Sunday 31 October 2010

How to remove Smart Defragmenter (Uninstall Guide)

Smart Defragmenter is a rogue computer disk defragmenter and optimizer that deliberately reports fake system errors and warnings to make you think that your computer has some major problems. This fake program is a clone of System Defragmenter. While this fake program is running, it will pretend to scan your hard drives, memory and registry for problems. After the fake scan it will claim that your computer has bad hard drive sectors, RAM and registry errors. Then it will prompt you to pay for a full version of Smart Defragmenter to fix the supposedly found errors and to make you computer run faster. Well, yes, it would be great if it was true. Unfortunately, Smart Defragmenter is a scam. So, please don't trust it and most importantly - don't buy it. You should remove Smart Defragmenter from your computer either manually or using legitimate anti-malware software. Please follow the removal instructions below.



If you somehow ended up with this rogue program then you probably already know how annoying it can be. The biggest problem with Smart Defragmenter is that it blocks any executables on your computer as claims that they are corrupted. It displays a fake error message with the following text:
System Error!
Exe file is corrupted and can't be run. Hard drive scan required.
Scan Hard Drive


However, if you attempt to run a program enough times it will eventually work. What is more, Smart Defragmenter will display many fake errors and warnings from your Windows Taskbar. It will claim that your hard drive is missing. That's actually ridiculous. It can't just disappear. Then it will state that the system has been restored after a critical error and that about half of your HDD space is unreadable. Don't fall victim to this rogue program. All these problems are fake. The text of some of the alerts you may see include:
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.
Some other fake problems read:
Registry Error - Critical Error
Requested registry access is not allowed. Registry defragmentation required
Hard drive does not respond to system commands
You will probably see even more such fake alerts and computer errors while Smart Defragmenter is running on your computer. As you can see, this program is absolutely needless, so how to remove it from the system? First of all, you need to delete all files from the Windows Temp folder because the rogue program stores its files there. Then you should download free anti-malware program and scan your computer. By the way, if you have already purchased this rogue program then you should contact your credit card compnay and dispute the charges. Then please follow the Smart Defragmenter removal instructions below. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe online!


Smart Defragmenter removal instructions using HijackThis or Process Explorer (in Normal mode):

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entries in the scan results:
O4 - HKCU\..\Run: [winsp2up.exe] %Temp%\winsp2up.exe
O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] %Temp%\[SET OF RANDOM CHARACTERS].exe


%Temp% refers to the Windows Temp folder. By default, this is:
C:\Documents and Settings\[User Name]\Local Settings\Temp for Windows 2000/XP,
C:\Users\[User Name]\AppData\Local\Temp for Windows Vista and Windows 7.
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

OR you may download Process Explorer and end Smart Defragmenter process(es):
  • winsp2up.exe
  • [SET OF RANDOM CHARACTERS].exe 
3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Smart Defragmenter removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Smart Defragmenter associated files and registry values:

Files:
  • %UserProfile%\Start Menu\Programs\Smart Defragmenter
  • %UserProfile%\Desktop\Smart Defragmenter.lnk
  • %Temp%\[SET OF RANDOM CHARACTERS]
  • %Temp%\[SET OF RANDOM CHARACTERS].bmp
  • %Temp%\[SET OF RANDOM CHARACTERS].exe
  • %Temp%\winsp2up.exe
  • %Temp%\winsp2upd.dll
%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "winsp2up.exe"
Share this information with other people:

No comments:

Post a Comment