Running Registry cleaners generally makes us nervous, as they’re far more likely to remove some important setting than make any measurable difference to your system speed.
Most developers try to address this by building real intelligence into their code, but “Clean PC Smart” takes a different route: despite listing thousands of “issues” and claiming to fix them, it never deletes anything at all.
We first noticed the program in October, when it quickly raised concerns: new product, new website, unknown developer, no reviews, no clarity at all about the program licence or functions.
Other major review sites didn’t seem to be concerned and listed the program immediately, but we decided to investigate a little further.
We started by using Sysinternals Process Monitor to track what the program did during installation and its first run, and noticed that it buried its settings under a Microsoft key, where they’d be very difficult to spot: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SecurityXX
Network capture tool Colasoft Capsa showed how Clean PC Smart attempted to compromise our privacy on its first launch by obtaining our IP address, computer name and network adapter’s MAC address, then uploading them to its own server.
The program starts its “scan” immediately, and quickly delivered an almost useless report: “Registry Cleaner” listed thousands of legitimate keys, “Windows Startup” contained only four items from a single Registry key (even Task Manager listed 21), the “Browser Add-Ons” page actually referred to internet history files, the “Task Manager” section was a static list of running processes, and so on.
We asked Clean PC Smart to “fix” these issues anyway, and ran more scans. Most maintenance programs will find more “issues” immediately, either because they were unable to delete everything they found last time, or removing Registry keys has created more inconsistencies, but Clean PC Smart claimed there were now no problems at all.
Suspicious, we used Sysinternals Process Monitor to watch what Clean PC Smart was doing during its Registry scanning and cleaning, and found it was just reading the same keys, over, and over, and over again. Even when it was supposedly “fixing” these “issues”, nothing was ever deleted.
As Clean PC Smart is a .NET program, we tried opening it in DnSpy, a .NET decompiler. This allowed us to follow the logic of the program’s code, and see exactly what it was doing.
The secret turned out to be childishly simple. The program was writing the date it scanned a particular area of the Registry, such as your shared DLLs. When you ran a scan later, it checked how many days had elapsed since your last check, and if this was more than a fixed figure – 15 for shared DLLs, 25 for services etc – it added the keys in that section to the list.
The end result is the problem count would increase over time, sort-of simulating real life, but none of them represented any real issue on your PC.
If you decided to “fix” these “issues”, there was more fake activity to make it look like something was happening. But all that really mattered is the program updating its last scan dates, so if you ran a check immediately afterwards you’d get a “no issues found” message.
This all seemed clear enough in the code, but we verified it manually, too.
Running the program on our test PC initially displayed 9,828 Registry issues; we clicked Fix, scanned again and no issues were found.
We then deleted the HKEY_CURRENT_USER\SOFTWARE\Microsoft\SecurityXX key with Clean PC Smart’s “last scan” dates, ran the program, and it reported the same 9,828 Registry issues it had supposedly just “fixed”.
What’s the point of this pretence? There might be a clue in the toll free technical support number highlighted in the interface. Googling for that number found assorted websites recommending we call it to fix problems with printers, viruses, driver updates and more.
We don’t know the whole story about these issues – and there are also many more positive reviews – but whatever the truth, “Clean PC Smart” is best avoided. Apart from being technically inept, it stays running when the main window is closed, we noticed other code to display pop-up messages and (possibly) fake virus alerts, and there may well be more sinister features we’ve missed.
On the investigation front, if you’ve any knowledge of coding – even basic VBScript – then DnSpy is a great tool for helping you understand what a .NET program is doing. Check it out.