MyCleanerPC is an antispyware application that by all appearances, seems legitimate. It’s even reasonably well-rated. And it doesn’t do the types of extremely vicious behavior of rogue security products like SpySheriff or WinFixer.
However, Symantec Security Response recently released a technical note on the product, saying that it “may give exaggerated reports of threats on the computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported threat.”
We have also been researching this product. On May 17th, we noticed MyCleanerPC was being installed through a trojan downloader called gorpus.exe (which, incidentally, installs other apps, including Deskwizz and UCMore). Gorpus came through TopInstalls, an infamous outfit that is noted for their proclivity in installing software through exploits or loaded by other malware (of a similar ilk to IST, MediaMotor, Pacerd, EliteMediaGroup, and DollarRevenue).
However, just the previous week, we had found a different (and legitimate) company being installed by this same downloader. We immediately contacted this company and they were very aggressive in hunting the source down. After some research, they told us they believed it was related to an outfit called Verticlick Media/Vault Projects, LLC. Since this was the first and only instance we had seen of this company’s product being installed in such a manner, we put them on a probationary status and didn’t list them in our database (the company was also extremely aggressive and responsible in their approach to handling the problem).
So, when we saw MyCleanerPC being downloaded through this this very same trojan, we wondered if this might also be related to Verticlick, and contacted them. They responded, saying that they had stopped the offending affiliate.
Unfortunately, just a week later (May 25th), we found that their software was being openly distributed by TopInstalls (meaning, openly listed on Topinstalls’ website, which they hadn’t been before).
This is not good. One can only charitably assume that MyCleanerPC got themselves into a pay-per-download deal which they really didn’t understand. However, they are an antispyware company, and to openly partner with TopInstalls (an outfit which a simple Google search will reveal as one with a terrible reputation) is a serious lapse in judgment. Now, the company is facing being listed in our database.
All of this highlights the necessity of being extremely careful in what affiliates one chooses to distribute products. Software developers can be tempted by huge download numbers (which they pay for), but if the result is product being installed without user consent, they risk being listed in antispyware definitions and, of course, accomplishing little or nothing in terms of attracting new, loyal users.
Alex Eckelberry