1 of 4
Danger level 9
Type: Rogue Anti-Spyware
Common infection symptoms:
  • Connects to the internet without permission
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer
Other mutations known as:
Infection Video WinDisk

WinDisk

The permanent damage rogue security tools are capable of have been widely documented, but the vitriol behind WinDisk rogue defragmenter should never be underestimated. WinDisk, as with its predecessors WinHDD and Win Defragmenter enters the system under suspicious circumstances, yet the rogue takes its attack to a completely new level. Although WinDisk comes across as a genuine security tool, it was designed with one purpose in mind; to rip consumers off. WinDisk does not own the ability to detect and remove any type of error or threat and is nothing more than a threat in itself.

WinDisk makes use of seditious Trojan horse infections to spread its infection. These very Trojans are distributed through an intricate system which includes subversive browser hijacking domains and bogus online malware scanners. Users are forcefully redirected to the browser hijacker’s compromised landing page, where all known system and browser weaknesses and susceptibilities are taken advantage of so as to allow for the WinDisk Trojan to root itself in the system. This is particularly distressing as this form of infiltration is completely undetectable to the user. The PC owner will remain oblivious to the presence of WinDisk on his system until such time that it starts its attack on the system by assailing the use with innumerable fake security messages.

These fake security notifications are completely baseless and without merit, and their only purpose is to engender a false sense of panic in the user. The fake security alerts will go on to inform the user that his system is compromised with various crippling errors and that WinDisk will be able to fix each one as soon as he parts with his hard earned money. There are many types of WinDisk to be on the lookout for, but the most notorious include the following:

"Critical Error!
Damaged hard drive clusters detected. Private data is at risk."

"Critical Error
Hard Drive not found. Missing hard drive."

"Critical Error
RAM memory usage is critically high. RAM memory failure."

"Critical Error
Windows can't find hard disk space. Hard drive error"

"Critical Error!
Windows was unable to save all the data for the file System32496A8300. The data has been lost. This error may be caused by a failure of your computer hardware."

"Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required."

"System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required."

"Requested registry access is not allowed. Registry defragmentation required
Read time of hard drive clusters less than 500 ms
32% of HDD space is unreadable
Bad sectors on hard drive or damaged file allocation table
GPU RAM temperature is critically high. Urgent RAM memory optimization is required to prevent system crash
Drive C initializing error
Ram Temperature is 83 C. Optimization is required for normal operation.
Hard drive doesn't respond to system commands
Data Safety Problem. System integrity is at risk.
Registry Error - Critical Error"

"Activation Reminder
Win Disk Activation
Advanced module activation required to fix detected errors and performance issues. Please purchase Advanced Module license to activate this software and enable all features."

"Low Disk Space
You are running very low disk space on Local Disk (C:)."

"Windows - No Disk
Exception Processing Message 0x0000013"

WinDisk has been known to insert sneaky calls to action in its fake security messages. Were the user to act on these fake security alerts it would make the process of ripping him off that much easier for WinDisk. Do not pay any regard to WinDisk’s fake alerts, and consider all correspondence and literature received from WinDisk as highly suspicious and suspect in nature.

Users who did not remove WinDisk in time complained about being unable to connect to the Internet, as well as being unable to launch any type of executable on the system. This is in an effort by WinDisk to prevent the user from running or downloading any program or application which could not only detect it as a fake tool, but also remove WinDisk from the system completely. Once the user attempts to launch a program, WinDisk will terminate the process immediately and inform the user that the program or hard drive is corrupted. The messages WinDisk will display include the following:

"Windows detected a hard drive problem.
A hard drive error occurred while starting the application."

Or

"Windows cannot find notepad. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

Or

"Windows detected a hard drive problem.
Scanning for hard drive errors...
Hard drive scan helps to detect and resolve hard drive problems and system performance issues. "

After the PC owner closes the above messages, he will be presented with the following message which states that WinDisk will not attempt to fix your hard drive:

"Fix Disk
Win Disk Diagnostics will scan the system to identify performance problems.
Start or Cancel"

"Should the user press on the START button, WinDisk will simulate a fake computer scan and will then go on to inform the user that something is direly wrong with his PC:
Win Disk Diagnostics"

"Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?"

Of course, none of these fake alerts used by WinDisk can be trusted, nor should it be trusted. All of it was designed to trick the PC owner and only forms part of WinDisk’s attack on the system.

If you would like to "activate" WinDisk on your PC and in so doing reestablish your Internet connection and execute programs, enter the following security code:

0973467457475070215340537432225

Do not think by merely entering the above code that you have successfully neutralized the threat as you have only "unlocked" WinDisk on the system. In order to avoid the certain devastation that follows an infection of this magnitude erase WinDisk from the system without delay. This is the only way you will be able to prevent your PC from turning into an empty shell. Invest in a properly functioning security tool which will not only destroy WinDisk but also offer future protection against similar threats and infections.

Download Spyware Removal Tool to Remove* WinDisk
  • Quick & tested solution for WinDisk removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove WinDisk

Files associated with infection (WinDisk):

Win Disk.lnk
Uninstall Win Disk.lnk
QbyEjDmJqwk.exe
OK2mJUKPOA.exe
bqFGxVGikap.dll
%UserProfile%\Start Menu\Programs\Win Disk\Win Disk.lnk
%UserProfile%\Start Menu\Programs\Win Disk
%UserProfile%\Start Menu\Programs\Win Disk\Uninstall Win Disk.lnk
%UserProfile%\Desktop\Win Disk.lnk
%AllUsersProfile%\Application Data\[random].exe
%AllUsersProfile%\Application Data\[random].dll

Files associated with infection (WinDisk) (Win7, Vista):

%UserProfile%\Start Menu\Programs\Win Disk\Win Disk.lnk
%UserProfile%\Start Menu\Programs\Win Disk
%UserProfile%\Start Menu\Programs\Win Disk\Uninstall Win Disk.lnk
%UserProfile%\Desktop\Win Disk.lnk
%AllUsersProfile%\[random].exe
%AllUsersProfile%\[random].dll

Dynamic Link Libraries to remove (WinDisk):

bqFGxVGikap.dll
%AllUsersProfile%\Application Data\[random].dll

Processes to kill (WinDisk):

QbyEjDmJqwk.exe
OK2mJUKPOA.exe
%AllUsersProfile%\Application Data\[random].exe

Remove registry entries (WinDisk):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random]”
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.