Jump to content

Recommended Posts

  • Staff
What is My Defragmenter?

The Malwarebytes research team has determined that My Defragmenter is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with My Defragmenter?

This is how the main screen of the sytem optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see these warnings during install:

warning1.png

warning2.png

and these screens during "operations":

warning5.png

warning7.png

warning8.png

You may see this entry in your list of installed programs:

warning4.png

How did My Defragmenter get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their site.

How do I remove My Defragmenter?

Our program Malwarebytes can detect and remove this potentially unwanted application.
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of My Defragmenter?
  • No, Malwarebytes removes My Defragmenter completely.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the My Defragmenter installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

 

protection1.png


Technical details for experts

You may see these entries in FRST logs:

 
 (ConsumerSoft) C:\Program Files (x86)\ConsumerSoft\My Defragmenter\Defrag.exe
 HKCU\...\Run: [MyDefragReminder] => C:\Program Files (x86)\ConsumerSoft\My Defragmenter\DefragReminder.exe [918440 2012-07-06] (ConsumerSoft)
 C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Defragmenter
 C:\Program Files (x86)\ConsumerSoft

My Defragmenter (HKLM-x32\...\{91566393-AD20-4B92-A81B-B17F31527DD4}) (Version: 1.0 - ConsumerSoft)
Alterations made by the installer:
 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\ConsumerSoft\My Defragmenter
       Adds the file config"="6/23/2017 11:21 AM, 16 bytes, A
       Adds the file Defrag.exe"="7/6/2012 11:46 PM, 2196904 bytes, A
       Adds the file DefragReminder.exe"="7/6/2012 11:47 PM, 918440 bytes, A
       Adds the file drconfig"="6/23/2017 11:21 AM, 2 bytes, A
       Adds the file eula.txt"="10/14/2011 6:33 AM, 34178 bytes, A
       Adds the file INSTALL.LOG"="6/23/2017 11:19 AM, 1402 bytes, A
       Adds the file install.sss"="6/23/2017 11:19 AM, 1110 bytes, A
       Adds the file MyPhoneSupport.exe"="7/6/2012 11:49 PM, 914856 bytes, A
       Adds the file schd"="6/23/2017 11:19 AM, 20 bytes, A
       Adds the file udefrag.dll"="5/30/2010 8:11 AM, 8192 bytes, A
       Adds the file udefrag-kernel.dll"="5/30/2010 8:11 AM, 44032 bytes, A
       Adds the file Uninstall.exe"="6/23/2017 11:17 AM, 512897 bytes, A
       Adds the file zenwinx.dll"="5/30/2010 8:11 AM, 26624 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Defragmenter
       Adds the file My Defragmenter.lnk"="6/23/2017 11:19 AM, 1135 bytes, A
       Adds the file Uninstall My Defragmenter.lnk"="6/23/2017 11:19 AM, 1152 bytes, A
    In the existing folder C:\Users\{username}\Desktop
       Adds the file My Defragmenter.lnk"="6/23/2017 11:19 AM, 1099 bytes, A
       Adds the file My Phone Support.lnk"="6/23/2017 11:19 AM, 1141 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91566393-AD20-4B92-A81B-B17F31527DD4}]
       "(Default)"="REG_SZ", ""
       "BuildTimeStamp"="REG_SZ", "41099703141088"
       "Comments"="REG_SZ", "My Defragmenter"
       "DisplayName"="REG_SZ", "My Defragmenter"
       "DisplayVersion"="REG_SZ", "1.0"
       "InstallDate"="REG_SZ", "06/23/2017"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\ConsumerSoft\My Defragmenter"
       "InstallSource"="REG_SZ", "C:\Users\{username}\Desktop"
       "InstallSourceFile"="REG_SZ", "C:\Users\{username}\Desktop\Install My Defragmenter.exe"
       "ModifyPath"="REG_SZ", ""C:\Program Files (x86)\ConsumerSoft\My Defragmenter\Uninstall.exe" "C:\Program Files (x86)\ConsumerSoft\My Defragmenter\install.log""
       "Publisher"="REG_SZ", "ConsumerSoft"
       "Readme"="REG_SZ", "My Defragmenter"
       "SilentSettings"="REG_SZ", "C:\Program Files (x86)\ConsumerSoft\My Defragmenter\install.sss"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\ConsumerSoft\My Defragmenter\Uninstall.exe" "C:\Program Files (x86)\ConsumerSoft\My Defragmenter\install.log" -u"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "MyDefragReminder"="REG_SZ", "C:\Program Files (x86)\ConsumerSoft\My Defragmenter\DefragReminder.exe"
Malwarebytes log:
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/23/17
Scan Time: 11:36 AM
Log File: mbamMyDefragmenter.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2214
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335783
Threats Detected: 25
Threats Quarantined: 25
Time Elapsed: 1 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 1
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAG.EXE, Quarantined, [9413], [404073],1.0.2214

Module: 4
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG.DLL, Quarantined, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\ZENWINX.DLL, Quarantined, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAG.EXE, Quarantined, [9413], [404073],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG-KERNEL.DLL, Quarantined, [9413], [404066],1.0.2214

Registry Key: 1
PUP.Optional.MyDefragmenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{91566393-AD20-4B92-A81B-B17F31527DD4}, Delete-on-Reboot, [9413], [404066],1.0.2214

Registry Value: 1
PUP.Optional.MyDefragmenter, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MyDefragReminder, Delete-on-Reboot, [9413], [404066],1.0.2214

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER, Delete-on-Reboot, [9413], [404066],1.0.2214

File: 17
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG.DLL, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\ZENWINX.DLL, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAG.EXE, Delete-on-Reboot, [9413], [404073],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\UDEFRAG-KERNEL.DLL, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\PROGRAM FILES (X86)\CONSUMERSOFT\MY DEFRAGMENTER\DEFRAGREMINDER.EXE, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\USERS\{username}\DESKTOP\MY DEFRAGMENTER.LNK, Delete-on-Reboot, [9413], [404070],1.0.2214
PUP.Optional.MyPhoneSupport, C:\USERS\{username}\DESKTOP\MY PHONE SUPPORT.LNK, Delete-on-Reboot, [9416], [404069],1.0.2214
PUP.Optional.MyDefragmenter, C:\USERS\{username}\DESKTOP\INSTALL MY DEFRAGMENTER.EXE, Delete-on-Reboot, [9413], [404073],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\config, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\ddtimes.dat, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\drconfig, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\eula.txt, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\INSTALL.LOG, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\install.sss, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\MyPhoneSupport.exe, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\schd, Delete-on-Reboot, [9413], [404066],1.0.2214
PUP.Optional.MyDefragmenter, C:\Program Files (x86)\ConsumerSoft\My Defragmenter\Uninstall.exe, Delete-on-Reboot, [9413], [404066],1.0.2214

Physical Sector: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.