• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

How to remove Memory Optimizer virus

Myantispyware team January 18, 2011    

Memory Optimizer is a fake computer optimization software. The program blocks Windows legitimate applications, hijacks Internet Explorer, displays false information that the computer’s memory or hard drive is corrupt in order to trick you into thinking your computer has a lot of serious problems. The misleading program will state that all you have to do in order to fix these problems and errors is purchase its full version. Important to known, MemoryOptimizer is unable to detect and fix any problems, so do not pay for the bogus software, simply ignore all that it will display you.

Memory Optimizer from same family of malware as Good Memory, Memory Fixer, etc. It is promoted and installed itself on your computer without your permission and knowledge through the use of trojans or other malicious software as you do not even notice that. Moreover, cyber criminals may also distribute MemoryOptimizer via Twitter, My Space, Facebook and spam emails. Please be careful when opening attachments and downloading files or otherwise you can end up with a rogue program on your PC. Remember that the rogue is a highly dangerous application and you need remove Memory Optimizer as soon as possible!

Like other fake computer optimization programs, it will simulate a system scan and “detect” numerous critical errors, e.g. “Drive C initializing error”, “Read time of hard drive clusters less than 500 ms”, “32% of HDD space is unreadable”, “Bad sectors on hard drive or damaged file allocation table”, etc. Next, the rogue will ask you to pay for the fake software before it “repairs” your machine of the problems. Of course, all of these errors are a fake. Thus, you can safety ignore the false scan results.

Memory Optimizer will block all Windows legitimate applications from running. Important to note, if you attempt to run a program enough times it will eventually work. The following warning will be shown when you attempt to run a program:

Windows detected a hard drive problem.
A hard drive error occurred while starting the application

Moreover, this malware will display various fake alerts. The text of some of the alerts are:

System Restore
The system has been restored after a critical error. Data integrity and hard drive integrity verification required.

Windows – No Disk
Exception Processing Message 0×0000013

Critical Error
A critical error has occurred while indexing data stored on hard drive. System restart required.

Just like false scan results above, all of these alerts are a fake and supposed to scare you into thinking your computer is in danger. You should ignore all of them!

As you can see, all MemoryOptimizer does is fake and you should stay away from the malicious application! If your PC has been infected with the rogue, then ignore all it gives you and follow the removal instructions below in order to remove Memory Optimizer and any associated malware from your computer for free.

Automated Removal Instructions for Memory Optimizer

Step 1. Reboot your computer in Safe mode with networking

Restart your computer.

After hearing your computer beep once during startup, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when the Boot Menu appears.

Instead of Windows loading as normal, Windows Advanced Options menu appears similar to the one below.

safe-mode-how-to
Windows Advanced Options menu

When the Windows Advanced Options menu appears, select Safe mode with networking and then press ENTER.

Step 2. Stop Memory Optimizer from running

Download HijackThis from here. Run HijackThis and click Scan button to perform a system scan. Place a checkmark against each of lines:

O4 – HKCU\..\Run: [{RANDOM}.exe] {PATH}\Temp\{RANDOM}.exe
O4 – HKCU\..\Run: [{RANDOM}] {PATH}\Temp\{RANDOM}.exe

Example:

O4 – HKCU\..\Run: [CvdCEPoYRb.exe] C:\Users\User\AppData\Local\Temp\CvdCEPoYRb.exe
O4 – HKCU\..\Run: [2040368] C:\Users\User\AppData\Local\Temp\2040368.exe

Note: list of infected items may be different. Template of the malicious entries:
Variant 1: [{random string}] {PATH}\Temp\{random string}.exe;
Variant 2: [{set of random numbers}] {PATH}\Temp\{set of random numbers}.exe;
If you unsure, then check it in Google. Skip this step, if you does not find any malicious lines.

Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.

Step 3. Clean temp folder

MemoryOptimizer stores its files in Windows temp foder. You need to clean it.

Please download ATF Cleaner by Atribune from here, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program. Under Main choose: Select All and click the Empty Selected button.

Step 4. Remove Memory Optimizer associated malware

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Memory Optimizer infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Memory Optimizer remover
Malwarebytes Anti-malware, list of infected items

Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Memory Optimizer. MalwareBytes Anti-malware will now remove all of associated MemoryOptimizer files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.

Memory Optimizer removal notes

Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.

Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.

Memory Optimizer creates the following files and folders

%UserProfile%\Desktop\Memory Optimizer.lnk
%UserProfile%\Start Menu\Programs\Memory Optimizer\Memory Optimizer.lnk
%UserProfile%\Start Menu\Programs\Memory Optimizer\Uninstall Memory Optimizer.lnk
%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat

Memory Optimizer creates the following registry keys and values

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Malware Malware removal

 Previous Post

How to remove Disk Optimizer virus

Next Post 

How to remove Windows Utility Tool virus

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

6 Comments

  1. Dan
    ― January 18, 2011 - 12:02 pm  Reply

    One issue I ran into, was not being able to login to safe mode. Maybe that was hi-jacked as well. Fortunately on a previous run, I had installed Malware.

    This memory optimizer will not start up immediately, so you have time to start one program, before it loads and prevents you from starting any application.

  2. Edward
    ― January 18, 2011 - 2:29 pm  Reply

    I was just hit by this this morning… I did find out a way to get around it to a great extent.
    First you must do cntrol alt delete at startup and then look for the process taking up 90 percent or so of your cpu (will be likely be in your wirless device driver) as soon as it shuts down go and stop all your wireless drivers and all application processes running.

    Then do a search for all .ini and .exe files modified within the time period of infection and remove them. This will allow you to regain some control of your computer, enough to get to the internet and download something to get rid of it.

    This is a nasty lil bugger but they have a lot of weaknesses in it.

  3. Martha
    ― January 18, 2011 - 7:29 pm  Reply

    Followed all the steps exactly…..the Memory Optimizer is still showing an icon on my desktop, and it is still in my programs. I deleted the icon and emptied the recycle bin. On reboot, the icon comes back, and the “memory optimizer” fake scan starts in again. HELP!!

  4. sirplus
    ― January 18, 2011 - 7:46 pm  Reply

    There are now a number of different versions of this around.
    The last couple I have struck might not use the temp folder at all but put their executables in C:\programme data\

    The protein doesn’t seem to block the use of MS Config which you can use without even going into safe mode.

    Just deselect any suspicious HKCU start up keys and select selective startup option.

    Reboot
    Then go into program data and delete any executables and dlls which have had a golden which matches the date and time that the trouble started.
    Tidy your temp as well I used ccleaner.

    I ran hijackthis after I did all these measures and it didn’t find anything.
    Just to be on the safe side I ran a couple of online scans and nothing else was found either.
    Computer seems to be booting no problems so it looks like as all fixed but again there was nothing in my temp folders.

  5. sirplus
    ― January 18, 2011 - 7:48 pm  Reply

    Sorry about the typos above
    Protein = virus
    Golden = date

  6. Patrik (Myantispyware admin)
    ― January 19, 2011 - 10:16 am  Reply

    Martha, begin a new topic in our Spyware removal forum. I will help you to remove the rogue.

Leave a Reply to sirplus Cancel reply

New Guides

scam alert
Remove Searchernow.com Redirect: Chrome, Edge, Firefox
Avoid the ExLig.com Bitcoin Scam: Insights on Promo Code Frauds
scam alert
Denwex.com Review: Bitcoin Promo Codes as a Scam
scam alert
CEFOLEX.com Review: A Closer Look at the Bitcoin Promo Code Scam
The Bigexcoin.com Bitcoin Promo Code Scam: How to Stay Safe

Follow Us

Search

Useful Guides

How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)
How to reset Google Chrome settings to default
How to reset Internet Explorer settings to default

Recent Guides

How to remove Disk Optimizer virus
How to remove Good Memory virus
How to remove Fast Disk virus
How to remove Disk OK virus
How to remove My Disk virus

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.