CCleaner (fake) (Easy Removal Guide) - Mar 2019 update

CCleaner (fake) Removal Guide

What is CCleaner (fake)?

Fake CCleaner is a malicious application that seeks to spam users with ads, steal information or make them install other bloatware

Fake CCleaner virusFake CCleaner is malware that is designed to look like original version of the program but perform malicious activities on the infected device

Fake CCleaner is a set of malicious programs that are designed to imitate the reputable software. Bad actors often create counterfeit versions of renowned applications that could benefit them via ad revenue, info-stealing, or other activities. Since the original version of the app by Piriform Ltd enjoys its popularity among Internet users as a useful tool, scammers decided to use this opportunity and publish its malicious substitute. Since the title is the same, users might struggle to tell the difference. However, in case you recently installed the app and noticed some suspicious activity on your Google Chrome, Safari, Mozilla Firefox, or another browser, it is time to take care of Fake CCleaner removal.

Name Fake CCleaner
Type Malware
Activity Steals information, inserts a large amount of ads, etc.
OS affected Windows, Mac OS X, Android, iOS
Browsers affected Google Chrome, Internet Explorer, Mozilla Firefox, Safari, etc.
Symptoms Might show no symptoms, although users spotted slowdowns of the device, program crashes, increased usage of computer resources, etc.
Removal Use anti-malware software or perform manual elimination by using our instructions below
Recovery To make sure that all the malicious components are deleted and the device is running normally, scan it with FortectIntego

Fake CCleaner virus is usually installed via unsafe third-party websites, although they can also be bundled with freeware or shareware. Therefore, it is vital to be attentive when installing new software from the internet – find more details on how to protect yourself against Fake CCleaner attacks below.

CCleaner malware might display little to no symptoms, although some general ones include:

  • Slowdowns of the device;
  • Application crashes;
  • Redirects, pop-up ads, and other intrusive behavior;
  • Installation of other software without consent;
  • Increased usage of computer resources, etc.

Without a doubt, users should immediately remove Fake CCleaner from their devices. Due to lack of symptoms, it might not be easy to determine whether or not Android, iOS, macOS or Windows operating system is infected. Therefore, best practice would be to employ reputable security application to check for malware and PUPs on the machine.

In case the anti-virus program detected Fake CCleaner virus, or any other infection, eliminate it immediately and then scan your device with FortectIntego for best results.

Fake CCleanerFake CCleaner is a dangerous application that can steal personal data, display intrusive ads, and even install other payloads

Fake CCleaner versions

The most notorious instance of massive infections of CCleaner v5.3 virus occurred back in March 2017, when hackers organized a massive operation that allowed them to hijack official website and distribute the malicious version of the app to more than 2.3 million users.[1] The malware was designed to harvest sensitive data from the infected users and send it to hacker-controlled Command & Control server.

Additionally, it was found that hackers managed to execute second-stage payload on 40 computers located in major companies, such as Google, Sony, HTC, Linksys, Intel, and others. Researchers believe that the malicious actors were working on the operation for a long time before they pulled it off.

IConnect CCleaner virus

Another one of Fake CCleaner variants comes from a company IConnect. The counterfeited program can be distinguished from the original version from its logo. Additionally, when installed, this application shows false error messages encouraging you to call a specific number. Do not get deceived and do not dial that number since a scammer waits for credulous users at the other end of the line! After calling for these scammers, you can receive an enormous telephone bill.

Additionally, instead of helping you protect your system, scammers might fill your computer with additional malware instead, ask you to pay for bogus services they provided or make payment for useless subscriptions. Therefore, never trust error messages that display an alleged error message that prompts to call the tech support number.

In fact, it has been discovered that this malicious version of CCleaner is another example of ordinary Tech Support Scam,[2] where the latest its example is known as a fake Security warning. The essence of such fraud is to convince Internet users into thinking that their computers are infected with viruses and then encourage them to call a certain number. If they call it, they might get shocked after receiving an enormous bill from their telecommunication company. Moreover, the scammers might also offer to purchase additional fraudulent security programs.

Baidu Fake CCleaner version

Fake CCleaner on BaiduAvast researchers detected a fake version of CCleaner being distributed on a popular Chinese site Baidu, along with a two others

According to Avast,[3] a security company that purchased CCleaner back in 2017, there is a new Fake CCleaner app in the wild, and it is targeting Chinese mainland users. It was first spotted on Baidu[4] (internet-related service company, very similar to Google) app store with a valid certificate that was leaked from previous versions.

The fake CCleaner 4.11.1 on Baidu does seem like a real version, apart from bad reviews and the incorrect categorization of “office learning utilities.” Another major difference is that the app has a different package name – com.star.ccleaner instead of com.piriform.com.

Once installed, the Fake CCleaner virus displays ads and then freezes, resulting in a very limited functionality of the tool. Also, users can spot pop-ups, deals, banners, offers, coupons and other intrusive content on their browsers even when the app is off. Researchers believe that this bogus variant is targeted towards China-only users.

Additionally, the Avast team found another two app stores that distribute this Fake CCleaner version – Tencent and 360. Both of the companies were contacted in order to remove Fake CCleaner from the official stores.

Ways fake applications get into users computers

CCleaner is distributed via free legitimate applications. However, it has been spotted that the installer of the fake version might also come along with the original version as an attachment. Most likely, it is due to secondary download sources. Since the majority of users tend to overlook the installation instructions, the add-ons which are already pre-marked get installed along with the primary program.

If you are interested in how you can prevent fake apps from entering your computer in the future, take note of this advice. Firstly, you should select the “Custom” installation rather than “Recommended” settings. Secondly, carefully uncheck the attachments if you find them irrelevant. If you think that you have been tricked and installed this scamware on your computer, you should perform the unwanted app removal without wasting your time. Also, don't forget to ignore its fake warning messages.

When it comes to fake apps on legitimate sites, please check the following before installing:

  • Check user reviews;
  • Validate the name of the publisher;
  • Check the certificate (although can be fabricated);
  • See the description and category;
  • Before proceeding with the installation, make sure that app is not asking for admin rights.

You can terminate Fake CCleaner by using security software

Though this program might be quite treacherous and malicious, removing it should not cause problems. There are two main ways you can initiate Fake CCleaner removal. You install a powerful anti-spyware program or make use of our manual guide below. It is designed not only to terminate malware but delete suspicious applications as well. Therefore, such a program is highly beneficial for any Internet user.

You can also follow manual instructions provided below to remove Fake CCleaner as well. However, depending on the version of the bogus app, manual elimination might be almost impossible. In such a case, simply download a reputable security application and run a full scan on your device.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Fortect Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of CCleaner (fake). Follow these steps

Uninstall from Windows

To remove Fake CCleaner from Windows, perform these steps:

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

If you macOS showing signs of infection, use this guide:

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Refresh Mozilla Firefox to give a fresh start:

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of CCleaner (fake) registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting malware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References