old malware that you thought you cleaned out? That's no surprise, because WinDisk uses the same ones! Its lack of originality continues with its tendency to create misleading error messages. The exact messages may vary but will look something like this:
- "Windows detected a hard drive problem.
Scanning for hard drive errors...
Hard drive scan helps to detect and resolve hard drive problems and system performance issues." - "Windows detected a hard drive problem.
A hard drive error occurred while starting the application." - "Windows cannot find notepad. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."
Such error messages can appear both when trying to launch a program and when trying to delete files or folders. There are even specific error messages for the Taskbar. Do you see a Taskbar notification that you're low on space or system memory when you're sure you have plenty? WinDisk could be behind that little notification!
The idea is to get the user to think that WinDisk is legitimate security software that must be purchased to fix the computer. This is encouraged by directing the user to launch a fake system scan after any error, and then eventually indicating that the 'full' version of the program will be more effective at cleaning out your PC. Nothing could be more distant from the truth - many of WinDisk's error messages are entirely false alerts, while others are derived from problems caused by WinDisk deliberately.
Very often, WinDisk will be bundled with and installed surreptitiously through Trojans, including rootkits. These Trojan infections will commonly assist WinDisk by providing even more fake error messages. Don't panic, and remember that giving the crooks who made WinDisk your money will solve nothing.
How the WinDisk Problem Can Escalate
Do you think or know that WinDisk is on your system? Then kick the rogue program up to the top of your priority list! Yes, it will pretend to be an anti-malware scanner and give you annoying pop-ups and lying error messages, but compared to what else it can do, this is noting. One of its deadlier abilities is the tendency is to have malware bundled with it through concealing the entries. This tag team damage to your system can make it difficult to cleanse all the infections unless you get rid of WinDisk first to see what else is there.
WinDisk is also known for being able to conceal files, making them effectively invisible to the user even though they're really there. It shows a preference for doing this with, of course, your crucial system files, like the ones in your Windows/System32 folder. Once again, keep a cool head, and remember that you will see the files again as soon as you disable WinDisk.
Nonetheless, this intruder is far from done with hampering with your hard disk. WinDisk's worst assault is to shut down some processes outright. WinDisk can target many different processes, but is oddly enough known to have an especial hatred for text editors like Notepad.
The Bitter Bottom Line of WinDisk
Because of its capacity to hinder a broad range of functions on your computer, WinDisk's removal should be nothing less than the first thing you get done if you find yourself infected. WinDisk's malicious sophistication can be countered by using a specialized anti-WinDisk deletion tool. Since WinDisk has its dirty fingers on the pulses of so many different computer processes, using the same casual removal methods that you would use to knockout other rogue software may not necessarily work on for this one the first attempt.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ALLUSERSPROFILE%\Application Data\QbyEjDmJqwk.exe
File name: QbyEjDmJqwk.exeSize: 456.7 KB (456704 bytes)
MD5: 46d57f93ff5cf3476b06db8eb6f91703
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: January 8, 2020
%ALLUSERSPROFILE%\Application Data\OK2mJUKPOA.exe
File name: OK2mJUKPOA.exeSize: 377.34 KB (377344 bytes)
MD5: 2fa2493fc3962bca089e2f1229e10513
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: February 3, 2011
%ALLUSERSPROFILE%\Application Data\bqFGxVGikap.dll
File name: bqFGxVGikap.dllSize: 421.88 KB (421888 bytes)
MD5: fd3b18221b25798b994813a1dd23d813
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: February 3, 2011
Good to find an expert who knows what he's tkailng about!