Sunday, October 31, 2010

Fixing the ******* Smart Defragmenter Virus

My system was hacked by the Smart Defragmenter virus sometime during the early evening of 10/29/10. I'm not sure how that happened, but here's how to save yourself a lot of hassle if a program called Smart Defragmenter suddenly shows up on your PC.

I started getting disk error and RAM messages from Smart Defragmenter. As I'd been doing a lot of graphic work, and file transfer that day, I thought all I needed to do was to reboot.

After rebooting, I got the same error messages again. I'd never seen Smart Defragmenter before, but thought maybe it was a Dell or Microsoft product that was added during an update.

So I stupidly ran Smart Defragmenter. It said it had fixed 5 problems, but to fix another 5 problems, which would, of course, cost me money,

This looked like a virus, so I ran my free version of AVG.

My laptop crashed.

Rebooted. Did some quick searches on "Smart Defragmenter," on late 10/29, but except for one comment by one guy, people made it sound like it was a real program.

My husband, who is more technical than I am, thought I was having a disk failure. Since I was away on Saturday, he said he'd get a better external backup drive and back-up my laptop before the disk failed completely.

When I got back Saturday night, he said he'd bought the new external drive, but my laptop kept failing during the backup.

This morning, I logged in again and still got disk failure and ram messages. I foolishly decided to pay for the "Smart Defragmenter" update. Huge mistake. I ran the program and still had the same error messages.

I called my credit card company to dispute the bill. While the invoice for "Smart Defragmenter" claims the name of its company is: SecurityLabSoftware, LLC (SLS, LLC), Professional Circle, Suite 110, CA 10345, clearly that's a bogus address. The phone number isn't findable associated with a company online (877-282-0139 begin_of_the_skype_highlighting              877-282-0139      end_of_the_skype_highlighting). My credit card company says they'll note my dispute of the bill but I'll have to call again when it's posted in two days. The credit card company says the name they have for the company was "" which is a non-existent URL and their phone number is 888-490-4755 which appears to be a non-existent phone number.

To make a long story short, let me tell you what to look for to dump Smart Defragmenter from your system, without having to pay for some other program.

The problem executable is "winsp2up.exe."

On my system, Windows 7 Professional, this file was in [User]>AppData>Local>Temp
You have to do a Control-Alt-Delete and stop this process. Once you stop this process,
you can go to your temp directory and delete the file.

Another problem file in the same location is 48262185 (I think that had an exe too). This file was installed at the same time as winsp2up.exe, so I deleted that as well.

After rebooting, everything seems to be OK. I'd like to know how I got this virus, but now I know that AVG freeware is unreliable, I'll be installing a much more robust security system and I'll be changing all my passwords.


mommy2djsl said...

Hello! This just happened to me last week and, since I am not computer literate at all, I was wondering if I need to worry about these people accessing my passwords that are on my computer? Any insight you have would be great! I'm really freaking out about this!

Laurie Mann said...

I'm not an expert, but just be careful about the sites you access for eCommerce. I also monitor my bank and credit card statements carefully and haven't seen any evidence of bad charges.