InfoCleaner

Chances are that if you have a bunch of weird windows popping up from something called Infocleaner, then the program is a mystery to you. That's because Infocleaner is Korean malware. Infocleaner pretends to be an anti-virus program, when Infocleaner is actually a scam.

What is Infocleaner?

Infocleaner was created in order to scam Korean PC users out of their money. So if you are outside of the Korean market or you don't speak Korean, you obviously will not be able to understand anything that Infocleaner is telling you. Furthermore, without installed support for Korean fonts, all of Infocleaner's text will be interpreted by Windows as long strings of gibberish. English-speaking PC users may find that the only part of Infocleaner's windows and interfaces that they can understand is Infocleaner's name. Therefore, many users who find their computers infected with Infocleaner find themselves in the frustrating situation of knowing the name of the malware infecting their computer, but not knowing what on earth Infocleaner is supposed to be.

In terms of the symptoms it creates, Infocleaner is entirely typical for a rogue security program. Infocleaner will load a fake user interface when Windows starts, and all of Infocleaner's fake scans will be run from that interface. The phony scans will always return results, and after each scan, Infocleaner will tell you that the only way to remove the threats Infocleaner claims to have found is to purchase an Infocleaner license, or purchase the “full” version. By clicking on the prompts that Infocleaner provides, you will be taken to the website that claims to sell Infocleaner, where you are asked to pay for the program by credit card. The site really is capable of accepting payments, but because Infocleaner is completely fake and incapable of doing anything useful, paying money for Infocleaner will not get you anything.

Infocleaner also generates security warnings and alerts that pop-up frequently while you use your computer. Like Infocleaner's fake scan results, Infocleaner uses these in order to try to get you to go online and pay for the malware. However, just like the scan results, the information contained in Infocleaner's alerts is false. Everything that Infocleaner does is part of Infocleaner's campaign of scare tactics, designed to cause you to panic about your PC's security and to think that paying for Infocleaner is your only hope. Luckily, there are no reports of other symptoms from Infocleaner, and it seems to be the case that Infocleaner does not seriously disable the affected computer in ways that many other rogue anti-virus applications do.

How Infocleaner Winds Up on a Computer, and its History

One thing that really gives Infocleaner away as malware is that almost no one chooses to install Infocleaner. Rather, Infocleaner relies on Trojans and malicious websites in order to infiltrate computers. Infocleaner is reportedly often bundled with downloads from sites that offer free downloads, and which hold an uncertain status in terms of whether or not they are pirating sites – in other words, sites that fall into a gray area. Also, there are many malicious Korean websites that will infect your computer with Infocleaner as a drive-by download, where the Trojan is downloaded to your computer by the site itself when you visit it. Then, Infocleaner makes some changes to the registry, and the next time you start your computer, you will start seeing Infocleaner's interfaces and alerts.

Infocleaner has been around since late November or early December 2010, but it may have taken until February for there to be any significant numbers of infections outside of Korean-speaking markets. There are two malicious websites that are primarily associated with Infocleaner, which are infocleaner.co.kr and cleanvaccine.co.kr, although there are at least somewhere between twenty and forty other malicious websites that actively support the malware. All of these other sites are Korean domains ending in .co.kr. Needless to say, you should not visit any of the known Infocleaner websites for any reason.