What is PC SmartCare?
PC SmartCare is a computer cleaner that triggers our PUP detection rules. By doing so we offer users a choice to consider whether they want to use this software. More information can be found on our Malwarebytes Labs blog.
How do I know if I am affected by PC SmartCare?
This is how the main screen of the computer cleaner looks:
You will find these icons in your taskbar, your startmenu, and on your desktop:
and see this type of windows during install:
and this type of screens during operations:
You may see this entry in your list of installed programs:
and this task in your list of Scheduled Tasks:
How did PC SmartCare get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website.
How do I remove PC SmartCare?
Users that installed PC SmartCare can uninstall it from the Windows "Apps and features" menu.
You can use our program Malwarebytes to scan for additional problems.
- Please download Malwarebytes for Windows to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- When the scan is finished click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
- This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks.
Should users wish to keep this program and exclude it from being detected in future scans, they can add the program to the exclusions list. Heres how to do it.
- Open Malwarebytes for Windows.
- Click the Detection History
- Click the Allow List
- To add an item to the Allow List, click Add.
- Select the exclusion type Allow a file or folder and use the Select a folder button to select the main folder for the software that you wish to keep.
- Repeat this for any secondary files or folder(s) that belong to the software.
How would the full version of Malwarebytes help protect me?
We hope our application and this guide have helped you in dealing with this registry cleaner.
As you can see below the full version of Malwarebytes would have warned you against the PC SmartCare installer.
Technical details for experts
You may see these entries in FRST logs:
(Sutherland Global Services Inc -> ) C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByPCSmartCare.exe (Sutherland Global Services Inc -> Sutherland Global Services, Inc.) C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe Task: {CBBF4145-8F59-4B79-83A0-E8661C66CC2B} - System32\Tasks\RunAnswersByPCSmartcare => C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByPCSmartCare.exe [9362696 2018-08-24] (Sutherland Global Services Inc -> ) R2 AnswersByDownloadService; C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe [2579208 2018-03-05] (Sutherland Global Services Inc -> Sutherland Global Services, Inc.) C:\Program Files (x86)\AnswersBy PC Smartcare C:\Windows\system32\Tasks\RunAnswersByPCSmartcare C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC SmartCare.lnk C:\Users\Public\Desktop\AnswersBy PC SmartCare.lnk C:\ProgramData\Desktop\AnswersBy PC SmartCare.lnk C:\Users\{username}\AppData\Roaming\AnswersBy PC SmartCare C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare AnswersBy PC Smartcare (HKLM-x32\...\{4137CB7D-7777-4374-BC93-CE7E7E72799E}) (Version: 1.2.0.9 - My Company) Hidden AnswersBy PC Smartcare (HKLM-x32\...\AnswersBy PC Smartcare) (Version: 1.2.0.9 - Sutherland Global Services) () [File not signed] C:\Program Files (x86)\AnswersBy PC Smartcare\libeay32.dll (SQLite Development Team) [File not signed] C:\Program Files (x86)\AnswersBy PC Smartcare\sqlite3.dllAlterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare Adds the file AnswersByDownloadServiceLog.log"="10/2/2020 10:06 AM, 2449 bytes, A Adds the file AnswersByPCSmartCare.exe"="8/24/2018 1:25 PM, 9362696 bytes, A Adds the file AnswersByTA.exe"="8/24/2018 1:25 PM, 2430216 bytes, A Adds the file AnswersByUpdateService.exe"="3/5/2018 11:52 AM, 2579208 bytes, A Adds the file AnswersByUpdateSVC.exe"="3/5/2018 10:24 AM, 2575624 bytes, A Adds the file ApplicationStarter.exe"="9/27/2017 1:53 PM, 2227000 bytes, A Adds the file BPub.txt"="3/1/2017 12:32 PM, 916 bytes, A Adds the file Captions.txt"="6/12/2017 6:31 PM, 7214 bytes, A Adds the file CloudAccounts.txt"="5/29/2017 7:05 PM, 154 bytes, A Adds the file Config.xml"="4/3/2017 8:02 PM, 184 bytes, A Adds the file devcon32.exe"="9/27/2017 1:53 PM, 56320 bytes, A Adds the file devcon64.exe"="9/27/2017 1:53 PM, 81920 bytes, A Adds the file DiskCleaner.txt"="3/9/2017 5:14 PM, 9935 bytes, A Adds the file DomainList.txt"="5/23/2017 6:43 PM, 11107 bytes, A Adds the file ExcludeFolderList.txt"="3/21/2017 6:30 PM, 26205 bytes, A Adds the file faq.htm"="3/5/2018 10:24 AM, 23775 bytes, A Adds the file Featurecode.ini"="2/10/2017 6:38 PM, 3165 bytes, A Adds the file HashGuide.db"="10/2/2020 10:06 AM, 990208 bytes, A Adds the file IdealProcLog.txt"="10/2/2020 9:51 AM, 300 bytes, A Adds the file libeay32.dll"="9/27/2017 1:53 PM, 1552412 bytes, A Adds the file LP.txt"="3/1/2017 12:32 PM, 1654 bytes, A Adds the file Main.Db"="10/2/2020 10:07 AM, 165888 bytes, A Adds the file PCMTUpdateStart2.exe"="9/28/2017 4:00 PM, 2621344 bytes, A Adds the file PerformanceScanErrors.txt"="10/2/2020 10:07 AM, 2999 bytes, A Adds the file PerformanceScanLog.log"="10/2/2020 10:05 AM, 3579 bytes, A Adds the file ProcBy.dll"="7/20/2018 11:51 AM, 8255440 bytes, A Adds the file RefGuide.mdb"="10/2/2020 9:05 AM, 2260992 bytes, A Adds the file SafeFolders.txt"="3/21/2017 6:30 PM, 12890 bytes, A Adds the file ScanProcStepsLog.txt"="10/2/2020 10:07 AM, 418 bytes, A Adds the file SmartLeapServiceCenter.exe"="8/24/2018 1:38 PM, 7991712 bytes, A Adds the file SmtDBConfig.txt"="6/12/2017 6:31 PM, 43 bytes, A Adds the file SoftwareList.txt"="5/11/2017 2:59 PM, 9256 bytes, A Adds the file spyware.txt"="4/27/2017 3:51 PM, 0 bytes, A Adds the file spywareTTK.txt"="6/10/2017 7:30 PM, 306978 bytes, A Adds the file sqlite3.dll"="9/27/2017 1:53 PM, 658797 bytes, A Adds the file ssleay32.dll"="9/27/2017 1:53 PM, 268136 bytes, A Adds the file supportfiles.cab"="9/27/2017 1:53 PM, 101139 bytes, A Adds the file SystemInformation.xml"="10/2/2020 10:07 AM, 908 bytes, A Adds the file UpdateConfig.ini"="3/5/2018 10:49 AM, 505 bytes, A Adds the file UpdateConfig.txt"="3/5/2018 10:49 AM, 505 bytes, A Adds the file UpdateFiles.Cab"="6/6/2017 8:36 PM, 23527 bytes, A Adds the file VirusScanErrors.txt"="10/2/2020 10:07 AM, 0 bytes, A Adds the file WPub.txt"="5/11/2017 6:58 PM, 9740 bytes, A Adds the file WpubForMemory.txt"="3/1/2017 12:32 PM, 332 bytes, A Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare\Cache Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare\Logs\VirusRemoval_2020_10_02_10_05_50 Adds the file 01_FilesCollected.csv"="10/2/2020 10:06 AM, 454496 bytes, A Adds the file 02_HashCollected.csv"="10/2/2020 10:06 AM, 95030 bytes, A Adds the file 03_RetunrListLocal.csv"="10/2/2020 10:06 AM, 100620 bytes, A Adds the file 04_ReturnListSgs.csv"="10/2/2020 10:06 AM, 100620 bytes, A Adds the file 05_ReturnListSmt.csv"="10/2/2020 10:06 AM, 7056 bytes, A Adds the file 05_ReturnListSmtAndSgs.csv"="10/2/2020 10:06 AM, 100637 bytes, A Adds the file 06_ReturnListBlackSignCheck.csv"="10/2/2020 10:06 AM, 13580 bytes, A Adds the file 07_FilesToUpload.csv"="10/2/2020 10:06 AM, 32130 bytes, A Adds the file 07A_Uploadinitiated.csv"="10/2/2020 10:07 AM, 5024 bytes, A Adds the file 08_UploadCompletionStatus.csv"="10/2/2020 10:07 AM, 3411 bytes, A Adds the file 09_UploadedResults.csv"="10/2/2020 10:07 AM, 2 bytes, A Adds the file 99_ScanProcessLog.csv"="10/2/2020 10:07 AM, 37885 bytes, A Adds the file ExFolders.txt"="10/2/2020 10:06 AM, 21658 bytes, A Adds the file FilesToUpload.txt"="10/2/2020 10:06 AM, 32130 bytes, A Adds the file FilesWithmd5.csv"="10/2/2020 10:06 AM, 30332 bytes, A Adds the file HashJsonReturnList.csv"="10/2/2020 10:06 AM, 11480 bytes, A Adds the file MFTallFiles.txt"="10/2/2020 10:06 AM, 141801 bytes, A Adds the file MFTfiles.txt"="10/2/2020 10:06 AM, 109051 bytes, A Adds the file SgsBlackAndWhiteFilesUploaded.xml"="10/2/2020 10:07 AM, 546407 bytes, A Adds the file UploadCloudDataResults.xml"="10/2/2020 10:07 AM, 45974 bytes, A Adds the file UploadTimeLog.csv"="10/2/2020 10:07 AM, 4401 bytes, A Adds the file VirusScanResult_in_ui.csv"="10/2/2020 10:07 AM, 2 bytes, A Adds the folder C:\Program Files (x86)\AnswersBy PC Smartcare\ServiceLogs Adds the file Co-10-02-2020-10-05-40-AM.xml"="10/2/2020 10:07 AM, 5616 bytes, A Adds the folder C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2} Adds the file instance.dat"="10/2/2020 9:04 AM, 104 bytes, AC Adds the file mia.lib"="8/24/2018 1:43 PM, 1335758 bytes, AC Adds the file PC Smartcare.dat"="10/2/2020 9:04 AM, 308 bytes, AC Adds the file PC Smartcare.exe"="8/24/2018 1:43 PM, 5985976 bytes, AC Adds the file PC Smartcare.lnk"="10/2/2020 9:04 AM, 475 bytes, AC Adds the file PC Smartcare.msi"="8/24/2018 1:43 PM, 790528 bytes, AC Adds the file PC Smartcare.par"="10/2/2020 9:04 AM, 3210 bytes, AC Adds the file PC Smartcare.res"="8/24/2018 1:43 PM, 6629664 bytes, AC In the existing folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs Adds the file AnswersBy PC SmartCare.lnk"="10/2/2020 9:04 AM, 1013 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare Adds the file Uninstall AnswersBy PC Smartcare.lnk"="10/2/2020 9:04 AM, 801 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\AnswersBy PC SmartCare Adds the file test.xml"="10/2/2020 9:04 AM, 1555 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu Adds the file AnswersBy PC SmartCare.lnk"="10/2/2020 9:04 AM, 1013 bytes, A In the existing folder C:\Users\Public\Desktop Adds the file AnswersBy PC SmartCare.lnk"="10/2/2020 9:04 AM, 1001 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file RunAnswersByPCSmartcare"="10/2/2020 9:05 AM, 3560 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\smtUploader] "ToolLogId"="REG_SZ", "5894493" [HKEY_LOCAL_MACHINE\SOFTWARE\VirusScanTest] "LocalLogsPath"="REG_SZ", "C:\Program Files (x86)\AnswersBy PC Smartcare\Logs\VirusRemoval_2020_10_02_10_05_50" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AnswersByPCSmartcare] "AutoFix"="REG_SZ", "Disabled" "EMail"="REG_SZ", "{username}@home.com" "exception_wsdl"="REG_SZ", "3" "FirstName"="REG_SZ", "Matt" "InternetState"="REG_SZ", "TRUE" "LastName"="REG_SZ", "Lica" "NextScheduledScan"="REG_SZ", "10/9/2020 9:05:28 AM" "PhoneNo"="REG_SZ", "" "PIN"="REG_SZ", "123465" "Scheduled"="REG_SZ", "WEEKLY,Friday,09:05" "Status"="REG_SZ", "0" "SubscriptionStatus"="REG_SZ", "0" "TaskSchedule"="REG_SZ", "1" "ToolUpFirstTime"="REG_SZ", "False" "Trail"="REG_SZ", "0" "ValidateDate"="REG_SZ", "10-02-2020 9:20:52 AM" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4137CB7D-7777-4374-BC93-CE7E7E72799E}] "AuthorizedCDFPrefix"="REG_SZ", "" "Comments"="REG_SZ", "" "Contact"="REG_SZ", "" "DisplayName"="REG_SZ", "AnswersBy PC Smartcare" "DisplayVersion"="REG_SZ", "1.2.0.9" "EstimatedSize"="REG_DWORD", 42358 "HelpLink"="REG_SZ", "" "HelpTelephone"="REG_SZ", "" "InstallDate"="REG_SZ", "20201002" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\AnswersBy PC Smartcare" "InstallSource"="REG_SZ", "C:\Users\{username}\AppData\Local\Temp\mia1\" "Language"="REG_DWORD", 1033 "NoModify"="REG_DWORD", 1 "NoRemove"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "My Company" "Readme"="REG_SZ", "" "Size"="REG_SZ", "" "SystemComponent"="REG_DWORD", 1 "UninstallString"="REG_SZ", "C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe" "URLInfoAbout"="REG_SZ", "" "URLUpdateInfo"="REG_SZ", "" "Version"="REG_DWORD", 16908288 "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 2 "WindowsInstaller"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AnswersBy PC Smartcare] "Comments"="REG_SZ", "" "Contact"="REG_SZ", "" "DisplayIcon"="REG_SZ", "C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe" "DisplayName"="REG_SZ", "AnswersBy PC Smartcare" "DisplayVersion"="REG_SZ", "1.2.0.9" "HelpLink"="REG_SZ", "" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\AnswersBy PC Smartcare" "ModifyPath"="REG_SZ", "C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe" "Publisher"="REG_SZ", "Sutherland Global Services" "UninstallString"="REG_SZ", ""C:\ProgramData\{C8973864-65D7-4C0C-9A8E-79B96F0883C2}\PC Smartcare.exe" REMOVE=TRUE MODIFY=FALSE" "URLUpdateInfo"="REG_SZ", "" "VersionMajor"="REG_DWORD", 1 "VersionMinor"="REG_DWORD", 2 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AnswersByDownloadService] "Description"="REG_SZ", "AnswersBy PC Smartcare Updater which will updates all the files in the PC Smartcare folder" "DisplayName"="REG_SZ", "AnswersBy PC Smartcare Updater" "ErrorControl"="REG_DWORD", 0 "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe" " "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16Malwarebytes protection log:
Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/8/20 Protection Event Time: 8:08 AM Log File: c0f638ac-092c-11eb-965e-080027235d76.json -Software Information- Version: 4.2.1.89 Components Version: 1.0.1061 Update Package Version: 1.0.30966 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Malware Details- File: 1 PUP.Optional.AnswersBy, C:\Downloads\PCSmartcare.exe, Quarantined, 9137, 862462, 1.0.30966, , ame, , E81ABDDE09AA23096E50BEDD15541473, 948231B1F605DF66A3582F6D098611B25C9611018B20A7FF8C622575EA3AE93F (end)As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention