Wednesday, 13 October 2010

How to remove System Defragmenter (Uninstall Guide)

System Defragmenter is a fake defragmentation and system optimization program that deliberately reports non-existent hard drive errors, junk files, Windows registry errors, missing or outdated drivers and other fake problems on your computer. It only pretends to scan your hard drive for problems. It simply lists predetermined errors and that's all. It should be noted that System Defragmenter reports basically the same fake errors on different computers, so obviously you shouldn’t trust it. After the fake scan, you will be prompted to pay for a full version of the program to fix these non-existent hard drive and registry errors. It goes without saying that you shouldn’t purchase System Defragmenter. Don't throw your money away. It does not worth a dime. If you are reading this article then your computer is probably infected with System Defragmenter. Thankfully, we've got the removal instructions to help you to remove System Defragmenter from your computer for free using legitimate anti-malware software. Please follow the removal instructions below.




(Thanks to rogueamp)

Probably the most annoying thing about SystemDefragmenter is that this program blocks nearly all executables on your computer. When you attempt to run any of them it will claim that Exe file is corrupted and display the following message:
System Error!
Exe file is corrupted and can't be run. Hard drive scan required.
Scan Hard Drive


However, if you attempt to run a program enough times it will eventually work. But that's very annoying. Furthermore, the fake program will display many fake error messages and pop-ups from the Windows taskbar. It may claim that RAM temperature is critically high and that there are many critical hard drive and registry errors that should be fixed immediately. Here's a list of the fake problems it detects on your computer:
  • Drive C initializing error
  • Bad sectors on hard drive or damaged file allocation table - Critical Error
  • Read time of hard drive clusters less than 500 ms - Critical Error
  • Hard drive does not respond to system commands - Critical Error
  • Requested registry access is not allowed. Registry defragmentation required
  • Registry Error - Critical Error
And here's a list of some of the fake alerts you may see coming from the Windows taskbar:
Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error
Hard Drive not found. Missing hard drive.
System Defragmenter
Restart in Safe Mode required
Restart the computer in Safe Mode to fix detected problems
Restart your computer in Safe Mode, and then run
the Defragmenter tool. Starting Defragmenter in Safe Mode
help to prevent system damage and data loss. Please
do not start other applications until the process has complited
Of course, there are more such fake alerts. System Defragmenter is promoted through the use of fake online scanners and bogus/infected web pages. It's not a legitimate program and it doesn't allow you to use your computer properly. Without a doubt, you should remove System Defragmenter from your computer as soon as possible. Please don't purchase. If you have already bought this malware then contact your credit card company and dispute the charges. Then please follow System Defragmenter removal instructions given below. You can remove it either manually or using free legitimate anti-malware software. Last, but not least, if you have any questions or additional information about the rogue program, please leave a comment. Good luck and be safe online!


System Defragmenter removal instructions using HijackThis or Process Explorer (in Normal mode):

First of all, run your web browser (Internet Explorer, Firefox, Chrome or any other). The virus will block it, but just keep trying to launch it and eventually it's going to let you.

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entries in the scan results:
O4 - HKCU\..\Run: [exe.exe] %Temp%\exe.exe
O4 - HKCU\..\Run: [254586] %Temp%\[254586].exe

The process name will be different in your case [SET OF RANDOM NUMBERS].exe, located in:
C:\Documents and Settings\[User Name]\Local Settings\Temp\ for Windows XP
C:\Users\[User Name]\AppData\Local\Temp\ for Windows Vista & 7
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

OR you may download Process Explorer and end Antivirus Action process:
  • exe.exe
  • [SET OF RANDOM NUMBERS].exe, i.e. 254586.exe
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


System Defragmenter removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


System Defragmenter associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]\[SET OF RANDOM NUMBERS].exe
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]\exe.exe
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]\exe.log
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\maindll.dll
  • C:\Documents and Settings\[User Name]\Desktop\System Defragmenter.lnk
  • C:\Documents and Settings\[User Name]\Start Menu\Programs\System Defragmenter
  • C:\Documents and Settings\[User Name]\Start Menu\Programs\System Defragmenter\System Defragmenter.lnk
For Windows Vista & Windows 7 users:
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]\[SET OF RANDOM NUMBERS].exe
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]\exe.exe
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]\exe.log
  • C:\Users\[User Name]\AppData\Local\Temp\maindll.dll
  • C:\Users\[User Name]\Desktop\System Defragmenter.lnk
  • C:\Users\[User Name]\Start Menu\Programs\System Defragmenter
  • C:\Users\[User Name]\Start Menu\Programs\System Defragmenter\System Defragmenter.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "exe.exe"
Share the knowledge:

No comments:

Post a Comment