Jump to content

Recommended Posts

  • Staff
What is Cloud System Care?

The Malwarebytes research team has determined that Cloud System Care is a fake system optimizer. These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Unpacked blog.

How do I know if I am infected with Cloud System Care?

This is how the main screen of the registry cleaning application looks:

main.png

You will find these icons in your taskbar and on your desktop:

icons.png

And see these warnings during install:

warning1.png

warning2.png

and these screens during "operations":

warning5.png

warning6.png

You may see this entry in your list of installed programs:

warning4.png

How did Cloud System Care get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was bundled by other software.

How do I remove Cloud System Care?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Cloud System Care?
  • No, Malwarebytes' Anti-Malware removes Cloud System Care completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Cloud System Care installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

 

protection1.png


Technical details for experts

You may see these entries in FRST logs:

 
 () C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe
 C:\Users\Public\Desktop\Cloud System Care.lnk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care
 C:\Program Files (x86)\My Cleanerpro
 (My Cleanerpro ) C:\Users\{username}\Downloads\cloud_system_care.exe

Cloud System Care version 1.0.0.0 (HKLM-x32\...\{F763E4FD-C364-42CC-9F27-C427DEFE6E91}_is1) (Version: 1.0.0.0 - My Cleanerpro)
Alterations made by the installer:
 
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\My Cleanerpro\Cloud System Care
       Adds the file DynamicDataDisplay.dll"="4/27/2009 10:42 PM, 316416 bytes, A
       Adds the file Error.xml"="9/28/2016 8:21 AM, 683 bytes, A
       Adds the file errordetails.xml"="2/22/2015 10:16 PM, 410 bytes, A
       Adds the file errordetailsOpt.xml"="9/28/2016 8:21 AM, 140022 bytes, A
       Adds the file icon.ico"="2/22/2015 8:49 PM, 192115 bytes, A
       Adds the file log.txt"="4/24/2014 7:25 AM, 3 bytes, A
       Adds the file log.xml"="9/28/2016 8:20 AM, 6308 bytes, A
       Adds the file msiexec.png"="9/18/2014 9:49 PM, 1620 bytes, A
       Adds the file OptErr.xml"="9/28/2016 8:21 AM, 358449 bytes, A
       Adds the file OSVersionInfo.dll"="9/18/2014 9:23 PM, 19968 bytes, A
       Adds the file PC Optimizer.exe"="3/17/2015 4:46 AM, 6437888 bytes, A
       Adds the file PC Optimizer.exe.config"="5/15/2014 9:24 PM, 1206 bytes, A
       Adds the file PC Optimizer.pdb"="3/17/2015 4:46 AM, 740864 bytes, A
       Adds the file PC Optimizer.vshost.exe"="3/17/2015 4:43 AM, 22472 bytes, A
       Adds the file PC Optimizer.vshost.exe.config"="5/15/2014 9:24 PM, 1206 bytes, A
       Adds the file PC Optimizer.vshost.exe.manifest"="5/15/2014 11:54 PM, 2270 bytes, A
       Adds the file PinItem.vbs"="5/14/2014 8:17 PM, 12820 bytes, A
       Adds the file RegErr.xml"="2/22/2015 10:48 PM, 370258 bytes, A
       Adds the file Sys_auth.xml"="2/22/2015 9:21 PM, 329 bytes, A
       Adds the file trialerror.xml"="4/28/2014 10:44 PM, 55340 bytes, A
       Adds the file unins000.dat"="9/28/2016 8:19 AM, 4471 bytes, A
       Adds the file unins000.exe"="9/28/2016 8:19 AM, 907425 bytes, A
       Adds the file WpfAnimatedGif.dll"="8/7/2013 11:30 AM, 28160 bytes, A
       Adds the file WPFMessageBox.dll"="5/15/2014 12:19 AM, 19456 bytes, A
       Adds the file WPFToolkit.Extended.dll"="4/18/2011 9:43 AM, 285696 bytes, A
    Adds the folder C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth
       Adds the file sys_error_nbr.txt"="2/22/2015 10:15 PM, 1 bytes, A
       Adds the file sys_error_size.txt"="2/22/2015 10:15 PM, 4 bytes, A
       Adds the file sys_read.txt"="2/22/2015 10:15 PM, 21 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care
       Adds the file Cloud System Care on the Web.url"="9/28/2016 8:19 AM, 138 bytes, A
       Adds the file Cloud System Care.lnk"="9/28/2016 8:19 AM, 1396 bytes, A
       Adds the file Uninstall Cloud System Care.lnk"="9/28/2016 8:19 AM, 1376 bytes, A
    In the existing folder C:\Users\{username}\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
       Adds the file Cloud System Care.lnk"="9/28/2016 8:19 AM, 1396 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file Cloud System Care.lnk"="9/28/2016 8:19 AM, 1378 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F763E4FD-C364-42CC-9F27-C427DEFE6E91}_is1]
       "Comments"="REG_SZ", "Cloud System Care"
       "Contact"="REG_SZ", "0-000-000-0000"
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\My Cleanerpro\Cloud System Care\icon.ico"
       "DisplayName"="REG_SZ", "Cloud System Care version 1.0.0.0"
       "DisplayVersion"="REG_SZ", "1.0.0.0"
       "EstimatedSize"="REG_DWORD", 15737
       "HelpLink"="REG_SZ", "http://www.epicsofts.com/"
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\My Cleanerpro\Cloud System Care"
       "Inno Setup: Deselected Tasks"="REG_SZ", ""
       "Inno Setup: Icon Group"="REG_SZ", "Cloud System Care"
       "Inno Setup: Language"="REG_SZ", "english"
       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20160928"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\My Cleanerpro\Cloud System Care\"
       "MajorVersion"="REG_DWORD", 1
       "MinorVersion"="REG_DWORD", 0
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "My Cleanerpro"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.exe""
       "URLInfoAbout"="REG_SZ", "http://www.epicsofts.com/"
       "URLUpdateInfo"="REG_SZ", "http://www.epicsofts.com/"
Malwarebytes Anti-Malware log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/28/2016
Scan Time: 8:28 AM
Logfile: mbamCloudSystemCare.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.28.03
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322064
Time Elapsed: 8 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe, 916, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927]

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CloudSystemCare, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F763E4FD-C364-42CC-9F27-C427DEFE6E91}_is1, Quarantined, [018293e423773bfb0e188277f60ed927], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care, Quarantined, [a7dc1760abef60d63aef8079af55936d], 

Files: 33
PUP.Optional.CloudSystemCare, C:\Users\{username}\Desktop\cloud_system_care.exe, Quarantined, [0380b8bfa6f41f17b0771fda1aea34cc], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.vshost.exe.config, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\DynamicDataDisplay.dll, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Error.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\errordetails.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\errordetailsOpt.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\icon.ico, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\log.txt, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\log.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\msiexec.png, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\OptErr.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\OSVersionInfo.dll, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.exe.config, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.pdb, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.vshost.exe, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PC Optimizer.vshost.exe.manifest, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\PinItem.vbs, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\RegErr.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\trialerror.xml, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.dat, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\unins000.exe, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\WpfAnimatedGif.dll, Delete-on-Reboot, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\WPFMessageBox.dll, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\WPFToolkit.Extended.dll, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth\sys_error_nbr.txt, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth\sys_error_size.txt, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Program Files (x86)\My Cleanerpro\Cloud System Care\Sys_auth\Auth\sys_read.txt, Quarantined, [018293e423773bfb0e188277f60ed927], 
PUP.Optional.CloudSystemCare, C:\Users\Public\Desktop\Cloud System Care.lnk, Quarantined, [acd75c1bc9d1c27462c6aa4ff212d22e], 
PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care\Cloud System Care on the Web.url, Quarantined, [a7dc1760abef60d63aef8079af55936d], 
PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care\Cloud System Care.lnk, Quarantined, [a7dc1760abef60d63aef8079af55936d], 
PUP.Optional.CloudSystemCare, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloud System Care\Uninstall Cloud System Care.lnk, Quarantined, [a7dc1760abef60d63aef8079af55936d], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Edited by Metallica
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.