Defragmenter is a fake computer optimization and hard disk defragmenter software. The program hijacks your computer, blocks Windows legitimate applications from running, displays various fake critical errors alerts that the computer’s hard drive is corrupt in order to trick you into thinking your computer has a lot of serious problems. The fake defragmenter tool will state that all you have to do in order to fix these problems and errors is purchase the full version of the software. Important to known, the program is unable to detect and fix any problems, so do not pay for the bogus software, simply ignore all that it will display you.
Defragmenter from same family of malware as HDD Tools, Smart HDD, etc. Like other rogues, it is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, cyber criminals may also distribute this malware via social networks (Twitter, My Space, Facebook, etc) and spam emails . Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC. Remember that the rogue is a highly dangerous application and you need remove Defragmenter as soon as possible!
When the fake defragmenter tool is installed, it will perform a scan and “detect” 11 critical errors. Some of the fake errors are: “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. Next, the program will ask you to pay for the fake software before it “repairs” your machine of the problems. Important to note, the scan might look legitimate but, in reality, it is just simulated and is unable to detect any problems! Thus, don`t pay for the Defragmenter and just ignore the false scan results.
Defragmenter will prevent you from using other programs or the internet by shutting down programs every time they are opened. Instead, it will display the following fake warning:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application
Moreover, this malware will display various fake alerts. The alerts are similar to the ones listed below:
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!
As you can see, all the program does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Defragmenter and any associated malware from your computer for free.
Automated Removal Instructions for Defragmenter
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Stop Defragmenter from running
Download HijackThis from here. Run HijackThis and click Scan button to perform a system scan. Place a checkmark against each of lines:
O4 – HKCU\..\Run: [{RANDOM}.exe] {PATH}\Temp\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe
Example:
O4 – HKCU\..\Run: [CvdCEPoYRb.exe] C:\Users\User\AppData\Local\Temp\CvdCEPoYRb.exe
O4 – HKCU\..\Run: [2040368] C:\Users\User\AppData\Local\Temp\2040368.exe
Note: list of infected items may be different. Template of the malicious entries:
Variant 1: [{random string}] {PATH}\Temp\{random string}.exe;
Variant 2: [{set of random numbers}] {PATH}\Temp\{set of random numbers}.exe;
If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 3. Clean temp folder
Defragmenter stores its files in Windows temp foder. You need to clean it.
Please download ATF Cleaner by Atribune from here, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program. Under Main choose: Select All and click the Empty Selected button.
Step 4. Remove Defragmenter and associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Defragmenter infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Defragmenter. MalwareBytes Anti-malware will now remove all of associated Defragmenter files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Defragmenter removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Defragmenter creates the following files and folders
%UserProfile%\Desktop\Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Defragmenter\Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Defragmenter\Uninstall Defragmenter.lnk
%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
Defragmenter creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
Very good instructions sir. Worked perfectly.
Very good instructions.
Worked perfectly.
If you follow the steps the virs is completely gone.
Thnx voor the great service
Worked like a charm. Thanks!
I seem to have gotten rid of this thing(it’s not messing up things at the moment..no pop ups etc)..but I still see under start-all programs…it’s still listed and has an option to uninstall.
I’m not touching it until I get some suggestions. Thanks
Worked well thanks
Thank you heaps! Your tutorial is perfect. Got rid of the bastard! 🙂
Thanks for the instructions this bad thing is gone.
Outstanding instructions! Thank you! Only took about half hour to remove Sytem Tool virus!
Very impressed with the easy to follow straightforward instructions and with the direct links of the downloads placed appropriately in the steps…very good, made a very annoying problem, easy to deal with, with a nice 30 min solution
I did exactly what it said, I restarted my computer, however, I can’t access any softwares, even the wireless Internet is gone. The music files , picture file, desktop files are all gone. I am very confused. The virus is gone but I can’t use my computer because I can’t access any files… Please help me!!
OMG I follow the steps but just like Nancie all my files are gone how can i get them back is there a way to do this please HELP HELP HELP I’m about to have an anxiety attack