Monday, November 15, 2010

How to remove Ultra Defragger (Uninstall Guide)

Ultra Defragger is a fake defragmentation tool that deliberately reports fake system and hard drive disk errors to make you think that your computer has some serious problems. Basically, it's a rip-off rogue because it prompts the user to pay for a full version of the program to fix non-existent hard drive and system memory errors. What is more, Ultra Defragger is promoted mostly through the use of infected websites, trojans and other malicious software. The scammers may even distribute it on Facebook and other social networks. If your computer is infected with this rogue program then please follow the removal instructions bellow to remove Ultra Defragger from your computer for free either manually or using legitimate anti-malware software.

A screen shot of Ultra Defragger
UltraDefragger is a very annoying piece of malware from the same family as HDD Defragmenter and Quick Defragmenter. It will hijack your computer, block nearly all programs and display fake error messages. Once installed, it will pretend your hard drives and memory for problems. Then it will display numerous errors (I bet it will find 11 errors) and ask you to pay for a full version of the program to fix the errors. By the way, if you choose to run the defragmentation then it will display a fake Safe Mode background. And when you attempt run a program it will display this error message:
Windows detected a hard drive problem.
A hard drive error occurred while starting the application.


However, it should be noted that if you attempt to run a program enough times it will eventually work. Here are some fake problems that Ultra Defragger detects on a victim's PC:
Requested registry access is not allowed. Registry defragmentation required
Read time of hard drive clusters less than 500 ms
Bad sectors on hard drive or damaged file allocation table
Drive C initializing error
Ram Temperature is 83 C. Optimization is required for normal operation.
Data Safety Problem. System integrity is at risk.
Registry Error - Critical Error
Ultra Defragger will also display fake "ballon messages" from your Windows task bar. Some of the fake alerts read:
Critical Error!
Damaged hard drive clusters detected. Private data is at risk.
Critical Error
Hard Drive not found. Missing hard drive.
Critical Error
RAM memory usage is critically high. RAM memory failure.

Critical Error
Windows can't find hard disk space. Hard drive error
As you can see, Ultra Defragger will claim that your hard drive is missing. That's actually impossible because otherwise you won't be able to use your computer at all. Without a doubt, UltraDefragger is nothing more but a scam. If you have already purchased it then you hould contact your credit card provider and dispute the charges and even cancel your credit card. Then please follow the removal instructions bellow. And finally, you should definitely scan your computer with at least two anti-malware programs, e.g. Malwarebytes' AntiMalware and Hitman pro ta make sure that you are not a part of a botnet and that Ultra Defragger and related malware were successfully removed from your computer. If you have any questions or additional information about Ultra Defragger, please leave a comment. Good luck and be safe!


Ultra Defragger removal instructions using Process Explorer (in Normal mode):

1. Download Process Explorer and end Ultra Defragmenter process:
  • [SET OF RANDOM CHARACTERS].exe
2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Ultra Defragger removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Ultra Defragger associated files and registry values:

Files:
  • %Temp%\[SET OF RANDOM CHARACTERS]
  • %Temp%\[SET OF RANDOM CHARACTERS].exe
  • %Temp%\dfrg
  • %Temp%\dfrgr
  • %Temp%\[SET OF RANDOM CHARACTERS]>.dll
  • %Temp%\tmp2.tmp
  • %UserProfile%\Desktop\Ultra Defragger.lnk
  • %UserProfile%\Start Menu\Programs\Ultra Defragger\
  • %UserProfile%\Start Menu\Programs\Ultra Defragger\Ultra Defragger.lnk
  • %UserProfile%\Start Menu\Programs\Ultra Defragger\Uninstall Ultra Defragger.lnk
%Temp% refers to:
C:\Documents and Settings\[UserName]\Local Settings\Temp (in Windows 2000/XP)
C:\Users\[UserName]\AppData\Local\Temp (in Windows Vista & Windows 7)

%UserProfile% refers to:
C:\Documents and Settings\[UserName]\ (in Windows 2000/XP)
C:\Users\[UserName]\ (in Windows Vista & Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS].exe"
Share this information with other people:

No comments:

Post a Comment