Jump to content

Recommended Posts

  • Staff

What is MyCleanID?

The Malwarebytes research team has determined that MyCleanID is a "privacy optimizer". These so-called "system optimizers" use exaggerated results or sometimes even intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
This particular one also uses web push notifications.

notifications.png

How do I know if I am infected with MyCleanID?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see these warnings during install:

warning1.png

warning2.png

and this type of screens during "operations":

warning5.png

You may see this entry in your list of installed programs:

warning4.png

and these tasks in your list of Scheduled Tasks:

warning3.png

How did MyCleanID get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was downloaded from their website:

website.png

How do I remove MyCleanID?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of MyCleanID?

  • No, Malwarebytes removes MyCleanID completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
  • If you have allowed the notifications you can read here how to disable them.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the MyCleanID installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png

 

Technical details for experts

You may see these entries in FRST logs:


 

(RealDefense LLC -> RealDefense LLC) C:\Program Files (x86)\MyCleanID\MyCleanID.exe
HKCU\...\Run: [MyCleanID] => C:\Program Files (x86)\MyCleanID\MyCleanID.exe [7591448 2019-12-13] (RealDefense LLC -> RealDefense LLC)
Task: {101B4BED-02C0-443D-8E1F-5B39EA5DBCFA} - System32\Tasks\MyCleanID_PopupRenew => C:\Program Files (x86)\MyCleanID\MyCleanID.exe [7591448 2019-12-13] (RealDefense LLC -> RealDefense LLC)
Task: {56D7824B-CAEB-44E5-B0D7-830E11A38FD7} - System32\Tasks\MyCleanID_PPO => C:\Program Files (x86)\MyCleanID\MyCleanID.exe [7591448 2019-12-13] (RealDefense LLC -> RealDefense LLC)
Task: {78EFE2F8-DCEB-46E4-9465-F617C0FD236F} - System32\Tasks\MyCleanID-User_Account_Control => C:\Program Files (x86)\MyCleanID\TaskTools.exe [152600 2019-12-13] (RealDefense LLC -> RealDefense LLC)
Task: {A4500ACD-78C9-4C6C-9D62-12FCEA9A92A4} - System32\Tasks\MyCleanID_Popup => C:\Program Files (x86)\MyCleanID\MyCleanID.exe [7591448 2019-12-13] (RealDefense LLC -> RealDefense LLC)
C:\Users\{username}\AppData\Local\MyCleanID
C:\Windows\system32\Tasks\MyCleanID_Popup
C:\Windows\system32\Tasks\MyCleanID_PopupRenew
C:\Windows\system32\Tasks\MyCleanID_PPO
C:\Windows\system32\Tasks\MyCleanID-User_Account_Control
C:\Users\Public\Desktop\MyCleanID.lnk
C:\ProgramData\Desktop\MyCleanID.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanID
C:\Program Files (x86)\MyCleanID
C:\Users\{username}\AppData\Roaming\MyCleanID

MyCleanID (HKLM-x32\...\{964F4651-2C91-4E91-ACC4-3A47A732F6C5}) (Version: 4.0.9 - RealDefense LLC)
FirewallRules: [{FFD9CC67-CCAF-42C3-A9E4-B3B0A183F831}] => (Allow) C:\Program Files (x86)\MyCleanID\MyCleanID.exe (RealDefense LLC -> RealDefense LLC)
FirewallRules: [{A595CCF8-E07F-4D15-8D1D-C8F21CAEEE60}] => (Allow) C:\Program Files (x86)\MyCleanID\MyCleanID.exe (RealDefense LLC -> RealDefense LLC)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\MyCleanID
       Adds the file Armt.exe"="12/13/2019 9:31 AM, 67096 bytes
       Adds the file Armt.exe.config"="9/3/2019 12:12 PM, 183 bytes
       Adds the file CaByp.CA.dll"="12/13/2019 9:31 AM, 3275016 bytes
       Adds the file CaByp.dll"="12/13/2019 9:31 AM, 830488 bytes
       Adds the file DeployAppx.exe"="12/13/2019 9:31 AM, 21528 bytes
       Adds the file Esent.Interop.dll"="4/12/2019 10:52 AM, 413080 bytes
       Adds the file ExcelDataReader.dll"="4/12/2019 10:52 AM, 181272 bytes
       Adds the file geckodriver.exe"="10/12/2019 8:38 AM, 3566280 bytes
       Adds the file ICSharpCode.SharpZipLib.dll"="4/12/2019 10:52 AM, 207896 bytes
       Adds the file InstAct.exe"="12/13/2019 9:31 AM, 91160 bytes
       Adds the file InstAct.exe.config"="4/12/2019 10:52 AM, 232 bytes
       Adds the file Microsoft.Deployment.WindowsInstaller.dll"="11/18/2017 1:59 PM, 183320 bytes
       Adds the file Microsoft.Win32.TaskScheduler.dll"="4/12/2019 10:52 AM, 299032 bytes
       Adds the file MicrosoftWebDriver.exe"="3/18/2019 6:32 PM, 516648 bytes
       Adds the file msvcp100.dll"="7/16/2019 7:11 AM, 421200 bytes
       Adds the file msvcp120.dll"="7/16/2019 7:11 AM, 455488 bytes
       Adds the file msvcp140.dll"="7/17/2019 12:48 PM, 627440 bytes
       Adds the file msvcr100.dll"="7/16/2019 7:11 AM, 773968 bytes
       Adds the file msvcr120.dll"="7/16/2019 7:11 AM, 971584 bytes
       Adds the file MyCleanID.exe"="12/13/2019 9:31 AM, 7591448 bytes
       Adds the file MyCleanID.exe.config"="4/12/2019 10:52 AM, 306 bytes
       Adds the file Newtonsoft.Json.dll"="4/12/2019 10:52 AM, 529432 bytes
       Adds the file PdfReader.dll"="12/13/2019 9:31 AM, 541720 bytes
       Adds the file Perpetuum.dll"="12/13/2019 9:31 AM, 495128 bytes
       Adds the file Perpetuum.dll.config"="4/12/2019 10:52 AM, 229 bytes
       Adds the file README.txt"="9/22/2020 10:00 AM, 274 bytes, A
       Adds the file schedc10.exe"="12/13/2019 9:31 AM, 59416 bytes
       Adds the file schedc10.exe.config"="4/12/2019 10:52 AM, 232 bytes
       Adds the file Setup.dll"="12/13/2019 9:31 AM, 248344 bytes
       Adds the file Setup.dll.config"="4/12/2019 10:52 AM, 229 bytes
       Adds the file System.Data.SQLite.dll"="4/12/2019 10:52 AM, 1427480 bytes
       Adds the file TaskTools.exe"="12/13/2019 9:31 AM, 152600 bytes
       Adds the file TaskTools.exe.config"="4/12/2019 10:52 AM, 231 bytes
       Adds the file Tracking.dll"="12/13/2019 9:31 AM, 160280 bytes
       Adds the file trialnotification.exe"="12/13/2019 9:31 AM, 73752 bytes
       Adds the file trialnotification.exe.config"="4/12/2019 10:52 AM, 224 bytes
       Adds the file updater.exe"="4/12/2019 10:52 AM, 636952 bytes
       Adds the file updater.ini"="9/22/2020 10:00 AM, 362 bytes, A
       Adds the file Util.dll"="12/13/2019 9:31 AM, 705048 bytes
       Adds the file Util.dll.config"="4/12/2019 10:52 AM, 229 bytes
       Adds the file vcruntime140.dll"="7/17/2019 12:48 PM, 85040 bytes
       Adds the file WebDriver.dll"="10/31/2018 9:53 AM, 1791000 bytes
    Adds the folder C:\Program Files (x86)\MyCleanID\de
       Adds the file CaByp.resources.dll"="12/13/2019 9:31 AM, 11288 bytes
       Adds the file MyCleanID.resources.dll"="12/13/2019 9:31 AM, 74264 bytes
    Adds the folder C:\Program Files (x86)\MyCleanID\es
       Adds the file CaByp.resources.dll"="12/13/2019 9:31 AM, 11288 bytes
       Adds the file MyCleanID.resources.dll"="12/13/2019 9:31 AM, 73752 bytes
    Adds the folder C:\Program Files (x86)\MyCleanID\fr
       Adds the file CaByp.resources.dll"="12/13/2019 9:31 AM, 11288 bytes
       Adds the file MyCleanID.resources.dll"="12/13/2019 9:31 AM, 74776 bytes
    Adds the folder C:\Program Files (x86)\MyCleanID\ja
       Adds the file CaByp.resources.dll"="12/13/2019 9:31 AM, 11288 bytes
       Adds the file MyCleanID.resources.dll"="12/13/2019 9:31 AM, 77848 bytes
    Adds the folder C:\Program Files (x86)\MyCleanID\x64
       Adds the file DecryptTool.exe"="12/13/2019 9:31 AM, 83992 bytes
       Adds the file DecryptTool.exe.config"="9/3/2019 12:12 PM, 163 bytes
    Adds the folder C:\Program Files (x86)\MyCleanID\x86
       Adds the file DecryptTool.exe"="12/13/2019 9:31 AM, 85528 bytes
       Adds the file DecryptTool.exe.config"="9/3/2019 12:12 PM, 163 bytes
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanID
       Adds the file MyCleanID.lnk"="9/22/2020 10:00 AM, 967 bytes, A
       Adds the file Uninstall MyCleanID.lnk"="9/22/2020 10:00 AM, 1820 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\MyCleanID
       Adds the file cnfg"="9/22/2020 10:00 AM, 304 bytes, A
       Adds the file compact.txt"="9/22/2020 10:01 AM, 26 bytes, A
       Adds the file debug.log"="9/22/2020 10:01 AM, 8599 bytes, A
       Adds the file debugdoc.log"="9/22/2020 10:01 AM, 955 bytes, A
       Adds the file log.rtf"="9/22/2020 10:01 AM, 378 bytes, A
       Adds the file MyCleanID.settings"="9/22/2020 10:01 AM, 2544 bytes, A
       Adds the file report.txt"="9/22/2020 10:01 AM, 72 bytes, A
       Adds the file track.xml"="9/22/2020 10:00 AM, 168 bytes, A
       Adds the file wndstate.tmp"="9/22/2020 10:01 AM, 5 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\MyCleanID\Files Vault\metadata
       Adds the file categories.bin"="9/22/2020 10:00 AM, 54 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\MyCleanID\MyCleanID 4.0.9\install
       Adds the file installlog.txt"="9/22/2020 10:00 AM, 346378 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\MyCleanID\MyCleanID 4.0.9\install\732F6C5
       Adds the file MyCleanID.msi"="12/13/2019 9:39 AM, 3638784 bytes, A
    In the existing folder C:\Users\Public\Desktop
       Adds the file MyCleanID.lnk"="9/22/2020 10:00 AM, 949 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file MyCleanID_Popup"="9/22/2020 10:01 AM, 4192 bytes, A
       Adds the file MyCleanID_PopupRenew"="9/22/2020 10:01 AM, 3646 bytes, A
       Adds the file MyCleanID_PPO"="9/22/2020 10:01 AM, 3568 bytes, A
       Adds the file MyCleanID-User_Account_Control"="9/22/2020 10:00 AM, 3440 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\MyCleanID]
       "(Default)"="REG_EXPAND_SZ, "Add to MyCleanID Vault"
       "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\MyCleanID\MyCleanID.exe"
       "MultiSelectModel"="REG_EXPAND_SZ, "Player"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\MyCleanID\command]
       "(Default)"="REG_EXPAND_SZ, ""C:\Program Files (x86)\MyCleanID\Armt.exe" "addfile" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\MyCleanID]
       "(Default)"="REG_EXPAND_SZ, "Add to MyCleanID Vault"
       "Icon"="REG_EXPAND_SZ, "C:\Program Files (x86)\MyCleanID\MyCleanID.exe"
       "MultiSelectModel"="REG_EXPAND_SZ, "Player"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\MyCleanID\command]
       "(Default)"="REG_EXPAND_SZ, ""C:\Program Files (x86)\MyCleanID\Armt.exe" "addfolder" "%V""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\1564F46919C219E4CA4CA3747A236F5C]
       "AdvertiseFlags"="REG_DWORD", 388
       "Assignment"="REG_DWORD", 1
       "AuthorizedLUAApp"="REG_DWORD", 0
       "Clients"="REG_MULTI_SZ, ": "
       "DeploymentFlags"="REG_DWORD", 3
       "InstanceType"="REG_DWORD", 0
       "Language"="REG_DWORD", 1033
       "PackageCode"="REG_SZ", "ACE580F31D884AA4DA467EB3833EBCCF"
       "ProductIcon"="REG_SZ", "C:\Windows\Installer\{964F4651-2C91-4E91-ACC4-3A47A732F6C5}\icon_1.exe"
       "ProductName"="REG_SZ", "MyCleanID"
       "Version"="REG_DWORD", 67108873
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Caphyon\Advanced Installer\Windows Firewall\{964F4651-2C91-4E91-ACC4-3A47A732F6C5}\Registered Applications]
       "PCPrivacyShield"="REG_SZ", "{FFD9CC67-CCAF-42C3-A9E4-B3B0A183F831}"
       "PCPrivacyShield_1"="REG_SZ", "{A595CCF8-E07F-4D15-8D1D-C8F21CAEEE60}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{964F4651-2C91-4E91-ACC4-3A47A732F6C5}]
       "AuthorizedCDFPrefix"="REG_SZ", ""
       "Comments"="REG_SZ", "This installer database contains the logic and data required to install MyCleanID."
       "Contact"="REG_SZ", ""
       "DisplayName"="REG_SZ", "MyCleanID"
       "DisplayVersion"="REG_SZ", "4.0.9"
       "HelpLink"="REG_SZ", ""
       "HelpTelephone"="REG_SZ", ""
       "InstallDate"="REG_SZ", "20200922"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\MyCleanID\"
       "Language"="REG_DWORD", 1033
       "ModifyPath"="REG_EXPAND_SZ, "MsiExec.exe /X{964F4651-2C91-4E91-ACC4-3A47A732F6C5}"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "RealDefense LLC"
       "Readme"="REG_SZ", ""
       "Size"="REG_DWORD", 27420
       "UninstallString"="REG_EXPAND_SZ, "MsiExec.exe /X{964F4651-2C91-4E91-ACC4-3A47A732F6C5}"
       "URLInfoAbout"="REG_SZ", ""
       "URLUpdateInfo"="REG_SZ", ""
       "Version"="REG_DWORD", 67108873
       "VersionMajor"="REG_DWORD", 4
       "VersionMinor"="REG_DWORD", 0
       "WindowsInstaller"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RealDefense LLC\MyCleanID]
       "Path"="REG_SZ", "C:\Program Files (x86)\MyCleanID\"
       "Version"="REG_SZ", "4.0.9"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
       "MyCleanID"="REG_SZ", ""C:\Program Files (x86)\MyCleanID\MyCleanID.exe" minimized"
    [HKEY_CURRENT_USER\Software\MyCleanIDValidity]
       "Base"="REG_SZ", "Oracle CorporationBase Board0"
       "Bios"="REG_SZ", "innotek GmbHVirtualBox020061201000000.000000+000VBOX   - 1"
       "BuyLink"="REG_SZ", "https://www.mycleanid.com/app/carts/"
       "Cpu"="REG_SZ", "Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz2808"
       "Disk"="REG_SZ", "VBOX HARDDISK ATA Device(Standard disk drives)2064909821255"
       "lang"="REG_SZ", "en"
       "Mac"="REG_SZ", "EAAAAER9Mv0WB6/p5YCgIV/CrKaEbawDclwr08ITFJaEt8om"
       "NeedsRenewal"="REG_SZ", "False"
       "PhoneNum"="REG_SZ", "1 (801) 857-2379 * Additional offers may be made"
       "Reg"="REG_SZ", "EAAAAPilphY1qWhBN+Ce+gI0T16wnY2HnrzQ/MRe32QS0BBZ"
       "Rti"="REG_SZ", "0"
       "SplashTime"="REG_QWORD, ....
       "Support"="REG_SZ", "https://www.mycleanid.com/contact-us.html"
    [HKEY_CURRENT_USER\Software\RealDefense LLC\MyCleanID]
       "AI_SETUPEXEPATH"="REG_SZ", "C:\Users\{username}\Desktop\MyCleanIDSetup.exe"
       "Custom1"="REG_DWORD", 0
       "Custom2"="REG_DWORD", 0
       "Params"="REG_SZ", "arg1=  arg2=  arg3=  arg4=  arg5=  arg6=  arg7=  arg8=  arg9=  setupexepath="C:\Users\{username}\Desktop\MyCleanIDSetup.exe""
       "ProductCode"="REG_SZ", "{964F4651-2C91-4E91-ACC4-3A47A732F6C5}"
       "ResName"="REG_SZ", "Regular"
       "UpgradeCode"="REG_SZ", "{6D31FC71-3DF7-4906-AB9F-0745325E475A}"
       "Version"="REG_SZ", "4.0.9"

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/22/20
Scan Time: 10:28 AM
Log File: 987a9840-fcad-11ea-9281-00ffdcc6fdfc.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30232
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 231809
Threats Detected: 38
Threats Quarantined: 37
Time Elapsed: 6 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.MyCleanID, C:\PROGRAM FILES (X86)\MYCLEANID\MYCLEANID.EXE, Quarantined, 3555, 518959, , , , , B82E4C37FF9292DD6C3FD46F68371AED, 9715DE365CCDFFA1638D98881FE1EFC313109C1A65DBC6FCF88350D45EE5837C

Module: 1
PUP.Optional.MyCleanID, C:\PROGRAM FILES (X86)\MYCLEANID\MYCLEANID.EXE, Quarantined, 3555, 518959, , , , , B82E4C37FF9292DD6C3FD46F68371AED, 9715DE365CCDFFA1638D98881FE1EFC313109C1A65DBC6FCF88350D45EE5837C

Registry Key: 19
PUP.Optional.MyCleanID, HKLM\SOFTWARE\CLASSES\*\SHELL\MyCleanID, Quarantined, 3555, 859064, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKCU\SOFTWARE\MyCleanIDValidity, Quarantined, 3555, 518958, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKCU\SOFTWARE\REALDEFENSE LLC\MyCleanID, Quarantined, 3555, 519119, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{964F4651-2C91-4E91-ACC4-3A47A732F6C5}, Quarantined, 3555, 859069, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\WOW6432NODE\REALDEFENSE LLC\MyCleanID, Quarantined, 3555, 518955, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MyCleanID_RASAPI32, Quarantined, 3555, 518952, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MyCleanID_RASMANCS, Quarantined, 3555, 518952, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MyCleanID_Popup, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A4500ACD-78C9-4C6C-9D62-12FCEA9A92A4}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A4500ACD-78C9-4C6C-9D62-12FCEA9A92A4}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MyCleanID_PopupRenew, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{101B4BED-02C0-443D-8E1F-5B39EA5DBCFA}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{101B4BED-02C0-443D-8E1F-5B39EA5DBCFA}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MyCleanID_PPO, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{56D7824B-CAEB-44E5-B0D7-830E11A38FD7}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{56D7824B-CAEB-44E5-B0D7-830E11A38FD7}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MyCleanID-User_Account_Control, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{78EFE2F8-DCEB-46E4-9465-F617C0FD236F}, Quarantined, 3555, 518959, , , , , , 
PUP.Optional.MyCleanID, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{78EFE2F8-DCEB-46E4-9465-F617C0FD236F}, Quarantined, 3555, 518959, , , , , , 

Registry Value: 2
PUP.Optional.MyCleanID, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{964F4651-2C91-4E91-ACC4-3A47A732F6C5}|DISPLAYNAME, Quarantined, 3555, 859069, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MyCleanID, Quarantined, 3555, 518959, , , , , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 4
PUP.Optional.MyCleanID, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYCLEANID, Quarantined, 3555, 518947, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, C:\PROGRAM FILES (X86)\MYCLEANID, Delete-on-Reboot, 3555, 858936, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, C:\USERS\{username}\APPDATA\LOCAL\MYCLEANID, Delete-on-Reboot, 3555, 858938, 1.0.30232, , ame, , , 
PUP.Optional.MyCleanID, C:\USERS\{username}\APPDATA\ROAMING\MYCLEANID, Quarantined, 3555, 859062, 1.0.30232, , ame, , , 

File: 11
PUP.Optional.MyCleanID, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanID\MyCleanID.lnk, Quarantined, 3555, 518947, , , , , 230F2FDBC9824D2DE451850CD2FA2236, D2849A9BB13707A3023B918E95B7F6DD0E91F77E5BC9D4E2AE1053A2683A3774
PUP.Optional.MyCleanID, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanID\Uninstall MyCleanID.lnk, Quarantined, 3555, 518947, , , , , D930DDDB2C1E8CC35A32B2AE7AB3458D, C2DCB073E76CE2BE5265DA611485EC1BC21D5C1A61488228365B20513DD9D216
PUP.Optional.MyCleanID, C:\USERS\PUBLIC\DESKTOP\MYCLEANID.LNK, Quarantined, 3555, 518948, 1.0.30232, , ame, , C0A11BD85F0B4E7798240E3BE88BDF16, 5C58A8BB05EB4DE870358828C82A597F801DAFB2BFD9BD048EAD559605B5F3B7
PUP.Optional.MyCleanID, C:\WINDOWS\SYSTEM32\TASKS\MyCleanID_Popup, Quarantined, 3555, 518959, , , , , 95D4985C790D99D25C8969333C9EBD10, 851564EBFB2BD83E0FAFC3A7FFAE492783CC215010C733229D80479F98EE5D38
PUP.Optional.MyCleanID, C:\WINDOWS\SYSTEM32\TASKS\MyCleanID_PopupRenew, Quarantined, 3555, 518959, , , , , 2D4CE8137C599255EE0E89145F1B47D6, 2F50F724D5930008CB3A4A238B2A9214823FB0CBD07124F9224E8C6501A6876D
PUP.Optional.MyCleanID, C:\WINDOWS\SYSTEM32\TASKS\MyCleanID_PPO, Quarantined, 3555, 518959, , , , , D7625B64ADE15355C891C46A6E93E9D0, 0AF59A1892BD2A2653603DA531586ABCF9BAA7687BFEDCBD6F4E0C7FA023F0D3
PUP.Optional.MyCleanID, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\MyCleanID.lnk, Removal Failed, 3555, 518959, , , , , C0A11BD85F0B4E7798240E3BE88BDF16, 5C58A8BB05EB4DE870358828C82A597F801DAFB2BFD9BD048EAD559605B5F3B7
PUP.Optional.MyCleanID, C:\PROGRAM FILES (X86)\MYCLEANID\MYCLEANID.EXE, Delete-on-Reboot, 3555, 518959, 1.0.30232, , ame, , B82E4C37FF9292DD6C3FD46F68371AED, 9715DE365CCDFFA1638D98881FE1EFC313109C1A65DBC6FCF88350D45EE5837C
PUP.Optional.MyCleanID, C:\WINDOWS\SYSTEM32\TASKS\MyCleanID-User_Account_Control, Quarantined, 3555, 518959, , , , , 723FCB7B2AA1F16301D0D6FAB29E0EBD, FA13506BC7F607223A09C8A1BB9D6461D4202A2AFF3D44C970632183AD0ECC88
PUP.Optional.MyCleanID, C:\PROGRAM FILES (X86)\MYCLEANID\TASKTOOLS.EXE, Quarantined, 3555, 518959, 1.0.30232, , ame, , A1113D9BBDD6E9327C57AF64D2988961, 21C4C5C5F7BA8C967DE8561DFAA6DEFA6F41E467F861C97B26D6A94BC50E3DC9
PUP.Optional.MyCleanID, C:\USERS\{username}\DESKTOP\MYCLEANIDSETUP.EXE, Quarantined, 3555, 518959, 1.0.30232, , ame, , D1C30B3C0141078C691785BD3C959ACB, A4BE9CE5DFF40CC3F6A9081CF2BF0B43CE7C70F10CDD4AD0FDD55E275B6A8A3F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.