MyDisk

MyDisk

Found: 
2011-01-11
Description: 

Win32.FraudTool.MyDisk is a rogue diagnostic application. It may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.

 

Credit: Tachikoma

 

Known system changes: 

Files
%Appdata%\<random1.exe>

%Appdata%\<random2.exe>

%Appdata%\<random.dll>

%Desktop%\My Disk.lnk



Folders

%StartMenu%\My Disk

RegistryEntries

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: <random>
Data: C:\Documents and Settings\All Users\Application Data\<random>.exe
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: <random>i.exe
Data: C:\Documents and Settings\All Users\Application Data\<random>.exe