Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


WinSysClean Is a Trojan Remote Connector

  • Please log in to reply
1 reply to this topic

#1 Lempereur


  • Members
  • 2 posts
  • Local time:08:44 AM

Posted 15 September 2017 - 05:39 PM

Heh guys:


Just joined, but I have used your utilities for years. I am overdue in making a donation.


I want to bring something to the attention of Pros like yourself, at Bleeping.


In trying to straighten out a licensing problem with my Waves Plugins, I resorted to searching out a more comprehensive Reg cleaner.


I came across WinSysCleanPro. It appeared to be legit, had an HTTPS connection. it also took Credit cards and Paypal. It appeared to be somewhere in Eastern Europe.


Downloaded it, installed it and was very impressed with it right out of the gate, so I paid the $20 for it and activated it on my studio recording computer.


About the same time, I installed it on my laptop. All seemed well for a couple of weeks. But Around the same time I installed it, I started having wifi drop outs.


After 10 or 15 attempts to install, re-install Intel's Wifi AC 7260 drivers, I concluded it was either a virus or the card was going up. I also tried sfc /scannow. It did replace some files, but they did not seem significant to the issue.


My Anti Virus is Emsisoft, so I thought I was ok.


I turned to you guys again, with the main utilities here.


rKill64, Adaware, and Rougekiller64 all 3 identified it as a PUP, with 2 registry entries.


rKill64 shut down a service called something like "NSIDN" or some variation.I stopped it with rKill64 first, then cleaned it up with Rougekiller and Adaware.


After each cleaning , I would do a final cleanup with "WinSysCleanPro" and System Mechanic, then a reboot.


It still returned.


Using your FRST, I did not see anything funky. I used MS-autoruns and identified a suspicious file. Deleted it, cleaned the computer again, , then WInsysCleanPro and Sys Mech Pro, then rebooted. 


All seemed fine. I was in the process of purchasing 3D models for computer games approx 4. PM EST.. I left Firefox open and went to the next room to consult with my lead programmer about the Nvidia Iray concept.


After about 4 or 5 min., I returned and continued what I was doing. Immediately the mouse cursor was fighting me, similar to a javascript on a webpage starting and stopping at a fast pace.


Their was also an application launch window opened for WinsyscleanPro 8. I never set the program up to launch on a schedule.



Then I noticed the cursor appeared to be moving itself. I let it continue and it moved to the upper-lefthand corner. Immediately I noticed that someone had moved my taskbar from the bottom to the left side of the screen, vertically. It then appeared to be opening up an app.I immediately pushed and held the on-off button, shutting the PC down.


When I rebooted, I immediately shut down the Wifi conection and went straight and uninstalled WInsyscleanPro. I then proceeded to clean up again with you utilities, and finally using SystemMechanic to delete the uninstaller entries in the Reg, which had been changed.


It appears to be eradicated for 24 hrs now.


Bottom line, THIS is a serious issue for guys like bleeping. The app itself, Winsysclaen pro is actually an excellent product. But I am now convinced it is being used to covertly download docs and things from unsuspecting victims.


Like you here at Bleeping, I also make software, since 1981. Believe me, I have seen it all. Started with the Atari 800, in Sid Mier's Atrari 800 user group. (Civilization), 5MB Hard Drives, then 10MB hard Drives, then 20MB Hard Drivers, 30, 40, 80, 120, 6502 CPU, 68000, 8088, 8086. 286, 386, 386, etc...etc...etc.. MS DOS 1.0 and up.


You have to flag this guy as a hacker and somehow warn others. When this breaks into the main news, it will put a bad spotlight on the small utility developers like yourself.


You might want to start by testing it yourself. I plan to notify certain people about the legal issues.


It also brings to mind the Federal Justice Dept interviewing the CEO of Kaspersky for putting spyware into they're Anti-Virus software for Putin.


Fellows, this scared the crap out of me.

Edited by Lempereur, 15 September 2017 - 08:33 PM.

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,756 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:44 AM

Posted 16 September 2017 - 12:02 PM

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Why you should not use Registry Cleaners and Optimization Tools

There are numerous programs which purport to improve system performance, make repairs and tune up a computer. Many of them include such features as a registry cleaner, registry optimizer, disk optimizer, etc. Some of these programs even incorporate optimization and registry cleaning features alongside anti-malware capabilities. These registry cleaners and optimizers claim to speed up your computer by finding and removing orphaned and corrupt registry entries that are responsible for slowing down system performance. There is no statistical evidence to back such claims. Advertisements to do so are borderline scams intended to goad users into using an unnecessary and potential dangerous product.


You have so much going on that you may have compounded your problem by doing so.  I would suggest starting by doing a System Restore.  Select a restore point prior the beginning of this problem.

Credit for this goes to Quietman7, one of our Global Moderators.


I would suggest doing a system restore, select a restore point which is dated prior you the onset of this problem.


If this does not resolve the issue I would suggest doing a Refresh.


How to do a Windows 8.1 Refresh.

A Refresh basically will reinstall the operating system, this will not affect you if you use the option in the instructions.  The downside is that this will uninstall all of your third party programs you installed.

Press the Windows key windows-key.png  and the I key to open Settings.

In Settings click/tap on Recovery, click/tap on Refresh your PC without affecting your files, then Get Started.

You will see a page titled Refresh you PC, click/tap on Next.  On the next page click/tap on Refresh.

The computer may turn off and back on during this process, you don't need to do anything.  The scan will display a percentage of its completion.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users