print version

System Defragmenter

For Information and Removal of System Defragmenter

10^th November 2010

Defragging Won't Remove System Defragmenter

There is not a single computer user who does not need the protection that a good antivirus program can offer.  Many of us use our systems for work, school, and communication, but even if you only use yours to check your email, you know that security is a top priority if you want to keep your computer running efficiently and reliably.  The creators of rogue antivirus programs know this too, and they use our need for protection to further their own goal.  Rogues like System Defragmenter promise security that they cannot deliver.

What is System Defragmenter?

Rogue antivirus programs have one purpose: to convince computer users that they need their software.  To do this, they build an elaborate ad campaign featuring pop-up ads and false security warnings.  Combined with slowed computer performance and other changes in your system, this creates the illusion that there are severe risks that need to be resolved.  System Defragmentation is a typical rogue antivirus program and relies on the same techniques.  In a way, this is a positive: if we can recognize one rogue, we can recognize virtually all of them.

What Will You Notice?

After it enters your computer, System Defragmenter lies dormant for a period of time during which it stealthily modifies your security settings.  It is then able to come out of hibernation, and you will notice changes in your system's performance.

• Slow boot up and operation. Because the rogue antivirus program is able to launch itself each time you boot up your computer and remain in the background, your legitimate programs have to compete for fewer resources. Even simple tasks, like switching between browser windows, will take longer.
• Blocked programs. You may have problems opening legitimate programs. This again is part of the campaign to convince you of security threats. You may also receive warnings that these legitimate programs are corrupt, which, you can be assured, they are not.
• Changed icons. It is common to see unfamiliar icons on your taskbar and/or desktop. If you click on these, a warning message will appear. A typical one reads, "Critical Error: RAM memory usage is critically high. RAM memory failure." The solution, the ad tells you, is to purchase the full protection of its licensed software.
• Pop-ups. These are certainly the most annoying of the changes that rogue antivirus programs cause. One form is the short warning message. These may appear as follows:
• § Ram Temperature is 83 C. Optimization is required for normal operation.
• § Data Safety Problem. Safety integrity is at risk.
• § Requested registry access is not allowed. Registry defragmentation required.

Pop-ups can also appear as scan results.  A typical one mimics security warnings issued by legitimate programs.  You will see the "System Defragmenter" name at the top left corner, accompanied by the message that you are running the "Unregistered Limited Edition."  The ad will present itself as a "PC Performance & Stability analysis report" and list several of the "errors" it has found in your system, such as:

• § Drive C initializing error
• § Hard drive doesn't respond to system commands - Critical Error

You are urged to "Run Defragmentation."  If you click on that option, you will be directed a malicious site and urged to purchase the fully licensed edition.

Mode of Transmission

Rogue antivirus programs are passengers that get a ride into your system on a Trojan.  It can be difficult to pinpoint where you encountered a Trojan because they affect a wide range of websites.  Formerly, they tended to affect sites with gaming, adult, peer-to-peer, and pirated content, but that is not the case today.  It is very common for results for trending topics to include malicious sites.  When users click on the sites looking for news on the most current events, it can allow the Trojan to enter and deposit the "free" or "unregistered' version of the rogue program.  Other sites that tend to be vulnerable include sites with freeware and social networks. 

Many users are persuaded by frequent pop-ups to purchase System Defragmenter and install it directly onto their computers.  The only difference between the free and paid versions is the cost.  The paid edition does no more to protect your computer than its free counterpart, and it may install additional malware.

Removing System Defragmenter

When we are faced with security risks in our systems, we typically react in one of the following ways:

• Running your antivirus security program. This is not effective because rogue antivirus programs are not classified as viruses. They are not included in your security program's definitions file and so will be undetected. They can also modify your security settings to remain hidden.
• Using the Uninstall option to delete the program. Rogue programs are designed to evade typical removal efforts and are adept at burying themselves in your system registry. Uninstalling an unfamiliar program may remove surface traces, but it is likely that you still have key files and registry values that will allow the rogue to re-launch.

A variety of reputable and reliable security programs exist to remove System Defragmenter and other rogue programs.  Malwarebytes Anti-Malware (Malwarebytes has free malware removal) and PC Tools' Spyware Doctor are two such programs that can effectively - and quickly - remove rogues without damaging your legitimate programs.  Running this will remove all traces of the rogue program.  After, it is a good idea to update your security definitions and run a scan to ensure your computer is as clean as possible.

You can also remove System Defragmenter manually, though it must be cautioned that this can be tricky.  If you do not have a great deal of technical experience, the long list of files and registry keys that need to be eliminated can seem daunting.  They can begin to blur together, making it very easy to miss one or to delete a necessary file inadvertently.  If you have trouble with this procedure, please contact us.  We can give you tips such as using the Windows Explorer Tools menu to show hidden programs.  After you delete the necessary files, you can revert to the original settings.  If you are not sure about any of the following instructions, feel free to check with us first. 

Stop Processes:

Temp%[random characters].exe

winsp2up.exe

winsp1up.exe

%Temp%\exe.exe

%Documents and Settings%\[UserName]\Local Settings\Start Menu\Programs\System Defragmenter.exe

Disable DLL:

%Temp%\maindll.dll

Delete Registry Values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[random characters]"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winsp2up.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "exe.exe"

Delete Files:

%Temp%\[random characters]

%Temp%\[random characters].exe

%Temp%\exe.exe

%Temp%\exe.log

%Temp%\maindll.dll

%Temp%\winsp2up.exe

%Temp%\winsp1up.exe

%UserProfile%\Desktop\System Defragmenter.lnk

%UserProfile%\Start Menu\Programs\System Defragmenter

%UserProfile%\Start Menu\Programs\System Defragmenter\System Defragmenter.lnk

%Temp%\[random characters].log

Removing System Defragmenter Automatically/Safely

For free automatic removal we recommend using Malwarebytes Anti-Malware. This program is widely recommended by reputable third-party sites, so you can be reasonably confident of its ability to safely get rid of System Defragmenter and any hidden Trojans. As a precaution we recommend double checking your system with Spyware Doctor. This program requires paid registration to enable deletions, however it has a money back guaranteed and is the top of the line in malware removal. It should catch malware that evades Malwarebytes and block anything that tries to reinstal itself.

Remove System Defragmenter Now:

1. Download and install Malwarebytes Anti-Malware and Spyware Doctor  
2. Run Reimage PC Repair Online to check for malware damage and repair if required.
3. Run a scan with Malwarebytes Anti-Malware.
4. Remove all the detected infections (free).
5. Run a scan with Spyware Doctor
6. Remove any remaining infections
7. Reboot and rescan with Spyware Doctor. Your computer should now be clean.

Important note: If Malwarebytes is blocked by malware then run Chameleon (Start Menu → All Programs → MalwareBytes' Anti-Malware → Tools → Malwarebytes' Anti-Malware Chameleon). If you need further help removing System Defragmenter please email us at info@removeadware.com.au or call for personal assistance on toll-free number 888-655-3453, within the USA and Canada.

 to top