5 Replies Latest reply on Dec 18, 2010 2:27 PM by mpau0516

    SYSTEM DEFRAGMENTER: VIRUS? OR THIEF?

      I was using my computer last week when suddenly a program starts(system defragmenter) to run that my computer is at risk of losing its document unless I will purchase it(system defragmenter). I was scared of losing my documents and essential family photos from my computer so I purchased the defragmenter for $85.50 and it says that my subscription is for life.  I called the hotline number and the person I talked with was from India. He told me about the importance of this program and me without any knowledge about computer just agreed with him. He also told me that I can re-imburse

      my payment within 30 days of purchased.

      I am trying to use the defragmenter today(Nov. 1, 2010) but the program was not in my computer anymore so I called the hotline number and requested for cancellation since its not working anymore in my computer. The man(he's name is Troy) on the other line to whom I spoke last week said that I will get my money back within 7-14 days.

      Now, my question is " what is the probability of him getting the information from my computer? Is it possible for him to steal my computer information? OR did he already stole my computer information? If he did, is there something I can do to get it back from him? What should I do to protect my information next time?

      Thank you for any Help you guys can give.

        • 1. Re: SYSTEM DEFRAGMENTER: VIRUS? OR THIEF?

          In Addition to the infomation I have provided: "I was trying to confirm the legitimacy of the website today but I cannot be connected to the website. I am afraid that the system defragmenter I had installed in my computer is a bogus.

          • 2. Re: SYSTEM DEFRAGMENTER: VIRUS? OR THIEF?

            System Defragmenter is Malware and a Scam. It scared you into thinking things are wrong with your computer when there isn't. I have no idea if you will get your money back, or if they can get info off your computer (though I dobut it, you may need to do more research by simply googling "System Defragmenter"). But you need to get it off your computer and keep it off. MalwareBytes' Anti Malware is a program that can help against Malware.

             

            If neither of those help, I strongly suggest looking for ways to get it off your computer by simply googling System Defragmenter.

             

            There are also other scams out there, like a malware called "ThinkPoint" that you should look out for. That is also a scam that will ask you to pay for a program that will fix the problems you have on your computer. Spyware Doctor got rid of this easily (Though you had to purchase the software, although, it is much cheaper then falling for the ThinkPoint Scam [$30 combared to the near $100]).

             

            Scams like this prey on fears. I suggest that if your computer is ever told something is horribly wrong with it, that you look up whatever is wrong with your computer on someone else's, and be calm about it. It will save you a lot of money doing so.

             

            I'm not really a computer expert, but I've been through this before and thought you might want to know about the extra details so that you can protect yourself if the future. I hope I helped.

             

            P.S. I noticed that scams (at least the two mentioned above) give you a "lifetime" option. If you ever see that on supposed programs that claim it will help your computer, I'd be wary and research via google or much more techgeek friends. I'm glad I had both before I spent money I didn't have. Again, I hope this helps you.

            • 3. Re: SYSTEM DEFRAGMENTER: VIRUS? OR THIEF?
              Hayton

              You're not the only one with this problem.

               

              The place you should have gone to is

              where there is an existing thread https://community.mcafee.com/message/157259#157259
              To be brief, this is a rogue program. It's Scareware. You have been persuaded to part with your money for a piece of useless software that may actually inflict harm upon your computer. So my advice is, don't run it - at all.
              Getting rid of it is apparently difficult. Read the messages in the thread, and try out the suggested fixes.
              As for getting your money back, I think that is very unlikely. Someone has gone to a great deal of trouble to get hold of your money, so I think they would prefer not to give it back. You can try, of course, and please let everyone know if you are successful. The others would like to know how you managed it.

               

               

              Message was edited by: Hayton on 02/11/10 00:49:30 GMT
              • 4. Re: SYSTEM DEFRAGMENTER: VIRUS? OR THIEF?
                zano120

                Not only does this program take your money, but more than likely gave them your credit/debit card information as well. I would recommend alerting your bank or credit card company of this charge and ask them to issue you a new card and make changes to any information that may have been given away. I'm currently trying to get this program off of a computer at my workplace. So far in my research it looks like malwarebytes will take care of the issue but you need to make sure you download the updates for the program first. Scanning the computer while in safe mode will probably yield the best result. (this link will provide you instructions on starting in safe mode if you are unfamiliar with the process   -  http://support.microsoft.com/kb/315222)  Hope this helps

                 

                Zano

                • 5. Re: SYSTEM DEFRAGMENTER: VIRUS? OR THIEF?
                  mpau0516

                  I got rid of this by logging in as a different user.

                  Then I did a search for "hotfix.exe" and deleted it.

                  That got rid of it.

                   

                  or you can try the following instructions from Sophos:

                   

                  1. Browse to the following directory:

                  "%userprofile%\application data\"

                   

                  2. Locate the following executable(s):- Hotfix.exe and/or thinkpoint.exe

                   

                  3. Rename the executable(s) to Hotfix_1.exe and/or thinkpoint_1.exe

                   

                  4. Run the following command(s):

                   

                  MD "%userprofile%\application data\hotfix.exe"

                  MD "%userprofile%\application data\thinkpoint.exe"

                   

                  NOTE:- If command prompt is disabled, manually create two directories named

                  hotfix.exe and thinkpoint.exe in "%userprofile%\application data\"

                   

                  5. Download and run regengui:-

                  http://www.sophos.com/support/cleaners/regengui.com

                   

                  6. Check the following registry value:

                   

                  "HKEY_Current_User\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon

                  \Shell"

                  The Shell entry should not exist here (unless a bespoke shell is used) and

                  can be safely deleted.

                   

                  7. Reboot the machine

                   

                  8. You should now be able to obtain samples of the executables mentioned in

                  step 2.

                   

                  You can upload the file via the Sophos website:

                   

                  http://www.sophos.com/support/samples

                   

                  For full information on how to submit a sample and what information we

                  require please read the following Knowledgebase article:

                   

                  http://www.sophos.com/support/knowledgebase/article/11490.html

                   

                   

                  9. Delete the reference to hotfix.exe from "HKEY_Current_User\Software

                  \Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell"