Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, December 1, 2010

How to remove Win Defragmenter (Uninstall Guide)

Tell your friends:
Win Defragmenter is a rogue disk defragmentation and computer optimization program from the same family as Win Defrag, Win HDD and HDD Defragmenter. The rogue program displays fake warnings and pop-ups saying that you have 11 critical errors on your computer. It reports the same problems and issues on every infected computer. That's a first clear sign that Win Defragmenter is not legitimate program.



WinDefragmenter will prompt you to run its disk defragmenter in order to fix the supposedly found Windows registry, RAM and hard drive disk errors. Win Defragmenter will make your Desktop background black as you were in safe mode and pretend to fix the errors. Eventually it will pretend to fix some errors but then will state that there are several errors that it can not fix until you purchase the program. Please do not fall victim to this rogue program. You will simply lose your money and give your credit card details to scammers if you choose to purchase this useless program. Instead, please follow the removal instructions below to remove Win Defragmenter from your computer for free using legitimate anti-malware software.

Probably the most annoying aspect of this infection is that Win Defragmenter blocks nearly all programs on your computer. It will state that a hard drive error occurred while starting the application. The fake error message reads:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.
However, if you attempt to run a program enough times it will eventually work. As a typical scareware, it will display fake errors messages and notifications from Windows taskbar. Win Defragmenter may even state that your hard drive is missing. The text of some of the fake warnings you may see:
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Critical Error
Windows can't find hard disk space. Hard drive error
Probably the easiest way to remove Win Defragmenter is to do System Restore in SAFE MODE. Unfortunately, you may not have that choice. The rogue program files are located in %Temp% folder which refers to C:\Documents and Settings\[UserName]\Local Settings\Temp if you are using Windows XP and C:\Users\[UserName]\AppData\Local\Temp if you are using Windows Vista or Windows Seven. The process name of Win Defragmenter is [SET OF RANDOM NUMBERS].exe, e.g. 7237835.exe. So, basically you need to delete all files from %Temp% folder. Of course, you need to stop the process first using Task Manager. Please follow step by step Win Defragmenter removal instructions below.

Last, but not least, you should contact your credit card company and dispute the charges if you have purchased this rogue program. Also, if you have any questions or additional information about Win Defragmenter, please leave a comment. Good luck and be safe online!


Win Defragmenter removal instructions:

1. Open Task Manager (Ctrl+Alt+Delete).
2. Click on the Processes tab.
3. Click to highlight [SET OF RANDOM NUMBERS].exe, e.g. 7237835.exe and click End Task. If it asks you "Are you sure you want to terminate the process?" click yes. This will stop Win Defragmenter.
4. Click to highlight explorer.exe and end it too. Then click the File -> "New Task (Run...)" from the menu on the bottom right. Type in explorer.exe and click OK.
5. Open directory:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)
Delete all files from this directory.
NOTE: Local Settings folder is hidden by default so you will have to change folder options to see hidden files.

6. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Alternate Win Defragmenter removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Win Defragmenter associated files and registry values:

Files:
  • %Temp%\[SET OF RANDOM NUMBERS]
  • %Temp%\[SET OF RANDOM NUMBERS].exe
  • %Temp%\dfrg
  • %Temp%\dfrgr
  • %Temp%\[SET OF RANDOM CHARACTERS].dll
  • %UserProfile%\GDIPFONTCACHEV1.DAT
  • %UserProfile%\Desktop\Win Defragmenter.lnk
  • %UserProfile%\Start Menu\Programs\Win Defragmenter\
  • %UserProfile%\Start Menu\Programs\Win Defragmenter\Win Defragmenter.lnk
  • %UserProfile%\Start Menu\Programs\Win Defragmenter\Uninstall Win Defragmenter.lnk
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\USE FORMSUGGEST = Yes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\WARNONZONECROSSING = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Internet Settings\Zones\3\1601 = 0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[SET OF RANDOM NUMBERS] = %TEMP%\[SET OF RANDOM NUMBERS].exe
Share this information with other people:

6 comments:

Remi Girard said...

this worked perfectly. I would simply add a third way to solve this matter by removing all files from safe mode with command prompt

Anonymous said...

Thank you very much, you rock

Anonymous said...

Ok, so performed the first 5 steps from removal. Got to the appdata\local\temp and deleted the files. Most deleted, but it seems the problem files will not delete. A box comes up saying "destination Folder access denied" Within that box is tells me I need permission to perform this action. Gives me option to "try again" or "cancel". I've clicked "try again" many times to no avail. Any insight? I'm an unsophisticated user. Thanks. Also, my virus says "HDD Scan" rather than "Win Defragmenter", but it looks the same. Maybe an updated version?

Admin said...

Restart your computer is safe mode and do system restore. This should help you. Good luck!

Anonymous said...

THANK YOU SOOO MUCH. I THINK IT WORKED!
Thanks so much for this!

Anonymous said...

Thanks SO much! I had remove the "set of random numbers" several times because the Win Defragmenter seemed to relaunch itself. Then I had to keep ending processes in Task Manager that matched files in the TEMP folder. I couldn't delete the TEMP folder files initially because it said they were being used elsewhere. But, when I ended the process in the TASK MANAGER, I could go back and delete the TEMP file. This seemed to work! Thank you, thank you, thank you! You do rock! =)