Rogue system optimizer: HDD Defragmenter

Question

I recently had a rogue anti-spyware application called ThinkPoint. It is a masked virus which will use security or other exploits to reach the targeted Operating System. I thought I successfully removed it with McAfee but little did I know that my machine was already hijacked by HDD Defragmenter; another rogue system optimizer that is similar to fake antiviruses and rogue registry cleaners in behavior. It claims to fix hardware problems instead of claiming to fix software problems or remove malware. It claims to scan my Hard Drive and gives me a PC Performance & Stability Analysis Report which of course has 'critical errors' (11) and recommends 'Defragmentation is required'. It has hijacked the computer. I can't go to Control Panel to remove it. Please help.

Virus: HDD Defragmenter
Computer: Dell Inspiron 1545
Software: Microsoft Windows Vista SP1 Home Premium Edition, 32 Bit

Thank you.

kevinf80_1d0ac6 · Answer

Hello Nobrun,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

user posted image

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Download user posted image

OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3

Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Under the Custom Scan box paste this in

CODE

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
Copy and paste OTL Txt and ExtrasTxt in your reply.

What i`d like in your reply :
- Log from Malwarebytes
- OTL Txt and Extras Txt
Kevin

kevinf80_1d0ac6 · Answer

Hiya Nobrun,

HDD Defragmenter is a rogue program designed to try and get money from you. Malwarebytes usually deals with it easily, You`ve done an excellent job yourself, if your scans are clean i`d say you`re good to go.

For peace of mind i`d run Malwarebytes to double check and make sure your system is clean, your choice...

Kevin

Nobrun · Answer

Hello Kevin,

Thank you very much for your response.
My computer is set up with 3 users: Administrator (me), Standard User (my daughter) and Guest. When I logged in with Administrator or Guest, the computer worked fine. It turns out only the Standard User profile was infected because HDD Defragmenter downloads into the temporary folders. I therefore deleted my daughter's Standard User profile INCLUDING all her files which got rid of HDD Defragmenter. I then created a new Standard User profile for her.

I have re-scanned the machine and also reviewed All Programs (where HDD Defragmenter was situated under Standard User). It's no longer there and the new Standard User profile is perfect. Please advise if deleting the User Profile did enough to remove the virus.

Thank you Kevin for your time. Much appreciated.

Nobrun

Virus & Spyware

Rogue system optimizer: HDD Defragmenter

Was this post helpful?