Warning of fake German website!

Just wanted to inform everybody that there is a fake website around claiming to be the "German download portal" ("Willkommen auf der deutschen Downloadseite von Crap Cleaner") for CCleaner. It's actually one of the first results if you google "CCleaner" in Germany. It's connected to the company "ThinkLABs Ltd. & Co. KG" that seems to be highly suspect when you do some further research. Any download from that fake site installs quite a lot of annoying malware.

So, I would highly recommend to stay away from that website! And please spread this information!

Does anybody know more about this?

I've passed on this info to Piriform.

Thanks for posting and welcome to the forum :)

Is that ccleaner.de (I intentionally did not make this a hyperlink) ?

According to who.is, this domain is registered to

Nicolas Tim Ginzel

Luennewelle 30

D-38446 Wolfsburg

They also offer a slightly old CCleaner version (3.26) - that does not make them look very legitimate...

Piriform are aware of this site.

As you say pwillener looks a bit sus.

At the top of the website they mention (in very smal print) "inofficial" German download site.

Yes, I'm talking about ccleaner.de. Anyway, search results look like that site was a normal download site for ccleaner some time ago, but I guess it has changed or the site has even been hacked. The installer you can download from that website is hosted at download-sponsor.de, which is owned by the company I mentioned. Online antivirus scan at virustotal.com recognizes the installer as "a variant of Win32/DownloadSponsor.A".

The installer has an extremely hidden section, where you can turn off the programs you don't want to install, so maybe this is legal, but it's definately hard to find and far from standard. Besides some annoying but not too harmful stuff, there is a program called "Search Anonymizer", that sends all information you give while using seach engines to the company I mentioned in the first post.

Just because you click to turn of the programs does not mean they will be turned off.

I believe it is possible that the click you give might be seen by windows as your authorisation to install malware such as a keylogger or a rootkit.

A click isn't really needed. Running the .exe is enough in most cases. Sometimes you don't even need to do that.

A click isn't really needed. Running the .exe is enough in most cases.

That's usually what it does.

Oops. I meant to say .mse, since we are talking about installers. Running a malicious .exe will DEFINATELY lead to a world of pain.