Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, October 13, 2010

How to remove System Defragmenter (Uninstall Guide)

Tell your friends:
System Defragmenter is a fake defragmentation and system optimization program that deliberately reports non-existent hard drive errors, junk files, Windows registry errors, missing or outdated drivers and other fake problems on your computer. It only pretends to scan your hard drive for problems. It simply lists predetermined errors and that's all. It should be noted that System Defragmenter reports basically the same fake errors on different computers, so obviously you shouldn’t trust it. After the fake scan, you will be prompted to pay for a full version of the program to fix these non-existent hard drive and registry errors. It goes without saying that you shouldn’t purchase System Defragmenter. Don't throw your money away. It does not worth a dime. If you are reading this article then your computer is probably infected with System Defragmenter. Thankfully, we've got the removal instructions to help you to remove System Defragmenter from your computer for free using legitimate anti-malware software. Please follow the removal instructions below.




(Thanks to rogueamp)

Probably the most annoying thing about SystemDefragmenter is that this program blocks nearly all executables on your computer. When you attempt to run any of them it will claim that Exe file is corrupted and display the following message:
System Error!
Exe file is corrupted and can't be run. Hard drive scan required.
Scan Hard Drive


However, if you attempt to run a program enough times it will eventually work. But that's very annoying. Furthermore, the fake program will display many fake error messages and pop-ups from the Windows taskbar. It may claim that RAM temperature is critically high and that there are many critical hard drive and registry errors that should be fixed immediately. Here's a list of the fake problems it detects on your computer:
  • Drive C initializing error
  • Bad sectors on hard drive or damaged file allocation table - Critical Error
  • Read time of hard drive clusters less than 500 ms - Critical Error
  • Hard drive does not respond to system commands - Critical Error
  • Requested registry access is not allowed. Registry defragmentation required
  • Registry Error - Critical Error
And here's a list of some of the fake alerts you may see coming from the Windows taskbar:
Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can't find hard disk space. Hard drive error
Critical Error
Hard Drive not found. Missing hard drive.
System Defragmenter
Restart in Safe Mode required
Restart the computer in Safe Mode to fix detected problems
Restart your computer in Safe Mode, and then run
the Defragmenter tool. Starting Defragmenter in Safe Mode
help to prevent system damage and data loss. Please
do not start other applications until the process has complited
Of course, there are more such fake alerts. System Defragmenter is promoted through the use of fake online scanners and bogus/infected web pages. It's not a legitimate program and it doesn't allow you to use your computer properly. Without a doubt, you should remove System Defragmenter from your computer as soon as possible. Please don't purchase. If you have already bought this malware then contact your credit card company and dispute the charges. Then please follow System Defragmenter removal instructions given below. You can remove it either manually or using free legitimate anti-malware software. Last, but not least, if you have any questions or additional information about the rogue program, please leave a comment. Good luck and be safe online!


System Defragmenter removal instructions using HijackThis or Process Explorer (in Normal mode):

First of all, run your web browser (Internet Explorer, Firefox, Chrome or any other). The virus will block it, but just keep trying to launch it and eventually it's going to let you.

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entries in the scan results:
O4 - HKCU\..\Run: [exe.exe] %Temp%\exe.exe
O4 - HKCU\..\Run: [254586] %Temp%\[254586].exe

The process name will be different in your case [SET OF RANDOM NUMBERS].exe, located in:
C:\Documents and Settings\[User Name]\Local Settings\Temp\ for Windows XP
C:\Users\[User Name]\AppData\Local\Temp\ for Windows Vista & 7
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

OR you may download Process Explorer and end Antivirus Action process:
  • exe.exe
  • [SET OF RANDOM NUMBERS].exe, i.e. 254586.exe
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


System Defragmenter removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


System Defragmenter associated files and registry values:

Files:

For Windows XP users:
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]\[SET OF RANDOM NUMBERS].exe
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]\exe.exe
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\[SET OF RANDOM NUMBERS]\exe.log
  • C:\Documents and Settings\[User Name]\Local Settings\Temp\maindll.dll
  • C:\Documents and Settings\[User Name]\Desktop\System Defragmenter.lnk
  • C:\Documents and Settings\[User Name]\Start Menu\Programs\System Defragmenter
  • C:\Documents and Settings\[User Name]\Start Menu\Programs\System Defragmenter\System Defragmenter.lnk
For Windows Vista & Windows 7 users:
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]\[SET OF RANDOM NUMBERS].exe
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]\exe.exe
  • C:\Users\[User Name]\AppData\Local\Temp\[SET OF RANDOM NUMBERS]\exe.log
  • C:\Users\[User Name]\AppData\Local\Temp\maindll.dll
  • C:\Users\[User Name]\Desktop\System Defragmenter.lnk
  • C:\Users\[User Name]\Start Menu\Programs\System Defragmenter
  • C:\Users\[User Name]\Start Menu\Programs\System Defragmenter\System Defragmenter.lnk
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "exe.exe"
Share the knowledge:

7 comments:

Anonymous said...

This is one seriously stubborn piece of malware... I've been scouring the net trying to remove this thing from my laptop. It's not messing with my programs, but it won't go away.

I've been cleaning up temp and registry files as suggested, but Malwarebytes isn't catching it. Luckily, the user account the malaware infected was a side account and not my administrator, but this is still seriously annoying.

So far the above instructions aren't working - any further ideas? :)

Anonymous said...

Hi. So thanks for the advice. This was not a fun way to spend my Friday night.
OK, so I downloaded SuperAntiSpyware and as far as I can tell it worked. But when I rebooted my computer after it removed the defragmenter, the icons and defragmenter did not pop up, but my screen was black and there weren't any icons. I could access the internet and everything else through the Start menu, but not through the shortcuts. Suggestions?

Admin said...

Hello, download this file: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. Restart your computer.

Anonymous said...

Hi! Thanks for your help. I did everything you suggested above and I think I got rid of the virus, but now I can't get online. I think I may have deleted good things while I was trying to get rid of the bad...any advice. When I pull up a webpage on firefox or IE it says it can't find a connection, but my wireless says I'm connected.

Thanks!

Anonymous said...

Why whoever is the person produced this virus is not in jail ?

Anonymous said...

Malwarebytes didn't remove for me.

Nishanth Thomas said...

Hi, The best way to remove that to format your system by reinstalling XP again while reinstalling error message like ntdll.dll error comes , Get a Linux live cd and restart the system and place the cd , System will load linux (because issue is due to windows error) , We can take back up of data from c drive where Xp is installed , after that format the c drive . and restart the system and remove Linux cd , then on restarting sysstem will give a message Operating system not found or operating system error, Place XP cd in the drive and then normal installation of XP will starts , install XP and enjoy,,, ( last solution I did..)