PUA:Win32/PCMechanic is a detection associated with the potentially unwanted application. This pseudo system optimizer claims that the user’s system has many problems, and then offers to call the “tech support”. Let’s see why this may appear and how to remove it.
What is PUA:Win32/PCMechanic?
PUA:Win32/PCMechanic is a Microsoft Defender detection that indicates a PC Mechanic Plus program present in the system. PC Mechanic Plus is a potentially undesirable program, more specifically a fake optimization tool. This app in fact borders with scareware – a class of PUA that tries forcing the user to pay for a license to remove non-existent threats.
After the “scanning”, the program shows the user a list of errors in the system and offers to call the specified phone to solve these problems. All this ends up with verbal requests to buy the license for the PC Mechanic; though, it is not the only danger of calling fake tech support. Aside from obtrusive offerings to call the “specialists”, the app will also overload the system and can potentially block some of the functions.
PUA:Win32/PCMechanic – How Does it Work?
As I’ve said above, PUA:Win32/PCMechanic is a rather unusual example of PUA/scareware. A deeper look into it shows that fake scanning and extorting money for fixing non-existent problems is not the only problem the app introduces. In fact, its excessive telemetrics make its activity rather unpleasant to anyone who values their privacy.
1. Delivery
PC Mechanic Plus does not even try to legitimize itself: there is no official website and no reviews, even paid ones. To spread itself, this app uses dirty methods, for example, through “bundling”. I.e., installers of other freeware or cracked software that include additional programs as “recommended software”. This way of monetizing involves having a checkbox when you install the program. However, unscrupulous developers neglect this and do not allow the user to cancel the installation of additional software during the installation of the main product.
Other ways to get PC Mechanic Plus include advertising sites. This is especially true for fake sites drivers download. Thus, instead of giving you the driver you need, they download a magic program that will install all drivers in one click. Sometimes, such sites use a double file extension trick, such as IRST_Intel.zip.exe. As a result, the user receives a PUA installer instead of a driver archive.
2. Fake Scanning
After installation, PC Mechanic Plus starts the scan forcibly and, obviously, finds a lot of errors. I additionally emphasize that all these errors are fake, and the reason they appear is to convince the user to buy the full version of the program. Additionally, the program asks you to call technical support at the specified number. Fake technical support using social engineering to convince the user to buy the product, effectively making you pay for a piece of junk software.
3. Info Gathering
In addition to the above, PC Mechanic Plus has a bit of undeclared functionality, more specifically – in the area of telemetrics. According to VirusTotal analysis, it collects some information about the system and user, particularly the detailed system information. Additionally, some of the elements of the app have the functionality of a keylogger. Thus, any text the user enters, including logins, passwords, and other sensitive information, can be gathered. And considering the presence of network activity of this app, this data is not just for internal use or “diagnostics”.
How To Remove PUA:Win32/PCMechanic?
Since this software often comes into the system not alone and makes undesirable changes to the system, it is impractical to try to restore all changes manually. For that reason, I recommend downloading and installing a GridinSoft Anti-Malware. It will effectively dispatch this unwanted program and all things that could have appeared along with it. Run a Standard scan, let it finish and click “Clean Now” to remove all the detected items – it is as easy as this.
There is a way to PUA:Win32/PCMechanic manually. Begin with pressing the Start button, then go to Settings.
In the left menu, select Apps, then Installed Apps.
Find the PC Mechanic Plus, click the three dots on the right, and select Uninstall. It is worth noting that the app may not necessarily be listed among the installed apps. In that case, the best option is to run GridinSoft Anti-Malware.
After manually uninstalling the application, all the changes it has made to the system will likely remain. You will need to restore all Windows settings to their original state manually to get rid of the rest of the issues.