The latest trend in the awful Windows ecosystem is pretty ridiculous — scammers have a fake version of the reputable AdwCleaner tool, which is a real tool for Windows experts. And this one pretends your computer is infected and tries to make you pay them to remove it.
AdwCleaner is indeed a real freeware tool, with a good reputation for removing spyware and adware. It’s not as well known as MalwareBytes because it’s not all that user friendly, since it is meant for Windows experts rather than regular users. And the scammers have tried to mimic the interface, stealing the logo, and even ripping out the icon (badly) for their fake version.
The ironic thing is that this is getting on people’s PCs that are already infected with adware or spyware of some type, which then keep popping up windows to a page that looks like this one… which tells you that adware is detected. Which is surprisingly accurate, although the fake app isn’t going to remove that adware.
Once you click through that dialog, it’ll give you a scary message like this, telling you to download AdwCleaner. Since you’ve probably heard your geeky friends talking about AdwCleaner, a normal user might be tempted to download it.
If you make the mistake of downloading and running this fake AdwCleaner, you’ll be quickly presented with a window that looks an awful lot like the real thing.
Once the fake one finishes scanning, it’ll present you with a dialog saying your PC is completely infected with spyware and browser hijackers, and then it’ll offer to remove it, as long as you pay $59.99 to them through Paypal. And, of course, that fire sale ends tomorrow.
It’s important to note here that the real AdwCleaner is completely free. You can download it from BleepingComputer.
Hopefully somebody at PayPal can suspend the account by Mardel Innovations, because they are clearly a bunch of scammers.
The ironic thing is that the real AdwCleaner doesn’t actually detect this fake version at this point.
Removing this fake version of AdwCleaner is luckily really easy. Right-click on the icon in the Taskbar and click Close Window, making sure to notice that it actually admits that it is a piece of adware called AdwareBooC. Guess they forgot to change that.
Go delete the downloaded file from whatever folder you saved it to.
Now to stop it showing up at startup, use WIN + R to open up a Run dialog, type in msconfig and hit the enter key. Once System Configuration is open, switch over to the Startup tab, find the Adware line, and uncheck it. Notice the path, which currently is in our local appdata folder.
If you don’t have msconfig because you are using Windows 8, you can also use Autoruns from SysInternals (which is part of Microsoft). Find the startup entry in the Logon tab and delete it.
Now open up Windows Explorer and type %localappdata% into the location bar.
You should see the same file that is loading at startup. Delete it.
At this point your PC should be free of the fake AdwCleaner. But it isn’t free of viruses and malware, because you probably got infected with this thing because your PC is infected with other malware.
The best bet for cleaning up spyware and malware is Malwarebytes. You might ask yourself why you wouldn’t just use your regular antivirus product, but the fact is that antivirus just doesn’t detect spyware very often. It’s only useful for viruses that try to destroy your PC, which are few and far between at this point. Almost all of the malware out there is trying to spy on you, redirect your browsing, and insert more ads into pages that you’re viewing. It’s all about the money.
So the only really good product on the market that will find and remove spyware, adware, and other malware is Malwarebytes. Luckily they have a free version that will let you clean up and remove everything — if you want to pay for the full version that has active protection to prevent these things from happening, that’s fine too.
Once you’ve downloaded and installed it, you’ll be prompted to run a scan, so click that big green Scan Now button.
After it completes scanning, it’ll find a big huge list of things to remove. Click the Apply Actions button to actually remove all the malware.
You’ll want to reboot your computer to make sure that everything is fully cleaned up. If anything seems to come back, run Malwarebytes again, remove anything found, and then reboot again.