System Defragmenter removal

Welcome to the removal guide for System Defragmenter. This is to be considered a self-help guide, and the Security Team at this site does not assume responsibility for direct, indirect, or consequential damage to your computer as a result of doing the step-by-step guide below.

System Defragmenter is a new rogue disk defragmenter program. This program is installed on your computer, usually by Trojans.

Once the program is installed, it will begin hijacking your computer and make it uneasy to use. It pretends to be a computer repair and defrag program, and will begin scanning your computer and report fake errors. It will ask you to purchase the program to be able to fix those errors and use the defragmenter.

Upon each launch of a normal program, it will terminate the program and display an alert that the EXE file is corrupt.

Normal uninstall is usually not possible with rogue antivirus software, which is why these instructions must be particularly followed.


System Defragmenter screenshot


List of files associated with this rogue:

%UserProfile%\Desktop\System Defragmenter.lnk
%UserProfile%\Start Menu\Programs\System Defragmenter
%Temp%\exe.exe
%Temp%\exe.log
%Temp%\maindll.dll

This rogue plants many random files in several temporary directories in Windows. To quickly and safely delete the files associated with the rogue, follow the removal instructions below for best results.

Note: %temp% refers to the following locations, based on your version of Windows:

Windows XP: C:\Documents and Settings\\Local Settings\Temp

Vista/7: C:\Users\\AppData\Local\Temp

%UserProfile% refers to the following locations, based on your version of Windows:

Windows XP: C:\Documents and Settings\{USER}\

Vista/7: C:\Users\{USER}\

To be able to see some of the folders, you need to enable windows to Show all Files and Folders
Instructions for your Operating System here

List of Registry entries associated with this rogue:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"exe.exe"

List of HijackThis entries associated with this rogue:

O4 - HKCU\..\Run: [exe.exe] %Temp%\exe.exe
O4 - HKCU\..\Run: [] %Temp%\.exe

How to remove this rogue


STEP 1 - RKill by Lawrence Abrams of Bleeping Computer

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
  
• Double click the RKill desktop icon.
  
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  
• After it has run successfully, delete RKill.
  

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot the computer.

Also, a popup may appear when you run RKill. RKill may shut down. Just ignore the popup and run RKill as many times as it takes to get the rogue to disappear from view.

STEP 2 - Clean rogue files

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
  

STEP 3 - Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware from Download.CNET.com.
Alternate link: BleepingComputer.com.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  

STEP 4 - Infection gone?

Check to see if the infection is gone.

If the infection is not gone, then please do the following:

• Read and follow the steps in this topic.
  
• Then, post a new topic containing those logs in this section.
  

If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

WoW now they have got rogue disk defragmenter programs. There trying to hard lol

Been out for quite a few years. Rogue system optimization programs.

Really wow i havent seen a lot of them. I mean Regcure is not a full rogue but there not a common as antivirus rogues.