Fake AdwCleaner: Scammers Distribute Malware Disguised as Security Tool
Fake AdwCleaner Scams Target Windows Users
A concerning new scam is circulating within the Windows environment. Malicious actors are distributing a fraudulent imitation of the legitimate AdwCleaner tool.
This deceptive software falsely reports infections on users' computers. The intent is to coerce victims into paying for unnecessary and bogus removal services.
Understanding the Real AdwCleaner
AdwCleaner is a genuine, free software application designed to eliminate spyware and adware. It has earned a positive reputation within the technical community.
While effective, AdwCleaner isn't as widely recognized as tools like MalwareBytes. This is largely due to its interface, which is geared towards experienced Windows users rather than those with limited technical expertise.
How the Scam Works
Scammers have meticulously copied elements of the authentic AdwCleaner. They've replicated the interface, stolen the official logo, and even poorly reproduced the application's icon.
This mimicry is intended to deceive users into believing they are using the legitimate tool. Once installed, the fake version displays fabricated infection reports and prompts for payment.
- The fraudulent software presents a false sense of urgency.
- It exploits users' fear of malware to extract funds.
- The copied logo and icon contribute to the illusion of authenticity.
It’s crucial to only download software from official sources to avoid falling victim to such scams. Always verify the authenticity of any security tool before installation.
A Deceptive AdwCleaner Variant is Spread Via Existing Adware
Interestingly, this fraudulent software is reaching computers that are already compromised by adware or spyware. These existing infections then generate pop-up windows directing users to a page mimicking a legitimate security scan. This page falsely indicates the presence of adware on the system.
While surprisingly accurate in its detection claim, the counterfeit application will not actually eliminate the existing adware. It serves as a deceptive tactic to further exploit vulnerable users.
Upon interacting with the initial dialog, users are presented with an alarming message prompting them to download AdwCleaner. Given the familiarity many users have with the genuine AdwCleaner tool, they may be inclined to proceed with the download.
Should a user unfortunately download and execute this imitation AdwCleaner, they will encounter a window closely resembling the authentic version.
After the scan completes, the fake program displays a message claiming the PC is severely infected with spyware and browser hijackers. It then offers to resolve these issues for a fee of $59.99, payable via PayPal. A sense of urgency is created by stating this offer is time-limited.
It is crucial to remember that the legitimate AdwCleaner is available free of charge. It can be safely downloaded from BleepingComputer.
It is hoped that PayPal will take action to suspend the account associated with Mardel Innovations, as their activities clearly indicate fraudulent intent.
Notably, the genuine AdwCleaner currently does not recognize or flag this deceptive variant as a threat.
Eliminating the Counterfeit AdwCleaner Application From Your System
Fortunately, removing this fraudulent version of AdwCleaner is a straightforward process. Locate the program's icon in the Taskbar, right-click it, and select "Close Window." Pay attention to the fact that the application identifies itself as adware known as AdwareBooC.
The downloaded file should now be deleted from the folder where it was originally saved.
Disabling Startup Execution
To prevent the application from launching upon system startup, initiate a Run dialog by pressing the WIN + R keys simultaneously. Type “msconfig” into the dialog box and press Enter.
Within the System Configuration window, navigate to the "Startup" tab. Identify the entry associated with the adware and uncheck the corresponding box. Note the file path, which is currently located within the local appdata directory.
If you are utilizing Windows 8 and do not have access to msconfig, consider employing Autoruns, a utility from SysInternals (a Microsoft entity). Locate the startup entry within the "Logon" tab and proceed to delete it.
Locating and Deleting the Application File
Open Windows Explorer and enter "%localappdata%" into the address bar.
You should now be able to see the file responsible for launching the application at startup. Delete this file.
Your computer should now be free from the deceptive AdwCleaner application. However, it’s important to understand that the presence of this fake program often indicates a broader malware infection.
The initial compromise that allowed this adware to install likely means your system is vulnerable to other threats. A comprehensive scan with a reputable antivirus solution is highly recommended.
Employing Malwarebytes for Spyware and Adware Removal
For comprehensive removal of spyware and malware, Malwarebytes is the most effective solution. While traditional antivirus software is designed to combat viruses that directly damage your system, its detection rate for spyware is notably lower.
The predominant threat landscape now centers around malware designed for surveillance, browser redirection, and intrusive advertising – all driven by financial gain. Therefore, relying solely on standard antivirus protection is often insufficient.
Malwarebytes stands out as a leading product capable of identifying and eliminating spyware, adware, and various other forms of malicious software. A free version is readily available for cleanup and removal purposes.
Should you desire continuous, proactive protection against these threats, a paid subscription offering real-time prevention is also an option.
Upon installation, the application will prompt you to initiate a scan. Simply click the prominent "Scan Now" button to begin the process.
Scanning and Removal Process
Following the scan's completion, a detailed list of detected items will be presented. To proceed with the removal of all identified malware, click the "Apply Actions" button.
A system reboot is crucial to ensure complete eradication of the malicious software. Should any remnants reappear, repeat the scan with Malwarebytes, remove any newly detected items, and reboot your computer once more.