Home Malware Programs Rogue Anti-Spyware Programs EveryClear


Posted: February 13, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 66
First Seen: February 13, 2012
OS(es) Affected: Windows

EveryClear is a rogue system optimizer and anti-malware scanner from the Program:Win32/Fakevac family, a group of scamware products that also include AdClear, SpyClear, VaccineClear and SpyVaccine. Because almost all of EveryClear's interface is in Korean, non-Korean speakers shouldn't have much to fear from EveryClear, which hasn't been noted to engage in serious attacks beyond creating fake anti-malware and system diagnostic reports in various ways (such as through simulated system scans or pop-up alerts). However, since EveryClear doesn't have any benefit for your PC and may be installed by Trojans that are capable of other strikes, SpywareRemove.com malware researchers recommend that you respond to any appearance of EveryClear by removing EveryClear with a system scan from a competent anti-malware product.

EveryClear – the Scanner That Can Fake Everything

EveryClear is copied from a template that's been in use for Fakevac-based rogue anti-malware programs since 2010 and includes a normal-looking installation procedure, simulated file scans, pop-up warnings of PC threats and an easy payment scheme. However, all of these features (excepting, of course, functions that are involved in purchasing EveryClear) are faked to make your PC look like it's under attack by nonexistent PC threats and other problems. Some features that SpywareRemove.com malware analysts have found that EveryClear may fake to extort money from its victims include:

  • Detection of malicious software, such as keyloggers or Trojans.
  • Browser cleanup functions such as cookie deletion.
  • Optimization of Internet connectivity settings to increase connection speed.
  • RAM monitoring and optimization for increased application performance.

Of course, since EveryClear isn't capable of any of the above features, SpywareRemove.com malware experts discourage any effort to spend money on EveryClear, which may also endanger your related finances with additional fraudulent charges in the future. Contact with sites that promote EveryClear should be avoided as potential infection vectors and EveryClear itself should be removed with a preferred brand of anti-malware software.

How to Steer Your PC Clear of EveryClear

Because EveryClear is designed to target the computers of Korean speakers, distribution of EveryClear is most likely limited to Korean scamware sites, which can often be distinguished by their usage of the 'co.kr' domain tag. SpywareRemove.com malware research team recommends that you use strong browser and anti-malware security while visiting such sites, which will help to protect against drive-by-downloads and other PC threats that are often associated with fake anti-malware products like EveryClear.

EveryClear shouldn't be removed by normal methods, since EveryClear places its files in multiple locations and will make significant changes to the Windows Registry. EveryClear is specific to Windows and, as far as SpywareRemove.com malware experts have found, is unable to infect non-Windows platforms. Unlike more advanced types of scamware that use rootkit functions, EveryClear has also been noted to create an explicit system process for itself; you can observe this process from Task Manager to determine whether or not EveryClear is open.

Technical Details

Additional Information

The following URL's were detected: