Severity scale:  
  (57/100)

CCleaner (fake). How to remove? (Uninstall guide)

removal by Lucia Danes - - | Type: Malware

Fake CCleaner is a malicious application that seeks to spam users with ads, steal information or make them install other bloatware

Fake CCleaner virus
Fake CCleaner is malware that is designed to look like original version of the program but perform malicious activities on the infected device

Questions about CCleaner (fake)

Fake CCleaner is a set of malicious programs that are designed to imitate the reputable software. Bad actors often create counterfeit versions of renowned applications that could benefit them via ad revenue, info-stealing, or other activities.  Since the original version of the app by Piriform Ltd enjoys its popularity among Internet users as a useful tool, scammers decided to use this opportunity and publish its malicious substitute. Since the title is the same, users might struggle to tell the difference. However, in case you recently installed the app and noticed some suspicious activity on your Google Chrome, Safari, Mozilla Firefox, or another browser, it is time to take care of Fake CCleaner removal.

Name Fake CCleaner
Type Malware
Activity Steals information, inserts a large amount of ads, etc.
OS affected Windows, Mac OS X, Android, iOS
Browsers affected Google Chrome, Internet Explorer, Mozilla Firefox, Safari, etc.
Symptoms Might show no symptoms, although users spotted slowdowns of the device, program crashes, increased usage of computer resources, etc.
Removal Use anti-malware software or perform manual elimination by using our instructions below
Recovery To make sure that all the malicious components are deleted and the device is running normally, scan it with Reimage

Fake CCleaner virus is usually installed via unsafe third-party websites, although they can also be bundled with freeware or shareware. Therefore, it is vital to be attentive when installing new software from the internet – find more details on how to protect yourself against Fake CCleaner attacks below.

CCleaner  malware might display little to no symptoms, although some general ones include:

  • Slowdowns of the device;
  • Application crashes;
  • Redirects, pop-up ads, and other intrusive behavior;
  • Installation of other software without consent;
  • Increased usage of computer resources, etc.

Without a doubt, users should immediately remove Fake CCleaner from their devices. Due to lack of symptoms, it might not be easy to determine whether or not Android, iOS, macOS or Windows operating system is infected. Therefore, best practice would be to employ reputable security application to check for malware and PUPs on the machine.

In case the anti-virus program detected Fake CCleaner virus, or any other infection, eliminate it immediately and then scan your device with Reimage for best results.

Fake CCleaner versions

The most notorious instance of massive infections of CCleaner v5.3 virus occurred back in March 2017, when hackers organized a massive operation that allowed them to hijack official website and distribute the malicious version of the app to more than 2.3 million users.[1] The malware was designed to harvest sensitive data from the infected users and send it to hacker-controlled Command & Control server.

Additionally, it was found that hackers managed to execute second-stage payload on 40 computers located in major companies, such as Google, Sony, HTC, Linksys, Intel, and others. Researchers believe that the malicious actors were working on the operation for a long time before they pulled it off.

IConnect CCleaner virus

Another one of Fake CCleaner variants comes from a company IConnect. The counterfeited program can be distinguished from the original version from its logo. Additionally,  when installed, this application shows false error messages encouraging you to call a specific number. Do not get deceived and do not dial that number since a scammer waits for credulous users at the other end of the line! After calling for these scammers, you can receive an enormous telephone bill.

Additionally, instead of helping you protect your system, scammers might fill your computer with additional malware instead, ask you to pay for bogus services they provided or make payment for useless subscriptions. Therefore, never trust error messages that display an alleged error message that prompts to call the tech support number.

In fact, it has been discovered that this malicious version of CCleaner is another example of ordinary Tech Support Scam,[2] where the latest its example is known as a fake Security warning. The essence of such fraud is to convince Internet users into thinking that their computers are infected with viruses and then encourage them to call a certain number. If they call it, they might get shocked after receiving an enormous bill from their telecommunication company. Moreover, the scammers might also offer to purchase additional fraudulent security programs.

Baidu Fake CCleaner version

Fake CCleaner on Baidu
Avast researchers detected a fake version of CCleaner being distributed on a popular Chinese site Baidu, along with a two others

According to Avast,[3] a security company that purchased CCleaner back in 2017, there is a new Fake CCleaner app in the wild, and it is targeting Chinese mainland users. It was first spotted on Baidu[4] (internet-related service company, very similar to Google) app store with a valid certificate that was leaked from previous versions.

The fake CCleaner 4.11.1 on Baidu does seem like a real version, apart from bad reviews and the incorrect categorization of “office learning utilities.” Another major difference is that the app has a different package name – com.star.ccleaner instead of com.piriform.com.

Once installed, the Fake CCleaner virus displays ads and then freezes, resulting in a very limited functionality of the tool. Also, users can spot pop-ups, deals, banners, offers, coupons and other intrusive content on their browsers even when the app is off. Researchers believe that this bogus variant is targeted towards China-only users.

Additionally, the Avast team found another two app stores that distribute this Fake CCleaner version – Tencent and 360. Both of the companies were contacted in order to remove Fake CCleaner from the official stores.

Ways fake applications get into users computers

CCleaner is distributed via free legitimate applications. However, it has been spotted that the installer of the fake version might also come along with the original version as an attachment. Most likely, it is due to secondary download sources. Since the majority of users tend to overlook the installation instructions, the add-ons which are already pre-marked get installed along with the primary program.

If you are interested in how you can prevent fake apps from entering your computer in the future, take note of this advice. Firstly, you should select the “Custom” installation rather than “Recommended” settings. Secondly, carefully uncheck the attachments if you find them irrelevant. If you think that you have been tricked and installed this scamware on your computer, you should perform the unwanted app removal without wasting your time. Also, don't forget to ignore its fake warning messages.

When it comes to fake apps on legitimate sites, please check the following before installing:

  • Check user reviews;
  • Validate the name of the publisher;
  • Check the certificate (although can be fabricated);
  • See the description and category;
  • Before proceeding with the installation, make sure that app is not asking for admin rights.

You can terminate Fake CCleaner by using security software

Though this program might be quite treacherous and malicious, removing it should not cause problems. There are two main ways you can initiate Fake CCleaner removal. You install a powerful anti-spyware program or make use of our manual guide below. It is designed not only to terminate malware but delete suspicious applications as well. Therefore, such a program is highly beneficial for any Internet user. 

You can also follow manual instructions provided below to remove Fake CCleaner as well. However, depending on the version of the bogus app, manual elimination might be almost impossible. In such a case, simply download a reputable security application and run a full scan on your device.

You can remove virus damage automatically with a help of one of these programs: Reimage, SpyHunterCombo Cleaner, Malwarebytes Malwarebytes. We recommend these applications because they detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to remove virus damage. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with SpyHunter.
Alternative Software
Different security software includes different virus database. If you didn’t succeed in finding malware with Reimage, try running alternative scan with Combo Cleaner.

To remove CCleaner (fake), follow these steps:

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove CCleaner (fake) from Windows systems

To remove Fake CCleaner from Windows, perform these steps:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall CCleaner (fake) and related programs
    Here, look for CCleaner (fake) or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Get rid of CCleaner (fake) from Mac OS X system

If you macOS showing signs of infection, use this guide:

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for CCleaner (fake) or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Eliminate CCleaner (fake) from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for CCleaner (fake) and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete CCleaner (fake) removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Uninstall CCleaner (fake) from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, CCleaner (fake) should be removed from your Microsoft Edge browser.

WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Delete CCleaner (fake) from Mozilla Firefox (FF)

Refresh Mozilla Firefox to give a fresh start:

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select CCleaner (fake) and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete CCleaner (fake) removal. Click on 'Reset Firefox' button for a couple of times
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Erase CCleaner (fake) from Google Chrome

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select CCleaner (fake) and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete CCleaner (fake) removal. Click on 'Reset' button to complete your removal
WindowsMac OS XInternet ExplorerMicrosoft EdgeFirefoxGoogle ChromeSafari

Remove CCleaner (fake) from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for CCleaner (fake) or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete CCleaner (fake) removal process. Select all options and click on 'Reset' button

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References


  1. Brigitte says:
    April 26th, 2016 at 5:38 am

    I thought that something weird was about this program…

  2. Samuel says:
    April 26th, 2016 at 5:39 am

    I guess, one needs to be more careful…

  3. Adam says:
    April 26th, 2016 at 5:41 am

    I accidentally downloaded the program. After a while, my anti-virus found some malware. I didnt realize that it was a fake version!

Your opinion regarding CCleaner (fake)