What is PC Cleaner Pro?
The Malwarebytes research team has determined that PC Cleaner Pro is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.
How do I know if my computer is affected by PC Cleaner Pro?
You may see this warning during install:
You may see this window that covers your whole screen:
and these windows while trying to get out of the locked screen:
How did PC Cleaner Pro get on my computer?
Tech Support Scammers use different methods for distributing themselves. This particular one was offered as a PC cleanerb, but it also installs files that will produce a fake Windows Activation screen with the Tech Support Scammers number.
How do I remove PC Cleaner Pro?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
But due to the behaviour of the program you will have to reboot into Safe Mode with Networking first.
Alternatively you can try to get out of the lockscreen by typing "closecloseclosecloseclose" in the main form and click on the "Activate" button. You will get a confirmation prompt.
Close that prompt and you will be sent back to your desktop.
There you may see the main screen of the PC Cleaner Pro part of the setup. But that will not stop you from downloading and running Malwarebytes Anti-Malware.
After following either method continue with the instructions below.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Windows Games TSS completely.
- No, Malwarebytes' Anti-Malware removes PC Cleaner Pro completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.
Technical details for experts
You may see these entries in FRST logs:
() C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\PC JUNKCLEANER.exe
HKCU\...\Run: [PC JUNKCLEANER] => C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\PC JUNKCLEANER.exe [1636352 2016-08-07] ()
HKCU\...\Run: [POKEMONEGOGAMES] => C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\NewWindowActivation.exe [568320 2016-08-07] (Microsoft)
C:\Users\{username}\Documents\PcjunkCleaner.xml
C:\Program Files (x86)\A POKEMONGO Company
(A POKEMONGO Company) C:\Users\{username}\Desktop\PCcleanerpro.exe
PC Cleaner Pro (x32 Version: 1.0.0 - A POKEMONGO Company) HiddenAlterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro
Adds the file ClearBrowserHistory.dll"="10/9/2015 8:53 PM, 89088 bytes, A
Adds the file ClearClipboard.dll"="10/9/2015 8:37 PM, 40960 bytes, A
Adds the file ClearRecycleBin.dll"="10/9/2015 8:38 PM, 83968 bytes, A
Adds the file NewWindowActivation.exe"="8/7/2016 9:27 AM, 568320 bytes, A
Adds the file PC JUNKCLEANER.exe"="8/7/2016 8:47 AM, 1636352 bytes, A
Adds the file RunClearHistory.dll"="10/9/2015 8:39 PM, 43008 bytes, A
Adds the folder C:\Windows\Installer\{68A9A36C-796C-406E-BF55-3F10D14A336F}
Adds the file pokemonego.exe"="8/16/2016 8:29 AM, 370070 bytes, RA
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C63A9A86C697E604FB55F3011DA433F6]
"AdvertiseFlags"="REG_DWORD", 388
"Assignment"="REG_DWORD", 1
"AuthorizedLUAApp"="REG_DWORD", 0
"Clients"="REG_MULTI_SZ, ": "
"DeploymentFlags"="REG_DWORD", 3
"InstanceType"="REG_DWORD", 0
"Language"="REG_DWORD", 1033
"PackageCode"="REG_SZ", "DDAA172B049366441A959D3FDCDABA6B"
"ProductIcon"="REG_SZ", "C:\Windows\Installer\{68A9A36C-796C-406E-BF55-3F10D14A336F}\pokemonego.exe"
"ProductName"="REG_SZ", "PC Cleaner Pro"
"Version"="REG_DWORD", 16777216
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C63A9A86C697E604FB55F3011DA433F6\SourceList]
"LastUsedSource"="REG_EXPAND_SZ, "n;1;C:\Users\{username}\AppData\Roaming\A POKEMONGO Company\PC Cleaner Pro 1.0.0\install\14A336F\"
"PackageName"="REG_SZ", "PokemoneGoGames.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C63A9A86C697E604FB55F3011DA433F6\SourceList\Media]
"1"="REG_SZ", ";"
"DiskPrompt"="REG_SZ", "[1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C63A9A86C697E604FB55F3011DA433F6\SourceList\Net]
"1"="REG_EXPAND_SZ, "C:\Users\{username}\AppData\Roaming\A POKEMONGO Company\PC Cleaner Pro 1.0.0\install\14A336F\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0CC6001FF20744C46A8600498CDD92D9]
"C63A9A86C697E604FB55F3011DA433F6"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\A POKEMONGO Company\"="REG_SZ", ""
"C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\"="REG_SZ", ""
"C:\Windows\Installer\{68A9A36C-796C-406E-BF55-3F10D14A336F}\"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C63A9A86C697E604FB55F3011DA433F6\InstallProperties]
"AuthorizedCDFPrefix"="REG_SZ", ""
"Comments"="REG_SZ", "This installer database contains the logic and data required to install PC Cleaner Pro."
"Contact"="REG_SZ", ""
"DisplayName"="REG_SZ", "PC Cleaner Pro"
"DisplayVersion"="REG_SZ", "1.0.0"
"EstimatedSize"="REG_DWORD", 2392
"HelpLink"="REG_SZ", ""
"HelpTelephone"="REG_SZ", ""
"InstallDate"="REG_SZ", "20160816"
"InstallLocation"="REG_SZ", "C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\"
"InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Roaming\A POKEMONGO Company\PC Cleaner Pro 1.0.0\install\14A336F\"
"Language"="REG_DWORD", 1033
"LocalPackage"="REG_SZ", "C:\Windows\Installer\33aad2.msi"
"NoModify"="REG_DWORD", 1
"NoRemove"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "A POKEMONGO Company"
"Readme"="REG_SZ", ""
"Size"="REG_SZ", ""
"SystemComponent"="REG_DWORD", 1
"URLInfoAbout"="REG_SZ", ""
"URLUpdateInfo"="REG_SZ", ""
"Version"="REG_DWORD", 16777216
"VersionMajor"="REG_DWORD", 1
"VersionMinor"="REG_DWORD", 0
"WindowsInstaller"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\A POKEMONGO Company\PC Cleaner Pro]
"Path"="REG_SZ", "C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\"
"Version"="REG_SZ", "1.0.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Caphyon\Advanced Installer\LZMA\{68A9A36C-796C-406E-BF55-3F10D14A336F}\1.0.0]
"AI_ExePath"="REG_SZ", "C:\Users\{username}\Desktop\PCcleanerpro.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68A9A36C-796C-406E-BF55-3F10D14A336F}]
"AuthorizedCDFPrefix"="REG_SZ", ""
"Comments"="REG_SZ", "This installer database contains the logic and data required to install PC Cleaner Pro."
"Contact"="REG_SZ", ""
"DisplayName"="REG_SZ", "PC Cleaner Pro"
"DisplayVersion"="REG_SZ", "1.0.0"
"EstimatedSize"="REG_DWORD", 2392
"HelpLink"="REG_SZ", ""
"HelpTelephone"="REG_SZ", ""
"InstallDate"="REG_SZ", "20160816"
"InstallLocation"="REG_SZ", "C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\"
"InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Roaming\A POKEMONGO Company\PC Cleaner Pro 1.0.0\install\14A336F\"
"Language"="REG_DWORD", 1033
"NoModify"="REG_DWORD", 1
"NoRemove"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "A POKEMONGO Company"
"Readme"="REG_SZ", ""
"Size"="REG_SZ", ""
"SystemComponent"="REG_DWORD", 1
"URLInfoAbout"="REG_SZ", ""
"URLUpdateInfo"="REG_SZ", ""
"Version"="REG_DWORD", 16777216
"VersionMajor"="REG_DWORD", 1
"VersionMinor"="REG_DWORD", 0
"WindowsInstaller"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\PC JUNKCLEANER]
"EXPDATE"="REG_SZ", "2016-08-26"
"FIRSTDATE"="REG_SZ", "2016-08-16"
"FIRSTTIME"="REG_SZ", "w"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC JUNKCLEANER"="REG_SZ", "C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\PC JUNKCLEANER.exe"
"POKEMONEGOGAMES"="REG_SZ", "C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\NewWindowActivation.exe"
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/16/2016
Scan Time: 8:36 AM
Logfile: mbamPCCleanerPro.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.08.16.04
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317953
Time Elapsed: 8 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\PC JUNKCLEANER.exe, 3640, Delete-on-Reboot, [f9cbc08bc6d412247b3c42875ca8d927]
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 2
Rogue.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PC JUNKCLEANER, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\PC JUNKCLEANER.exe, Quarantined, [f9cbc08bc6d412247b3c42875ca8d927]
Rogue.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|POKEMONEGOGAMES, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\NewWindowActivation.exe, Quarantined, [cdf7f15a62380f278e23f0d97292738d]
Registry Data: 0
(No malicious items detected)
Folders: 2
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company, Delete-on-Reboot, [d3f1cb80c2d82115baf19732c044847c],
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro, Delete-on-Reboot, [d3f1cb80c2d82115baf19732c044847c],
Files: 8
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\PC JUNKCLEANER.exe, Delete-on-Reboot, [f9cbc08bc6d412247b3c42875ca8d927],
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\NewWindowActivation.exe, Quarantined, [cdf7f15a62380f278e23f0d97292738d],
Rogue.TechSupportScam, C:\Users\{username}\Desktop\PCcleanerpro.exe, Quarantined, [4381ba91cad0cb6b76346069996bd52b],
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\ClearBrowserHistory.dll, Delete-on-Reboot, [d3f1cb80c2d82115baf19732c044847c],
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\ClearClipboard.dll, Delete-on-Reboot, [d3f1cb80c2d82115baf19732c044847c],
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\ClearRecycleBin.dll, Delete-on-Reboot, [d3f1cb80c2d82115baf19732c044847c],
Rogue.TechSupportScam, C:\Program Files (x86)\A POKEMONGO Company\PC Cleaner Pro\RunClearHistory.dll, Delete-on-Reboot, [d3f1cb80c2d82115baf19732c044847c],
Rogue.TechSupportScam, C:\Users\{username}\Documents\PcjunkCleaner.xml, Quarantined, [0db7df6ceab02d09357b339642c22fd1],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
