Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

PCToaster

From Malware Wiki
Jump to: navigation, search
PCToaster
PCToasterDialogue.png
TypeTrojan
CreatorInfinitecode
DateJuly 29th, 2016
Programming LanguageJava
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
This box: view  talk  edit

PCToaster is a very dangerous memory resident trojan on Microsoft Windows that overwrites the MBR and wipes out the boot partition, usually System Reserved. It was intended for the popular malware YouTuber danooct1's Viewer-Made Malware contest, thus this trojan was not meant to be out in the wild. This virus name can be a funny one like WHERE'S MY CRISP?!

Payloads

When the program is executed, it asks the user for privileges via UAC. Then, a stock Java message box pops up saying that "This app cannot be used on "Windows 10" (on other versions of Windows, 10 is replaced with the system version, e.g. 8.1 or Vista)", and when the user presses the Exit button, the trojan tells the user that the button does not work. After this, PCToaster mounts the normally unenumerated boot partition (System Reserved on MBR systems) under V: and then deletes its contents to render Windows unbootable. PCToaster then terminates "lsass.exe", which causes the computer to schedule a reboot after 1 minute (this can be aborted by running "shutdown -a"). Afterwards, PCToaster unmounts every drive, including the primary partition C:, causing nearly every program to not work correctly, not work at all, or disappear altogether. Once the machine is reset, it fails to boot, as the MBR is overwritten with code displaying this message:

Hello there! I'm happy to tell that your PC has been TOASTED. 


extra crispy for your pleasure.


Thank you for using PCToaster

PCToaster is meant to be run on Windows 10. On Windows 8 and earlier, the virus still activates its payloads, but it is unable to wipe out the boot partition and overwrite the MBR, but it can still terminate "lsass.exe" and eject all drives.