CCleaner

CCleaner

Anti-Malware - Freeware

Description

Windows XP was released in 2001 with a built-in Disk Cleanup tool that nobody believed. The utility found maybe a few hundred megabytes of temporary files, and warned you gravely before deleting them, and left the registry entirely alone. Meanwhile, any program a user installed — and uninstalled, and reinstalled — left fragments all over the filesystem and Windows Registry: orphaned keys pointing at software that no longer existed, browser cache files accumulating silently, application logs that no program ever read again. The difference between what Disk Cleanup provided and what an installation of Windows actually accumulated over time was large, and it was clear to anyone who spent time maintaining other people’s computers.

Guy Saner and Lindsey Whelan set up Piriform in London in 2004 to address that gap. Their first product, released in February 2004, had the working name Crap Cleaner — shortened to CCleaner before it reached most users. The name said exactly what it did: scan the filesystem and registry for files and entries that served no purpose, present them for review and remove them. The interface required no technical knowledge. Users clicked Analyze, saw what CCleaner proposed to delete, and clicked Run Cleaner. The tool handled the rest.

EARLY Development and Features

The original CCleaner was aimed at two types of waste. The first was filesystem clutter: temporary internet files, browser cache, download history, Windows log files, memory dumps, recycle bin contents and the accumulated debris from applications that stored data without ever cleaning it up. The second was the Windows Registry — a hierarchical database for storing configuration data for Windows and installed applications. Every time a program was installed or uninstalled, it usually added and sometimes did not remove registry entries. Over years of use, those leftover entries added up.

CCleaner’s registry cleaner detected particular types of invalid entries: missing references to shared DLLs, unused registration entries for file extensions, invalid references to application paths, and so on: orphaned data. It presented findings in a list and allowed users to review before deletion. The approach was deliberately conservative — Piriform always designed CCleaner to err on the side of leaving entries alone rather than aggressively removing anything ambiguous.

Early versions also included an application uninstaller and a startup manager. The uninstaller placed a layer on top of the built-in Add/Remove Programs panel in Windows, taking care of situations where regular uninstallers left residual files behind. The startup manager displayed all programs set to run at Windows startup and allowed users to disable individual items, which decreased boot time on machines where multiple applications had added themselves to the startup sequence without the user’s knowledge.

Browser cleaning became one of the most-used features of CCleaner. The program could clear browsing history, cookies, cached files, form autofill data and session data from Internet Explorer, Firefox, Chrome, Opera, Safari and most other major browsers from a single interface.

PIRIFORM EXPANSION

As CCleaner’s user base continued to grow, Piriform developed other tools under the same brand. Recuva, released in 2007, recovered deleted files from hard drives and memory cards using the same basic principle: When Windows deletes a file, it marks the space as available but does not immediately write over the data. Recuva scanned for those recoverable files and restored them. Defraggler, also from 2007, defragmented individual files or entire drives and supported SSDs in a mode that moved files for better organization but did not have the wear-inducing full-drive defragmentation that solid-state storage did not benefit from. Speccy, which was released in 2009, showed detailed information about the hardware — CPU, motherboard, RAM, storage, GPU — and flagged temperature readings that could indicate cooling issues.

These tools kept Piriform running lean and focused as a utility developer. Lindsey Whelan, describing Piriform’s growth from a bedroom project to a business with hundreds of millions of users, stressed that the company’s approach had always been to build tools that fixed observable problems rather than move into broader software categories.

The macOS version of CCleaner was released in November 2010, after a public beta was released in June 2011. Android support arrived in 2014. An iOS version came years later. A commercial Network Edition, designed for IT administrators who had to manage fleets of Windows machines, added scheduled cleaning, remote deployment, and centralized reporting.

AVAST Acquisition and 2017 Malware Incident

Avast acquired Piriform on July 18, 2017. The acquisition made simple strategic sense: Avast and CCleaner were the top two downloaded programs on major software distribution sites, and CCleaner’s 130 million active users represented a huge cross-sell opportunity for Avast’s security products.

The timing, however, coincided with the worst security incident in the history of CCleaner. Evidence would later be established that attackers had breached Piriform’s build environment as early as July 3, 2017 — two weeks before the Avast acquisition closed. On August 15th, 2017, Piriform released CCleaner version 5.33. The installer contained the Floxif trojan, which was embedded in the legitimate signed binary using a valid digital certificate issued to Piriform by Symantec. The malware only ran on 32-bit Windows systems that had administrator-level accounts. On machines where it ran, it collected the computer name, a list of installed software, a list of active processes, MAC addresses for the first three network adapters, and unique identifiers — and then sent this information to a command-and-control server. A second-stage payload hit about 40 machines, including technology companies such as Samsung, Sony, Intel, VMware, Google, Microsoft and Cisco itself, which discovered the attack.

Morphisec found the first signs of malicious activity on August 20 and 21. Cisco Talos discovered the trojanized CCleaner on its own, during testing of new exploit-detection technology in September. Both companies informed Avast on September 12. Avast began its own investigation and contacted US law enforcement and on September 15 brought down the command and control server in cooperation with law enforcement. CCleaner 5.34, which was released the same day, removed the malicious code. By Avast’s count, 2.27 million machines had installed the infected version.

Avast argued that the breach occurred before its acquisition and that hackers had already broken into Piriform’s development or build environment before the handover. Cisco Talos called it a sophisticated supply chain attack — the kind that is hard to detect precisely because the malicious code rides inside a legitimate binary signed with a legitimate certificate.

Two years later in October 2019, Avast revealed a second attempted breach. Attackers acquired employee credentials and network access, apparently in an attempt to access CCleaner’s build process again. Avast caught the intrusion and stopped CCleaner releases during the investigation, and reset all internal credentials, and made sure that no malicious code entered any release. No users took on any payload.

In July 2020, Microsoft Defender started marking the free version of CCleaner as a potentially unwanted application because of concerns about bundled third-party software in the installer. Piriform changed the installer in a matter of days, so that third-party offers are opt-in instead of pre-checked.

CURRENT FEATURES

CCleaner 7 released October 6, 2025, brought a significant overhaul to the interface with a redesigned layout, universal dark mode, and ARM64 architecture support on Windows.

The Health Check feature checks for junk files, outdated software and unnecessary startup programs in one go, showing results in a unified interface that lets users of any technical level fix multiple categories of issues simultaneously. Custom Clean gives granular control over which file categories and applications CCleaner examines, with separate checkboxes for the cache, history, cookies and other stored data of each browser, as well as application-specific categories for programs such as Microsoft Office, Adobe products, media players and dozens of other common applications.

The registry cleaner detects missing DLLs, unused file extension registrations, invalid application paths, obsolete MUI cache entries, and other types of invalid entries. Microsoft has long warned against using third-party registry cleaners, saying that manual registry changes can destabilize Windows if performed incorrectly — CCleaner’s version is designed to only clean specific, well-defined categories of obviously invalid entries instead of attempting to optimize the registry in broad strokes.

The startup manager lists all programs that are set to run when Windows starts, including those that are loaded via the registry, the Startup folder, scheduled tasks and browser extensions. Users can disable or delete individual items. The application uninstaller is used to handle those programs that leave residual files after standard uninstallation. Drive Wiper overwrites free disk space with configurable passes so previously deleted files are unrecoverable to forensic tools. Duplicate Finder finds duplicate files throughout the filesystem for manual review and deletion.

Professional tiers include scheduled automatic cleaning, Smart Cleaning (which monitors for junk accumulation and alerts the user when it reaches a threshold), automatic browser cleanup when the browser is closed, Software Updater (which checks installed applications against current release versions and flags outdated software), and Driver Updater. The Professional Plus tier bundles Recuva and Speccy. The Premium tier adds Kamo, a privacy tool that generates fake browser fingerprint data to confuse tracking systems, and covers up to five devices including Android and macOS.

CCleaner Browser, which is distributed as an optional component during the installation of Windows, is a Chromium-based browser with built-in ad blocking and anti-tracking. The browser is functionally the same as Avast Secure Browser, reflecting the shared ownership under Gen Digital.

PRICING

The free version of CCleaner is available indefinitely for home use, and covers manual cleaning, registry cleaning, startup management and application uninstallation. CCleaner Professional includes scheduled cleaning, Smart Cleaning, automatic cleanup of browsers, Software Updater, and Driver Updater, available by annual subscription. Professional Plus includes Recuva and Speccy as a higher annual subscription tier. The Premium tier covers multiple devices including macOS and Android and includes Kamo. Business and network editions include centralized deployment, policy-based configuration, command-line parameters for use in scripts and scheduled tasks, and remote management via CCleaner Cloud.

SECURITY ASSESSMENT

The 2017 Floxif incident left CCleaner with a trust problem that lingered long after Avast removed the malware. A program whose main value proposition is the scanning and modification of sensitive areas of the system — the registry, startup programs, application data — relies on user confidence in its integrity. The supply chain attack took advantage of just that confidence: Users who downloaded CCleaner 5.33 from the official site received a legitimate-looking signed binary that behaved normally, but also collected and transmitted system data.

Avast’s response included restructuring the build environment, moving infrastructure to Avast-controlled servers, and adding other code-signing verification steps. No further compromise of released software has occurred since Avast contained the 2019 attempted breach before it reached users. Current versions of CCleaner downloaded from the official site or the Microsoft Store do not have malware.

The concern that has not been resolved is of a different nature. CCleaner’s path to monetization following the Avast acquisition brought with it bundling practices and upsell prompts that critics compared unfavorably to the clean and focused utility that Piriform originally built. The 2018 reports of Avast Antivirus installing without explicit user consent – denied by Piriform but widely reported – and the 2020 Windows Defender flagging of the free version reflect a product that moved some distance from its original positioning as a simple, trustworthy cleanup tool. CCleaner is functional and, when downloaded from official sources, safe to use. Whether the paid tiers are worth their cost depends to a large extent on whether the alternative — Windows’ built-in Storage Sense, manual startup management via Task Manager, and Disk Cleanup — covers enough ground for a given user’s needs.

Explore apps in Anti-Malware

Bitwarden

Bitwarden

12,504 Downloads Freeware 0.3 MB
Bitwarden is a secure app that helps you store, manage, and organize passwords and private...
UltraSurf

UltraSurf

12,289 Downloads Freeware 4 MB
Ultrasurf is a good tool to recommend due to its decent speed and the commitment...
ZoneAlarm Free Firewall

ZoneAlarm Free Firewall

5,715 Downloads Shareware 5.02 MB
ZoneAlarm Free is a great Firewall and Anti-virus solution that decreases the exposure of your...
Avast Premier

Avast Premier

8,103 Downloads Shareware 255 MB
Avast premier is a full is valued as comprehensive protection for those aiming to protect...
K7 Ultimate Security

K7 Ultimate Security

10,188 Downloads Freeware 269 MB
K7 Ultimate Security provides multi-layered protection against malware, phishing, and ransomware while enhancing privacy and...
View more
Free Download For Mac
User Rating:

5 / 5. 1

Freeware
15.1 MB
Mac, Windows 7, Windows 8, Windows PC
ccleaner

Latest Software

Hotstar

Hotstar

Pichon

Pichon

MAGIX Photo Manager Deluxe

MAGIX Photo Manager Deluxe

BurnInTest

BurnInTest

Arduino IDE

Arduino IDE