Jump to content

Recommended Posts

  • Staff
What is Sweep Clean PC Pro?

The Malwarebytes research team has determined that Sweep Clean PC Pro is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by Sweep Clean PC Pro?

You may see this entry in your list of installed programs:

warning4.png

and these screen after a (forced) reboot:

main.png

warning1.png

How did Sweep Clean PC Pro get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was offered as a PC cleaning utility.

How do I remove Sweep Clean PC Pro?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection we will need a way to bypass the shell replacement.
  • Press the key combination Ctrl-Alt-Del and in the resulting screen choose "Start Task Manager".
  • In the Windows Task Manager screen select, one by one, the black.exe and the two iexplore.exe processes and click "End Process". Click "End process" in the confirmation prompt.
    taskmgr.png
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • Is there anything else I need to do to get rid of Sweep Clean PC Pro?
    • No, Malwarebytes' Anti-Malware removes Sweep Clean PC Pro completely.
    How would the full version of Malwarebytes Anti-Malware help protect me?

    We hope our application and this guide have helped you eradicate this hijacker.

    As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.
     

    protection1.png


    Technical details for experts

    You may see these entries in FRST logs:
     
     HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\Sweep Clean PC Pro\black.exe [142336 ] () <=== ATTENTION
     HKCU\...\Winlogon: [Shell] C:\Program Files (x86)\Sweep Clean PC Pro\black.exe [142336 2016-05-23] () <==== ATTENTION
     C:\Program Files (x86)\Sweep Clean PC Pro
    
    Sweep Clean PC Pro (HKLM-x32\...\Sweep Clean PC Pro) (Version:  - )
    Alterations made by the installer:
     
    File system details [View: All details] (Selection)
    ---------------------------------------------------
        Adds the folder C:\Program Files (x86)\Sweep Clean PC Pro
           Adds the file black.exe"="5/23/2016 7:45 PM, 142336 bytes, A
           Adds the file fastrestart.bat"="5/23/2016 7:48 PM, 86 bytes, A
           Adds the file Uninstall.exe"="6/16/2016 9:09 AM, 75321 bytes, A
           Adds the file Uninstall.ini"="6/16/2016 9:09 AM, 1657 bytes, A
    
    Registry details [View: All details] (Selection)
    ------------------------------------------------
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Sweep Clean PC Pro]
           "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Sweep Clean PC Pro\Uninstall.exe"
           "DisplayName"="REG_SZ", "Sweep Clean PC Pro"
           "NoModify"="REG_DWORD", 1
           "NoRepair"="REG_DWORD", 1
           "UninstallString"="REG_SZ", "C:\Program Files (x86)\Sweep Clean PC Pro\Uninstall.exe"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
           "Shell
            REG_SZ, "explorer.exe" ==> REG_SZ, "C:\Program Files (x86)\Sweep Clean PC Pro\black.exe"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sweep Clean PC Pro]
           "Path"="REG_SZ", "C:\Program Files (x86)\Sweep Clean PC Pro\black.exe"
        [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
           "Shell"="REG_SZ", "C:\Program Files (x86)\Sweep Clean PC Pro\black.exe"
    Malwarebytes Anti-Malware log:
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    
    Scan Date: 6/16/2016
    Scan Time: 9:59 AM
    Logfile: mbamSweepClean.txt
    Administrator: Yes
    
    Version: 2.2.1.1043
    Malware Database: v2016.06.16.01
    Rootkit Database: v2016.05.27.01
    License: Premium
    Malware Protection: Disabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled
    
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: {username}
    
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 313163
    Time Elapsed: 12 min, 16 sec
    
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 0
    (No malicious items detected)
    
    Modules: 0
    (No malicious items detected)
    
    Registry Keys: 2
    Trojan.TechSupportScam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Sweep Clean PC Pro, Quarantined, [317011ec7722d561edcbe70d44bf11ef], 
    Trojan.TechSupportScam, HKLM\SOFTWARE\WOW6432NODE\Sweep Clean PC Pro, Quarantined, [c6dbbe3faeeb49ed3a81e41018ebb749], 
    
    Registry Values: 1
    Trojan.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\Program Files (x86)\Sweep Clean PC Pro\black.exe, Quarantined, [247d1ae33f5a5fd764551dd7cb38728e]
    
    Registry Data: 1
    Hijack.Shell, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\Program Files (x86)\Sweep Clean PC Pro\black.exe, Good: (Explorer.exe), Bad: (C:\Program Files (x86)\Sweep Clean PC Pro\black.exe),Replaced,[d9c827d65049d4624bb34526bf458d73]
    
    Folders: 1
    Trojan.TechSupportScam, C:\Program Files (x86)\Sweep Clean PC Pro, Quarantined, [317011ec7722d561edcbe70d44bf11ef], 
    
    Files: 5
    Trojan.TechSupportScam, C:\Users\{username}\Desktop\SweepCleanPCPro.exe, Quarantined, [911020dd16831f170f75469f0af7db25], 
    Trojan.TechSupportScam, C:\Program Files (x86)\Sweep Clean PC Pro\Uninstall.ini, Quarantined, [317011ec7722d561edcbe70d44bf11ef], 
    Trojan.TechSupportScam, C:\Program Files (x86)\Sweep Clean PC Pro\black.exe, Quarantined, [317011ec7722d561edcbe70d44bf11ef], 
    Trojan.TechSupportScam, C:\Program Files (x86)\Sweep Clean PC Pro\fastrestart.bat, Quarantined, [317011ec7722d561edcbe70d44bf11ef], 
    Trojan.TechSupportScam, C:\Program Files (x86)\Sweep Clean PC Pro\Uninstall.exe, Quarantined, [317011ec7722d561edcbe70d44bf11ef], 
    
    Physical Sectors: 0
    (No malicious items detected)
    
    
    (end)
    As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
    We use different ways of protecting your computer(s):
    • Dynamically Blocks Malware Sites & Servers
    • Malware Execution Prevention
    Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.