Severity scale:  
  (57/100)

Remove CCleaner (fake) (Easy Removal Guide) - Mar 2019 update

removal by Lucia Danes - - | Type: Malware

Fake CCleaner is a malicious application that seeks to spam users with ads, steal information or make them install other bloatware

Fake CCleaner virus

Questions about CCleaner (fake)

Fake CCleaner is a set of malicious programs that are designed to imitate the reputable software. Bad actors often create counterfeit versions of renowned applications that could benefit them via ad revenue, info-stealing, or other activities.  Since the original version of the app by Piriform Ltd enjoys its popularity among Internet users as a useful tool, scammers decided to use this opportunity and publish its malicious substitute. Since the title is the same, users might struggle to tell the difference. However, in case you recently installed the app and noticed some suspicious activity on your Google Chrome, Safari, Mozilla Firefox, or another browser, it is time to take care of Fake CCleaner removal.

Name Fake CCleaner
Type Malware
Activity Steals information, inserts a large amount of ads, etc.
OS affected Windows, Mac OS X, Android, iOS
Browsers affected Google Chrome, Internet Explorer, Mozilla Firefox, Safari, etc.
Symptoms Might show no symptoms, although users spotted slowdowns of the device, program crashes, increased usage of computer resources, etc.
Removal Use anti-malware software or perform manual elimination by using our instructions below
Recovery To make sure that all the malicious components are deleted and the device is running normally, scan it with ReimageIntego

Fake CCleaner virus is usually installed via unsafe third-party websites, although they can also be bundled with freeware or shareware. Therefore, it is vital to be attentive when installing new software from the internet – find more details on how to protect yourself against Fake CCleaner attacks below.

CCleaner  malware might display little to no symptoms, although some general ones include:

  • Slowdowns of the device;
  • Application crashes;
  • Redirects, pop-up ads, and other intrusive behavior;
  • Installation of other software without consent;
  • Increased usage of computer resources, etc.

Without a doubt, users should immediately remove Fake CCleaner from their devices. Due to lack of symptoms, it might not be easy to determine whether or not Android, iOS, macOS or Windows operating system is infected. Therefore, best practice would be to employ reputable security application to check for malware and PUPs on the machine.

In case the anti-virus program detected Fake CCleaner virus, or any other infection, eliminate it immediately and then scan your device with ReimageIntego for best results.

Fake CCleanerFake CCleaner is a dangerous application that can steal personal data, display intrusive ads, and even install other payloads

Fake CCleaner versions

The most notorious instance of massive infections of CCleaner v5.3 virus occurred back in March 2017, when hackers organized a massive operation that allowed them to hijack official website and distribute the malicious version of the app to more than 2.3 million users.[1] The malware was designed to harvest sensitive data from the infected users and send it to hacker-controlled Command & Control server.

Additionally, it was found that hackers managed to execute second-stage payload on 40 computers located in major companies, such as Google, Sony, HTC, Linksys, Intel, and others. Researchers believe that the malicious actors were working on the operation for a long time before they pulled it off.

IConnect CCleaner virus

Another one of Fake CCleaner variants comes from a company IConnect. The counterfeited program can be distinguished from the original version from its logo. Additionally,  when installed, this application shows false error messages encouraging you to call a specific number. Do not get deceived and do not dial that number since a scammer waits for credulous users at the other end of the line! After calling for these scammers, you can receive an enormous telephone bill.

Additionally, instead of helping you protect your system, scammers might fill your computer with additional malware instead, ask you to pay for bogus services they provided or make payment for useless subscriptions. Therefore, never trust error messages that display an alleged error message that prompts to call the tech support number.

In fact, it has been discovered that this malicious version of CCleaner is another example of ordinary Tech Support Scam,[2] where the latest its example is known as a fake Security warning. The essence of such fraud is to convince Internet users into thinking that their computers are infected with viruses and then encourage them to call a certain number. If they call it, they might get shocked after receiving an enormous bill from their telecommunication company. Moreover, the scammers might also offer to purchase additional fraudulent security programs.

Baidu Fake CCleaner version

Fake CCleaner on BaiduAvast researchers detected a fake version of CCleaner being distributed on a popular Chinese site Baidu, along with a two others

According to Avast,[3] a security company that purchased CCleaner back in 2017, there is a new Fake CCleaner app in the wild, and it is targeting Chinese mainland users. It was first spotted on Baidu[4] (internet-related service company, very similar to Google) app store with a valid certificate that was leaked from previous versions.

The fake CCleaner 4.11.1 on Baidu does seem like a real version, apart from bad reviews and the incorrect categorization of “office learning utilities.” Another major difference is that the app has a different package name – com.star.ccleaner instead of com.piriform.com.

Once installed, the Fake CCleaner virus displays ads and then freezes, resulting in a very limited functionality of the tool. Also, users can spot pop-ups, deals, banners, offers, coupons and other intrusive content on their browsers even when the app is off. Researchers believe that this bogus variant is targeted towards China-only users.

Additionally, the Avast team found another two app stores that distribute this Fake CCleaner version – Tencent and 360. Both of the companies were contacted in order to remove Fake CCleaner from the official stores.

Ways fake applications get into users computers

CCleaner is distributed via free legitimate applications. However, it has been spotted that the installer of the fake version might also come along with the original version as an attachment. Most likely, it is due to secondary download sources. Since the majority of users tend to overlook the installation instructions, the add-ons which are already pre-marked get installed along with the primary program.

If you are interested in how you can prevent fake apps from entering your computer in the future, take note of this advice. Firstly, you should select the “Custom” installation rather than “Recommended” settings. Secondly, carefully uncheck the attachments if you find them irrelevant. If you think that you have been tricked and installed this scamware on your computer, you should perform the unwanted app removal without wasting your time. Also, don't forget to ignore its fake warning messages.

When it comes to fake apps on legitimate sites, please check the following before installing:

  • Check user reviews;
  • Validate the name of the publisher;
  • Check the certificate (although can be fabricated);
  • See the description and category;
  • Before proceeding with the installation, make sure that app is not asking for admin rights.

You can terminate Fake CCleaner by using security software

Though this program might be quite treacherous and malicious, removing it should not cause problems. There are two main ways you can initiate Fake CCleaner removal. You install a powerful anti-spyware program or make use of our manual guide below. It is designed not only to terminate malware but delete suspicious applications as well. Therefore, such a program is highly beneficial for any Internet user. 

You can also follow manual instructions provided below to remove Fake CCleaner as well. However, depending on the version of the bogus app, manual elimination might be almost impossible. In such a case, simply download a reputable security application and run a full scan on your device.

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove CCleaner (fake), follow these steps:

Remove CCleaner (fake) from Windows systems

To remove Fake CCleaner from Windows, perform these steps:

To remove CCleaner (fake) from Windows 10/8  machines, please follow these steps:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program.Uninstall from Windows 1
  3. From the list, find entries related to CCleaner (fake) (or any other recently installed suspicious program).
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK.Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program.Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Get rid of CCleaner (fake) from Mac OS X system

If you macOS showing signs of infection, use this guide:

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove CCleaner (fake) from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for CCleaner (fake)-related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove CCleaner (fake), you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to CCleaner (fake) and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the CCleaner (fake)-related entries.Uninstall from Mac 2

Eliminate CCleaner (fake) from Internet Explorer (IE)

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for CCleaner (fake) and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example, Google.com).
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete CCleaner (fake) removal.Reset Internet Explorer

Uninstall CCleaner (fake) from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the CCleaner (fake)-related extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Delete CCleaner (fake) from Mozilla Firefox (FF)

Refresh Mozilla Firefox to give a fresh start:

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select plugins that are related to CCleaner (fake) and click Remove.Remove extensions from Firefox

Clear cookies and site data:

  1. Click Menu and pick Options.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear.Clear cookies and site data from Firefox

In case CCleaner (fake) did not get removed after following the instructions above, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox – this should complete CCleaner (fake) removal.Reset Firefox 2

Erase CCleaner (fake) from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to CCleaner (fake) by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

If the above-methods did not help you, reset Google Chrome to eliminate all the CCleaner (fake)-components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings to complete CCleaner (fake) removal.Reset Chrome 2

Remove CCleaner (fake) from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension related to CCleaner (fake) and select Uninstall.Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References

  1. Brigitte says:
    April 26th, 2016 at 5:38 am

    I thought that something weird was about this program…

  2. Samuel says:
    April 26th, 2016 at 5:39 am

    I guess, one needs to be more careful…

  3. Adam says:
    April 26th, 2016 at 5:41 am

    I accidentally downloaded the program. After a while, my anti-virus found some malware. I didnt realize that it was a fake version!

Your opinion regarding CCleaner (fake)