Windows Diagnostic is another fake system optimizer from new generation of defragger family. Despite its name, it has nothing to do with legitimate Microsoft programs or any other legitimate programs. Windows Diagnostic is a phishing scam that tries to force users into paying for non-functional software and giving away credit card details.
Windows Diagnostics malware is downloaded into infected PC’s by Trojans and start showing various messages about hardware malfunction. These messages are predefined, and have nothing to do with real hardware problems. Windows Diagnostics alerts look like this:
Requested registry access is not allowed. Registry defragmentation required
32% of HDD space is unreadable
Ram Temperature is 83 C. Optimization is required for normal operation.
These alerts are faked and hardware is likely to be in top condition. However, to convince you Windows Diagnostic will try to emulate hardware problems. It is done in 2 stages: First, it opens different folders when browsing disk in explorer or shows folder as empty. Next, it randomly prevents execution of software by displaying system messages like this:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
Once in a while Windows Diagnostic will allow application to launch, and in many cases some of the applications will run normally. However, it will actively prevent security applications from starting.
Another thing Window Diagnostic does is that it will start a short scan on clicking on windows Start menu and afterwards will show a message like this :
Windows detected a hard disk error.
A problem with the hard drive sectors has been detected. It is recommended to download the following sertified software to fix the detected hard drive problems. Do you want to download recommended software?
If you press on one of the alerts, main executable of Windows Diagnostic is “installed” and launched. It will show faked scan results (like the ones in the alerts). This malware will claim that your PC is in desperate condition: hard disk is almost broken, RAMand GPU overheating and registry needs optimization. In fact, most of these problems could not be solved by software alone, and would require hardware change. However, Windows Diagnostic claims being able to fix these problems as long as you purchase full version of this malware for 80 USD or so. This is a scam, and you should not pay for Windows Diagnostic.
To remove Windows Diagnostic, try entering this code in its activation window: 8475082234984902023718742058948 . This key will make Windows Diagnostic think that it is already registered and it will stop majority of popups. If this does not work, try rebooting into safe mode with networking and stopping its processes before deleting its files manually. Typically, Windows Diagnostic will use completely random process names, but they are easily recognized by being either complete rubbish like sdgsdgsdhsdyewy or fully numerical (236536236.exe ). I recommend using process explorer to stop this malware. Alternate download location is here : https://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe
It is extremely important to scan your PC with anti-malware programs to fully get rid of Windows Diagnostic. I recommend spyhunter and Malwarebytes Anti-Malware, however you will have to update these programs before they can detect Windows Detection. You can also try NOD32 or Symantec antivirus. This malware is spread by trojan downloader, and if you delete Windows Detection files alone, you will have to repeat its removal again, as it will be surely re-downloaded.
If Windows Diagnostic blocks anti-malware tool download, try downloading them in safe mode with networking, and before downloading disable proxy server in your browser.
I recommend keeping your protection software up to date to avoid such infections. Keeping decent internet security software or Antivirus/Firewall/Anti-Malware tool combination would reduce chances of infection significantly.
Automatic Malware removal tools