Operating Systems Affected: Windows 9x, 2000, Windows NT, XP, Vista, Windows 7
Ultra Defragger is one of the latest additions to the fake rogue programs that are common these days. The program pretends to do system optimization and hard disk defragmentation but in reality it compromises your computer to show fake system errors. If Ultra Defragger is installed in your system it will run automatically every time Windows starts up. Since it is loaded in the computer’s memory already, it is running stealthily in the background. As time goes by, it will prompt the user to do a scan on the computer. Once the fake scan completes it will give a fake exaggerated system error, memory leaks and hard disk failure reports. This is to scare and lure people into buying this rogue program.
If you encounter such bogus program don’t download and install it, but if it has already been installed in your computer don’t be scammed into buying the fake software.
Here’s how to remove Ultra Defragger:
• Disable System Restore (Windows ME and XP users only) Right click My Computer → Properties → System Restore tab → Put a checkmark on Turn off system restore on all drives → Restart Computer)
• Boot to Safe Mode (Press the F8 key before the Windows logo appears on boot up)
• Uninstall Ultra Defragger (Control Panel → Add/Remove Programs)
• Show hidden Files and Folders (Open My Computer → Tools → Folder Options → View Tab → click show hidden folders, files and drives. Uncheck hide operating systems files. Click OK)
• Delete the following infected files:
%Temp%\[RANDOM NUMBER 1].exe
%Temp%\[RANDOM NUMBER 2]
%Temp%\[RANDOM NUMBER 2].exe
%UserProfile%\Desktop\Ultra Defragger.lnk
%ProgramFiles%\Ultra Defragger\Uninstall Ultra Defragger.lnk
%ProgramFiles%\Ultra Defragger\Ultra Defragger.lnk
• Delete the following registry values: (Click Start → Run → regedit → Ok)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[RANDOM NUMBER 2]” = “%Temp%\[RANDOM NUMBER 2].exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”WarnOnZoneCrossing” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Use FormSuggest” = “yes”
HKEY_CURRENT_USER\Software\Microsoft\”BootData” = “43 00 3a 00 5c 00 44 00 4f 00 43 00 55 00 4d 00 45 00 7e 00 31 00 5c 00 56 00 49 00 52 00 55 00 53 00 4d 00 7e 00 31 00…”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\”1601″ = “1″
• Delete the following registry subkeys:
HKEY_USERS\S-1-Unknown\Software
HKEY_USERS\S-1-Unknown\SOFTWARE\Microsoft
HKEY_CURRENT_USER\Software\”12B79064-EB17-4f82-9DFE-B975BD26D1DC”‘
{Disclaimer: Registry modification is done at your own risk. Backup the registry before making any changes!}
• Restart PC