What is Cloud System Care?
The Malwarebytes research team has determined that Cloud System Care is a fake system optimizer. These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Unpacked blog.
How do I know if I am infected with Cloud System Care?
This is how the main screen of the registry cleaning application looks:
You will find these icons in your taskbar and on your desktop:
And see these warnings during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
How did Cloud System Care get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was bundled by other software.
How do I remove Cloud System Care?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Cloud System Care completely.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Cloud System Care installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You may see these entries in FRST logs:
() C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe C:\Users\Public\Desktop\Cloud System Care.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care C:\Program Files (x86)\My Cleanerpro (My Cleanerpro ) C:\Users\{username}\Downloads\cloud_system_care.exe Cloud System Care version 1.0.0.0 (HKLM-x32\...\{F763E4FD-C364-42CC-9F27-C427DEFE6E91}_is1) (Version: 1.0.0.0 - My Cleanerpro)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\My Cleanerpro\Cloud System Care Adds the file DynamicDataDisplay.dll"="4/27/2009 10:42 PM, 316416 bytes, A Adds the file Error.xml"="9/28/2016 8:21 AM, 683 bytes, A Adds the file errordetails.xml"="2/22/2015 10:16 PM, 410 bytes, A Adds the file errordetailsOpt.xml"="9/28/2016 8:21 AM, 140022 bytes, A Adds the file icon.ico"="2/22/2015 8:49 PM, 192115 bytes, A Adds the file log.txt"="4/24/2014 7:25 AM, 3 bytes, A Adds the file log.xml"="9/28/2016 8:20 AM, 6308 bytes, A Adds the file msiexec.png"="9/18/2014 9:49 PM, 1620 bytes, A Adds the file OptErr.xml"="9/28/2016 8:21 AM, 358449 bytes, A Adds the file OSVersionInfo.dll"="9/18/2014 9:23 PM, 19968 bytes, A Adds the file PC Optimizer.exe"="3/17/2015 4:46 AM, 6437888 bytes, A Adds the file PC Optimizer.exe.config"="5/15/2014 9:24 PM, 1206 bytes, A Adds the file PC Optimizer.pdb"="3/17/2015 4:46 AM, 740864 bytes, A Adds the file PC Optimizer.vshost.exe"="3/17/2015 4:43 AM, 22472 bytes, A Adds the file PC Optimizer.vshost.exe.config"="5/15/2014 9:24 PM, 1206 bytes, A Adds the file PC Optimizer.vshost.exe.manifest"="5/15/2014 11:54 PM, 2270 bytes, A Adds the file PinItem.vbs"="5/14/2014 8:17 PM, 12820 bytes, A Adds the file RegErr.xml"="2/22/2015 10:48 PM, 370258 bytes, A Adds the file Sys_auth.xml"="2/22/2015 9:21 PM, 329 bytes, A Adds the file trialerror.xml"="4/28/2014 10:44 PM, 55340 bytes, A Adds the file unins000.dat"="9/28/2016 8:19 AM, 4471 bytes, A Adds the file unins000.exe"="9/28/2016 8:19 AM, 907425 bytes, A Adds the file WpfAnimatedGif.dll"="8/7/2013 11:30 AM, 28160 bytes, A Adds the file WPFMessageBox.dll"="5/15/2014 12:19 AM, 19456 bytes, A Adds the file WPFToolkit.Extended.dll"="4/18/2011 9:43 AM, 285696 bytes, A Adds the folder C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth Adds the file sys_error_nbr.txt"="2/22/2015 10:15 PM, 1 bytes, A Adds the file sys_error_size.txt"="2/22/2015 10:15 PM, 4 bytes, A Adds the file sys_read.txt"="2/22/2015 10:15 PM, 21 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care Adds the file Cloud System Care on the Web.url"="9/28/2016 8:19 AM, 138 bytes, A Adds the file Cloud System Care.lnk"="9/28/2016 8:19 AM, 1396 bytes, A Adds the file Uninstall Cloud System Care.lnk"="9/28/2016 8:19 AM, 1376 bytes, A In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Adds the file Cloud System Care.lnk"="9/28/2016 8:19 AM, 1396 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file Cloud System Care.lnk"="9/28/2016 8:19 AM, 1378 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F763E4FD-C364-42CC-9F27-C427DEFE6E91}_is1] "Comments"="REG_SZ", "Cloud System Care" "Contact"="REG_SZ", "0-000-000-0000" "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\My Cleanerpro\Cloud System Care\icon.ico" "DisplayName"="REG_SZ", "Cloud System Care version 1.0.0.0" "DisplayVersion"="REG_SZ", "1.0.0.0" "EstimatedSize"="REG_DWORD", 15737 "HelpLink"="REG_SZ", "http://www.epicsofts.com/" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\My Cleanerpro\Cloud System Care" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Cloud System Care" "Inno Setup: Language"="REG_SZ", "english" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20160928" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\My Cleanerpro\Cloud System Care\" "MajorVersion"="REG_DWORD", 1 "MinorVersion"="REG_DWORD", 0 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "My Cleanerpro" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://www.epicsofts.com/" "URLUpdateInfo"="REG_SZ", "http://www.epicsofts.com/"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/28/2016 Scan Time: 8:28 AM Logfile: mbamCloudSystemCare.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.28.03 Rootkit Database: v2016.09.26.02 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 322064 Time Elapsed: 8 min, 33 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe, 916, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927] Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.CloudSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F763E4FD-C364-42CC-9F27-C427DEFE6E91}_is1, Quarantined, [018293e423773bfb0e188277f60ed927], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 5 PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care, Quarantined, [a7dc1760abef60d63aef8079af55936d], Files: 33 PUP.Optional.CloudSystemCare, C:\Users\{username}\Desktop\cloud_system_care.exe, Quarantined, [0380b8bfa6f41f17b0771fda1aea34cc], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.vshost.exe.config, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\DynamicDataDisplay.dll, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Error.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\errordetails.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\errordetailsOpt.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\icon.ico, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\log.txt, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\log.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\msiexec.png, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\OptErr.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\OSVersionInfo.dll, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe.config, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.pdb, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.vshost.exe, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.vshost.exe.manifest, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PinItem.vbs, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\RegErr.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\trialerror.xml, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.dat, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.exe, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\WpfAnimatedGif.dll, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\WPFMessageBox.dll, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\WPFToolkit.Extended.dll, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth\sys_error_nbr.txt, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth\sys_error_size.txt, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth\sys_read.txt, Quarantined, [018293e423773bfb0e188277f60ed927], PUP.Optional.CloudSystemCare, C:\Users\Public\Desktop\Cloud System Care.lnk, Quarantined, [acd75c1bc9d1c27462c6aa4ff212d22e], PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care\Cloud System Care on the Web.url, Quarantined, [a7dc1760abef60d63aef8079af55936d], PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care\Cloud System Care.lnk, Quarantined, [a7dc1760abef60d63aef8079af55936d], PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care\Uninstall Cloud System Care.lnk, Quarantined, [a7dc1760abef60d63aef8079af55936d], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention