Jump to content

Recommended Posts

  • Staff

What is PC Repair Clinic?

The Malwarebytes research team has determined that PC Repair Clinic is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.

How do I know if I am infected with PC Repair Clinic?

This is how the main screen of the system optimizer looks:

main.png

You will find these icons in your taskbar, your startmenu, and on your desktop:

icons.png

and see this type of warnings during install:

warning1.png

and this type of screens during "operations":

warning5.png

You may see this entry in your list of installed programs:

warning4.png

and these scheduled tasks:

warning3.png

How did PC Repair Clinic get on my computer?

These so-called system optimizers use different methods of getting installed. This particular one was installed by a bundler:

bundler.png

Downloaded from their website:

website.png

How do I remove PC Repair Clinic?

Our program Malwarebytes can detect and remove this potentially unwanted application.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of PC Repair Clinic?

  • No, Malwarebytes removes PC Repair Clinic completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this system optimizer.

As you can see below the full version of Malwarebytes would have protected you against the PC Repair Clinic installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png

 

and it would have blocked their website:
 

protection2.png

 

Technical details for experts

You may see these entries in FRST logs:


 

(inKline Global, Inc. -> inKline Software Labs) C:\Program Files (x86)\inKline Global\PCRepairClinic\PCHelp.exe
Task: {19E0992E-2E4E-4684-A6AF-8290C1375CE8} - System32\Tasks\PCRepairClinic_Run => C:\Program Files (x86)\inKline Global\PCRepairClinic\PCHelp.exe [15809104 2011-12-20] (inKline Global, Inc. -> inKline Software Labs)
Task: {8F4EB55E-CFCE-492D-892E-542D57C87587} - System32\Tasks\PCRepairClinic_avScan => C:\Program Files (x86)\inKline Global\PCRepairClinic\PCHelp.exe [15809104 2011-12-20] (inKline Global, Inc. -> inKline Software Labs)
Task: {BA0F313E-3B3A-4D0E-B149-4068AFEA1F11} - System32\Tasks\PCRepairClinic_fullScan => C:\Program Files (x86)\inKline Global\PCRepairClinic\PCHelp.exe [15809104 2011-12-20] (inKline Global, Inc. -> inKline Software Labs)
Task: {C4843584-C1D4-4B07-BB71-889D995BF736} - System32\Tasks\PCRepairClinic_regScan => C:\Program Files (x86)\inKline Global\PCRepairClinic\PCHelp.exe [15809104 2011-12-20] (inKline Global, Inc. -> inKline Software Labs)
C:\Windows\system32\Tasks\PCRepairClinic_fullScan
C:\Windows\system32\Tasks\PCRepairClinic_regScan
C:\Windows\system32\Tasks\PCRepairClinic_avScan
C:\Windows\system32\Tasks\PCRepairClinic_Run
C:\Users\{username}\AppData\Local\inKline Global
C:\Users\Public\Desktop\PCRepairClinic.lnk
C:\ProgramData\Desktop\PCRepairClinic.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCRepairClinic
C:\Program Files (x86)\inKline Global

PCRepairClinic (HKLM-x32\...\{F813F595-1DA6-4476-915D-E3C2FDF0B758}_is1) (Version:  - inKline Global, Inc.)
(inKline Global, Inc) [File not signed] C:\Program Files (x86)\inKline Global\PCRepairClinic\ISLAdEngine.dll
(inKline Software Labs) [File not signed] C:\Program Files (x86)\inKline Global\PCRepairClinic\ISLEventAnalyzer.dll
(SourceFire, Inc.) [File not signed] C:\Program Files (x86)\inKline Global\PCRepairClinic\libclamav.dll

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\inKline Global\PCRepairClinic
       Adds the file cookies.dat"="12/15/2010 1:26 PM, 58 bytes, A
       Adds the file Eula.rtf"="4/18/2011 6:41 PM, 40744 bytes, A
       Adds the file files.xml"="11/16/2010 9:58 AM, 279 bytes, A
       Adds the file freshclam.conf"="10/22/2020 10:40 AM, 405 bytes, A
       Adds the file freshclam.exe"="9/9/2010 11:51 PM, 188928 bytes, A
       Adds the file ISLAdEngine.dll"="9/29/2010 11:13 AM, 2280960 bytes, A
       Adds the file ISLEventAnalyzer.dll"="12/13/2010 9:58 AM, 19456 bytes, A
       Adds the file ISLSecurityScan.dll"="12/29/2010 1:43 PM, 55296 bytes, A
       Adds the file ISLUpdater.dll"="12/29/2011 5:40 PM, 69120 bytes, A
       Adds the file ISLUpdaterUI.exe"="12/29/2011 5:41 PM, 1558096 bytes, A
       Adds the file libclamav.dll"="9/28/2010 12:05 PM, 4819456 bytes, A
       Adds the file PCBooster.ico"="1/13/2010 5:49 PM, 82726 bytes, A
       Adds the file PCHelp.exe"="12/20/2011 5:39 PM, 15809104 bytes, A
       Adds the file pcshowbuzz.ico"="2/17/2010 5:36 PM, 123254 bytes, A
       Adds the file prc.ico"="4/19/2011 3:23 PM, 76798 bytes, A
       Adds the file program.ico"="10/29/2010 5:09 PM, 119654 bytes, A
       Adds the file program.xml"="10/22/2020 10:40 AM, 492 bytes, A
       Adds the file reg.log"="10/22/2020 10:41 AM, 71251 bytes, A
       Adds the file Special.exe"="9/19/2011 4:14 PM, 2271944 bytes, A
       Adds the file unins000.dat"="10/22/2020 10:39 AM, 55681 bytes, A
       Adds the file unins000.exe"="10/22/2020 10:38 AM, 779976 bytes, A
       Adds the file unins000.msg"="10/22/2020 10:39 AM, 10690 bytes, A
       Adds the file updater.dll"="12/29/2011 5:17 PM, 87 bytes, A
    Adds the folder C:\Program Files (x86)\inKline Global\PCRepairClinic\database
    Adds the folder C:\Program Files (x86)\inKline Global\PCRepairClinic\images
       Adds the file call.bmp"="9/24/2010 5:07 PM, 24112 bytes, A
       Adds the file tollfree.bmp"="12/17/2010 3:05 PM, 126692 bytes, A
    Adds the folder C:\Program Files (x86)\inKline Global\PCRepairClinic\images\full
       Adds the file tollfree.bmp"="12/17/2010 3:05 PM, 126692 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCRepairClinic
       Adds the file PCRepairClinic.lnk"="10/22/2020 10:39 AM, 2146 bytes, A
       Adds the file Uninstall PCRepairClinic.lnk"="10/22/2020 10:39 AM, 1240 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\inKline Global
    In the existing folder C:\Users\Public\Desktop
       Adds the file PCRepairClinic.lnk"="10/22/2020 10:39 AM, 2128 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file PCRepairClinic_avScan"="10/22/2020 10:40 AM, 3586 bytes, A
       Adds the file PCRepairClinic_fullScan"="10/22/2020 10:40 AM, 3594 bytes, A
       Adds the file PCRepairClinic_regScan"="10/22/2020 10:40 AM, 3586 bytes, A
       Adds the file PCRepairClinic_Run"="10/22/2020 10:40 AM, 3322 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\inKline Global\PCHelp\Options]
       "build"="REG_SZ", "86"
       "buyurl"="REG_SZ", "http://www.inklineglobal.com/adsales/softonic/buy_prc86.html?build="
       "campaign"="REG_SZ", "betanews"
       "ect"="REG_SZ", "165"
       "liveengurl"="REG_SZ", "http://www.inklineglobal.com/adsales/betanews/support_48_1.html?build="
       "Privacy"="REG_DWORD", 1
       "registerurl"="REG_SZ", "http://www.inklineglobal.com/adsales/softonic/buy_prc863.html"
       "virusbuyurl"="REG_SZ", "http://www.inklineglobal.com/adsales/ron5000/buy_prc76.html?build="
    [HKEY_CURRENT_USER\Software\inKline Global\ISLAE]
       "UserID"="REG_SZ", "00426-383-5208833-06434"
    [HKEY_CURRENT_USER\Software\inKline Global\PCHelp\Options]
       "App"="REG_DWORD", 1
       "AutoUpdate"="REG_DWORD", 0
       "HealthUpd"="REG_SZ", "Oct 22, 2020, Thu;2020;10;22;000"
       "InstallerRef"="REG_DWORD", 1
       "RunOnWindowsStartup"="REG_DWORD", 1
       "Schedules"="REG_DWORD", 0
       "SharedDll"="REG_DWORD", 1
       "Shortcut"="REG_DWORD", 1
       "StartMenu"="REG_DWORD", 1
       "StartupApp"="REG_DWORD", 1
       "VirusScanDir"="REG_SZ", "C:\Users\{username}\Documents"
       "WinUpdate"="REG_DWORD", 1

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/22/20
Scan Time: 10:52 AM
Log File: f6bff4ce-1443-11eb-a48e-080027235d76.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1070
Update Package Version: 1.0.31790
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 232117
Threats Detected: 33
Threats Quarantined: 33
Time Elapsed: 2 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.PCRepairClinic, C:\PROGRAM FILES (X86)\INKLINE GLOBAL\PCREPAIRCLINIC\PCHELP.EXE, Quarantined, 16439, 869115, , , , , 0F81B3CF6611D254A7E089DA8BB82201, CBB2E979ADBA633AFE576F4E7A6ABF184E261E75E5EBFCA058A55814BAB9C3B6

Module: 1
PUP.Optional.PCRepairClinic, C:\PROGRAM FILES (X86)\INKLINE GLOBAL\PCREPAIRCLINIC\PCHELP.EXE, Quarantined, 16439, 869115, , , , , 0F81B3CF6611D254A7E089DA8BB82201, CBB2E979ADBA633AFE576F4E7A6ABF184E261E75E5EBFCA058A55814BAB9C3B6

Registry Key: 12
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PCRepairClinic_avScan, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8F4EB55E-CFCE-492D-892E-542D57C87587}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{8F4EB55E-CFCE-492D-892E-542D57C87587}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PCRepairClinic_fullScan, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BA0F313E-3B3A-4D0E-B149-4068AFEA1F11}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{BA0F313E-3B3A-4D0E-B149-4068AFEA1F11}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PCRepairClinic_regScan, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C4843584-C1D4-4B07-BB71-889D995BF736}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C4843584-C1D4-4B07-BB71-889D995BF736}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PCRepairClinic_Run, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{19E0992E-2E4E-4684-A6AF-8290C1375CE8}, Quarantined, 16439, 869115, , , , , , 
PUP.Optional.PCRepairClinic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{19E0992E-2E4E-4684-A6AF-8290C1375CE8}, Quarantined, 16439, 869115, , , , , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 10
PUP.Optional.PCRepairClinic, C:\WINDOWS\SYSTEM32\TASKS\PCRepairClinic_avScan, Quarantined, 16439, 869115, , , , , 64EE360A7A9B7A7D8DB11C2F2CFEFCF2, 0824A9946A901CB2E3E01438F2C1FCE6D08973674CE9B4514303D10E9681E457
PUP.Optional.PCRepairClinic, C:\WINDOWS\SYSTEM32\TASKS\PCRepairClinic_fullScan, Quarantined, 16439, 869115, , , , , BA9F2169B6E3C2D8C767010F268502BF, E85A5753A958470FDA728F77F427906B0064AC86C5202FFF47BA0EC1F6719EF7
PUP.Optional.PCRepairClinic, C:\WINDOWS\SYSTEM32\TASKS\PCRepairClinic_regScan, Quarantined, 16439, 869115, , , , , BA46D28794B80360A612FE624B578C1E, 5F404C9F175448B59BA29FF9008C90C697E1A104BBDD4FDC8641EDA57E66241A
PUP.Optional.PCRepairClinic, C:\WINDOWS\SYSTEM32\TASKS\PCRepairClinic_Run, Quarantined, 16439, 869115, , , , , 5487B1172F43816C0D69F6CF14157232, 57F9545E76BBABE37505D76DC2755AC45BA308EBBBC2D0C4D8340327D8D424E2
PUP.Optional.PCRepairClinic, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\PCRepairClinic.lnk, Quarantined, 16439, 869115, , , , , D2783FAF3D7228F80467AB73A055A009, 11B5FC4A98EBA86E9BA622263C944AFBC39702DC83C724223587EC4DB9F15408
PUP.Optional.PCRepairClinic, C:\USERS\PUBLIC\Desktop\PCRepairClinic.lnk, Quarantined, 16439, 869115, , , , , D2783FAF3D7228F80467AB73A055A009, 11B5FC4A98EBA86E9BA622263C944AFBC39702DC83C724223587EC4DB9F15408
PUP.Optional.PCRepairClinic, C:\PROGRAM FILES (X86)\INKLINE GLOBAL\PCREPAIRCLINIC\PCHELP.EXE, Quarantined, 16439, 869115, 1.0.31790, , ame, , 0F81B3CF6611D254A7E089DA8BB82201, CBB2E979ADBA633AFE576F4E7A6ABF184E261E75E5EBFCA058A55814BAB9C3B6
Adware.InstallCore, C:\USERS\{username}\DESKTOP\PC-REPAIR-CLINIC_2.0_3606865095.EXE, Quarantined, 3451, 845509, 1.0.31790, , ame, , 61C84589DF6A1845687B18F45801ECD5, 6AB96A1A04F21A375177988580A4E0C45ECC14B9D758BC50908D4DF66163D602
PUP.Optional.PCRepairClinic, C:\USERS\{username}\DOWNLOADS\SETUP.EXE, Quarantined, 16439, 869115, 1.0.31790, , ame, , CC8253505B89FDB81337D067F232D9B9, E55A8451D7F48BF89FA1C95489B580F2A9EFE02905910F1206FCB74844FCCC80
PUP.Optional.PCRepairClinic, C:\USERS\{username}\DESKTOP\PRC1086.EXE, Quarantined, 16439, 869115, 1.0.31790, , ame, , E0E416ABB3F8980101FB2C37B83C4E98, B23ECE41DED985A3D1DB3BBEF26D00294F48578454343E13D8A7098244D099EE

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.