Archive for November, 2010

What is Win Defrag, How to remove Win Defrag

Tuesday, November 30th, 2010

Win Defrag is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Win Defrag associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win Defrag.lnk
%UserProfile%\Start Menu\Programs\Win Defrag
%UserProfile%\Start Menu\Programs\Win Defrag\Win Defrag.lnk
%UserProfile%\Start Menu\Programs\Win Defrag\Uninstall Win Defrag.lnk

Win Defrag associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win Defrag:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win Defrag is a fake computer defragmenter and optimization program. When the rogue is installed, it reports false information and displays fake alerts on the computer. The program will simulate a system scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, Win Defrag will block all Windows applications from running. The rogue will prompt you to buy its full version to fix these system errors. Most important, do not purchase this fake program! If your computer is infected with WinDefrag then follow the removal guide below to remove Win Defrag from your computer for free using legitimate free antimalware software.

How to remove: use the Win Defrag removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is WinHDD, How to remove Win HDD

Saturday, November 27th, 2010

Win HDD is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Win HDD associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Win HDD.lnk
%UserProfile%\Start Menu\Programs\Win HDD
%UserProfile%\Start Menu\Programs\Win HDD\Win HDD.lnk
%UserProfile%\Start Menu\Programs\Win HDD\Uninstall Win HDD.lnk

Win HDD associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Win HDD:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Win HDD is a fake computer defragmenter and diagnostics program. Once installed, it reports false information and displays fake alerts on the computer. The rogue program will simulate a system scan and state that your computer has some serious problems such critical errors in Windows registry, hard drive is missing or unreadable. Moreover, Win HDD will block all Windows applications from running. The rogue will prompt you to buy its full version to fix these system errors. Most important, do not purchase this fake program! If your computer is infected with WinHDD then follow the removal guide below to remove Win HDD from your computer for free using legitimate free antimalware software.

How to remove: use the Win HDD removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download OTM by OldTimer from here and save to your desktop. Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):

:Commands
[emptytemp]
[Reboot]

Click the red Moveit! button. If you are asked to reboot the machine choose Yes. When the tool is finished, it will produce a report for you.

3. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is HDD Control, How to remove HDD Control

Thursday, November 25th, 2010

HDD Control is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Control associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Control.lnk
%UserProfile%\Start Menu\Programs\HDD Control
%UserProfile%\Start Menu\Programs\HDD Control\HDD Control.lnk
%UserProfile%\Start Menu\Programs\HDD Control\Uninstall HDD Control.lnk

HDD Control associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Control:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Control is a fake computer defragmenter and optimization application that uses false scan results and fake alerts in order to trick you into purchasing its paid version.

How to remove: use the HDD Control removal instructions.

What is vz.exe, How to remove vz.exe

Monday, November 22nd, 2010

vz.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: vz
Filename: vz.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\vz.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\vz.exe
Startup Type: File associations
Description: main executable file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these vz.exe removal instructions.

What is pw.exe, How to remove pw.exe

Thursday, November 18th, 2010

pw.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: pw
Filename: pw.exe
Registry key:

HKEY_CURRENT_USER\Software\Classes\.exe
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command | IsolatedCommand = “”%1″ %*”
HKEY_CURRENT_USER\Software\Classes\.exe | @ = “pezfile”
HKEY_CURRENT_USER\Software\Classes\.exe | Content Type = “application/x-msdownload”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | @ = “”%AppData%\pw.exe” /START “%1″ %*”
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command | IsolatedCommand = “”%1″ %*”

Command: %Appdata%\pw.exe
Startup Type: File associations
Description: main file of XP Antispyware 2011, Vista Antispyware 2011, Win 7 Antispyware 2011, XP Security 2011, Vista Security 2011, Win 7 Security 2011, XP Internet Security 2011, Vista Internet Security 2011, Win 7 Internet Security 2011, XP Antimalware 2011, Vista Antimalware 2011, Win 7 Antimalware 2011, XP Guard Vista Guard, Win 7 Guard. All programs are rogue antispyware.

How to remove: use these pw.exe removal instructions.

What is Ultra Defragger, How to remove Ultra Defragger

Sunday, November 14th, 2010

Ultra Defragger is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Ultra Defragger associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Ultra Defragger.lnk
%UserProfile%\Start Menu\Programs\Ultra Defragger
%UserProfile%\Start Menu\Programs\Ultra Defragger\Ultra Defragger.lnk
%UserProfile%\Start Menu\Programs\Ultra Defragger\Uninstall Ultra Defragger.lnk

Ultra Defragger associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Ultra Defragger:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Ultra Defragger is a fake computer defragmenter and optimization application that uses false scan results and fake alerts in order to trick you into purchasing its paid version.

How to remove: use the Ultra Defragger removal instructions.

What is Quick Defragmenter, How to remove Quick Defragmenter

Thursday, November 11th, 2010

Quick Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Quick Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\Quick Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Quick Defragmenter\Quick Defragmenter.lnk
%UserProfile%\Start Menu\Programs\Quick Defragmenter\Uninstall Quick Defragmenter.lnk

Quick Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows Quick Defragmenter:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: Quick Defragmenter is a fake computer defragmenter and optimization application that uses false scan results and fake alerts in order to trick you into purchasing its paid version.

How to remove: use the Quick Defragmenter removal instructions.

What is Security_Inspector_2010.exe, How to remove Security_Inspector_2010.exe

Tuesday, November 9th, 2010

Security_Inspector_2010.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: Security_Inspector_2010
Filename: Security_Inspector_2010.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Security Inspector 2010

Command: %AppData%\Security Inspector 2010\Security_Inspector_2010.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

DDS Line:

uRun: [Security Inspector 2010] C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Combofix/RSIT Line:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Security Inspector 2010″=C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe

Description: core component of Security Inspector 2010 (rogue antispyware program)

How to remove: use the Security Inspector 2010 removal instructions or the steps below.

1. Reboot your computer in Safe mode with networking.

2. Download HijackThis from here and save it to your desktop. Before saving, in the Save dialog, rename HijackThis.exe to explorer.exe !!!

3. Run HijackThis. Main menu opens. Click to “Do a system scan only” button. After HijackThis completes the system scan, check the box to the left of the following items:

O4 – HKCU\..\Run: [Security Inspector 2010] “C:\Documents and Settings\username\Application Data\Security Inspector 2010\Security_Inspector_2010.exe” /STARTUP

Please be very careful, do NOT check any other boxes! Next, click on Fix checked on the bottom left side of the HijackThis screen. Close HijackThis.

4. Download Malwarebytes Anti-malware. Install, perform a scan and let it remove what it found. Reboot afterwards (important).

What is HDD Defragmenter. How to remove HDD Defragmenter

Tuesday, November 2nd, 2010

HDD Defragmenter is a harmful program.

remove It is a malicious program, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

HDD Defragmenter associated files and folders:

%Temp%\{RANDOM}.exe
%Temp%\{RANDOM}
%Temp%\{RANDOM}.dat
%UserProfile%\Desktop\HDD Defragmenter.lnk
%UserProfile%\Start Menu\Programs\HDD Defragmenter\HDD Defragmenter.lnk
%UserProfile%\Start Menu\Programs\HDD Defragmenter\Uninstall HDD Defragmenter.lnk

HDD Defragmenter associated registry keys and values:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | {RANDOM}

Core filename: {RANDOM}.exe
Command: %Temp%\{RANDOM}.exe
HijackThis shows HDD Defragmenter:

O4 – HKCU\..\Run: [{RANDOM}] %Temp%\{RANDOM}.exe

Description: HDD Defragmenter is a fake computer defragmenter and optimization tool that uses misleading tactic in order to trick you into purchasing its paid version.

How to remove: use the HDD Defragmenter removal instructions.