|Date||July 29th, 2016|
|File Type||Win32 PE executable (.EXE)|
PCToaster is a very dangerous memory resident trojan on Microsoft Windows that overwrites the MBR and wipes out the boot partition, usually System Reserved. It was intended for the popular malware YouTuber danooct1's Viewer-Made Malware contest, thus this trojan was not meant to be out in the wild. This virus name can be a funny one like WHERE'S MY CRISP?!
When the program is executed, it asks the user for privileges via UAC. Then, a stock Java message box pops up saying that "This app cannot be used on "Windows 10" (on other versions of Windows, 10 is replaced with the system version, e.g. 8.1 or Vista)", and when the user presses the Exit button, the trojan tells the user that the button does not work. After this, PCToaster mounts the normally unenumerated boot partition (System Reserved on MBR systems) under V: and then deletes its contents to render Windows unbootable. PCToaster then terminates "lsass.exe", which causes the computer to schedule a reboot after 1 minute (this can be aborted by running "shutdown -a"). Afterwards, PCToaster unmounts every drive, including the primary partition C:, causing nearly every program to not work correctly, not work at all, or disappear altogether. Once the machine is reset, it fails to boot, as the MBR is overwritten with code displaying this message:
Hello there! I'm happy to tell that your PC has been TOASTED. extra crispy for your pleasure. Thank you for using PCToaster
PCToaster is meant to be run on Windows 10. On Windows 8 and earlier, the virus still activates its payloads, but it is unable to wipe out the boot partition and overwrite the MBR, but it can still terminate "lsass.exe" and eject all drives.