Memory Optimizer is a fake computer optimization software. The program blocks Windows legitimate applications, hijacks Internet Explorer, displays false information that the computer’s memory or hard drive is corrupt in order to trick you into thinking your computer has a lot of serious problems. The misleading program will state that all you have to do in order to fix these problems and errors is purchase its full version. Important to known, MemoryOptimizer is unable to detect and fix any problems, so do not pay for the bogus software, simply ignore all that it will display you.
Memory Optimizer from same family of malware as Good Memory, Memory Fixer, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, cyber criminals may also distribute MemoryOptimizer via Twitter, My Space, Facebook and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC. Remember that the rogue is a highly dangerous application and you need remove Memory Optimizer as soon as possible!
Like other fake computer optimization programs, it will simulate a system scan and “detect” numerous critical errors, e.g. “Drive C initializing error”, “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. Next, the rogue will ask you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. Thus, you can safety ignore the false scan results.
Memory Optimizer will block all Windows legitimate applications from running. Important to note, if you attempt to run a program enough times it will eventually work. The following warning will be shown when you attempt to run a program:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application
Moreover, this malware will display various fake alerts. The text of some of the alerts are:
System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.
Windows – No Disk
Exception Processing Message 0×0000013
Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.
Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!
As you can see, all MemoryOptimizer does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Memory Optimizer and any associated malware from your computer for free.
Automated Removal Instructions for Memory Optimizer
Step 1. Reboot your computer in Safe mode with networking
Restart your computer.
After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.
Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.
Windows Advanced Options menu
When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.
Step 2. Stop Memory Optimizer from running
Download HijackThis from here. Run HijackThis and click Scan button to perform a system scan. Place a checkmark against each of lines:
O4 – HKCU\..\Run: [{RANDOM}.exe] {PATH}\Temp\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe
Example:
O4 – HKCU\..\Run: [CvdCEPoYRb.exe] C:\Users\User\AppData\Local\Temp\CvdCEPoYRb.exe
O4 – HKCU\..\Run: [2040368] C:\Users\User\AppData\Local\Temp\2040368.exe
Note: list of infected items may be different. Template of the malicious entries:
Variant 1: [{random string}] {PATH}\Temp\{random string}.exe;
Variant 2: [{set of random numbers}] {PATH}\Temp\{set of random numbers}.exe;
If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 3. Clean temp folder
MemoryOptimizer stores its files in Windows temp foder. You need to clean it.
Please download ATF Cleaner by Atribune from here, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program. Under Main choose: Select All and click the Empty Selected button.
Step 4. Remove Memory Optimizer associated malware
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Memory Optimizer infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Memory Optimizer. MalwareBytes Anti-malware will now remove all of associated MemoryOptimizer files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Memory Optimizer removal notes
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Memory Optimizer creates the following files and folders
%UserProfile%\Desktop\Memory Optimizer.lnk
%UserProfile%\Start Menu\Programs\Memory Optimizer\Memory Optimizer.lnk
%UserProfile%\Start Menu\Programs\Memory Optimizer\Uninstall Memory Optimizer.lnk
%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
Memory Optimizer creates the following registry keys and values
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}
One issue I ran into, was not being able to login to safe mode. Maybe that was hi-jacked as well. Fortunately on a previous run, I had installed Malware.
This memory optimizer will not start up immediately, so you have time to start one program, before it loads and prevents you from starting any application.
I was just hit by this this morning… I did find out a way to get around it to a great extent.
First you must do cntrol alt delete at startup and then look for the process taking up 90 percent or so of your cpu (will be likely be in your wirless device driver) as soon as it shuts down go and stop all your wireless drivers and all application processes running.
Then do a search for all .ini and .exe files modified within the time period of infection and remove them. This will allow you to regain some control of your computer, enough to get to the internet and download something to get rid of it.
This is a nasty lil bugger but they have a lot of weaknesses in it.
Followed all the steps exactly…..the Memory Optimizer is still showing an icon on my desktop, and it is still in my programs. I deleted the icon and emptied the recycle bin. On reboot, the icon comes back, and the “memory optimizer” fake scan starts in again. HELP!!
There are now a number of different versions of this around.
The last couple I have struck might not use the temp folder at all but put their executables in C:\programme data\
The protein doesn’t seem to block the use of MS Config which you can use without even going into safe mode.
Just deselect any suspicious HKCU start up keys and select selective startup option.
Reboot
Then go into program data and delete any executables and dlls which have had a golden which matches the date and time that the trouble started.
Tidy your temp as well I used ccleaner.
I ran hijackthis after I did all these measures and it didn’t find anything.
Just to be on the safe side I ran a couple of online scans and nothing else was found either.
Computer seems to be booting no problems so it looks like as all fixed but again there was nothing in my temp folders.
Sorry about the typos above
Protein = virus
Golden = date
Martha, begin a new topic in our Spyware removal forum. I will help you to remove the rogue.