Panda Cloud Cleaner Help

Panda Cloud Cleaner is a new and effective tool to remove active malware.


By default Panda Cloud Cleaner performs a Quick Scan.

This kind of scan performs a fast check of the system memory, the Registry and known locations where malware is commonly found at boot time. This scan is launched by clicking on the “Accept and Scan Button.”

accept and scan

Internet connection

To maximize detection capability, the infected computer must be connected to the Internet for Cloud cleaner to work at maximum capability, as it leverages cloud knowledge and connects to its backend server during scans.

  • Due to its small size, the virus signature file only detects particularly dangerous malware, whereas other malware is detected by the cloud. Should there be no cloud connectivity, then the tool will only detect and remove the malware included in the local virus signature file.

Once it has scanned all these areas, Panda Cloud Cleaner sends a report to the cloud and waits for this to return the disinfection instructions associated with the detected items.

sending results cloud report

Besides letting you disinfect any malware specimen identified by Panda’s Collective Intelligence, it shows any other categories of detected programs that can potentially impact in the PC performance or security.

All these different identified categories are shown below:

main results

Malware and PUPs

If known malware is found it will offer the possibility to disinfect the detected items, which are shown to users marked to disinfect by default.

Potential unwanted programs (PUPs) could have unexpected or undesirable effects on a user's computer. For example, once downloaded, some PUP programs may run background processes that could slow the computer down, or may display numerous annoying advertisements. The sole purpose of some of these applications is not discovered until they have been installed and run. Most often, PUPs are downloaded and installed with legitimate applications, and users are unaware of these additional installations because they do not read user agreements thoroughly.

Anyway, PUPs are not marked to disinfect by default in order to let the user choose if he wants or not to keep the PUP installed.

Suspicious unknown programs and Suspicious Policies

Panda Cloud Cleaner also shows suspicious items found, like those that look similar to mutations of malware or also unknown very uncommon recently installed programs. This allows the user to take visibility of the most risky recently installed programs and, therefore, the ones with a higher probability of being unknown malware not yet included in the Collective Intelligence database.

Suspicious Policies are related to those changes in the operating systems than could have been due to a malware attack.

System Cleaning

To keep your computer better optimized and a bit more secure, it’s recommended to at least delete browser temporal files:

  • Temporary files, browser history and cookies for the three main Internet browsers (Internet Explorer, Firefox, Google Chrome).
  • Notice that the default configuration only selects Temporary files to be cleaned. You may include the other items if you want more privacy.
  • Notice also that cleaning all cookies could make some web sites to request you your cached credentials.
result details

The Trusted boot scan is an scan option that is used to detect rootkits and also to block malware whose effects may seriously affect disinfection efforts, for example because they kills AV processes, or it runs only during the start up and then, disappears, etc…. In short, it´s the scan mode recommended when the computer is affected by a rootkit or MBR malware or a very resilient malware.

To this end, Panda Cloud Cleaner temporarily installs a secure startup monitoring software and requests a computer restart.

32 bits only

Important: this software (drivers) are only compatible with 32-bit operating systems; therefore, this scan option is only available on those systems. At this moment the trusted boot scan is not available on 64-bit systems because these OSs provide more security against rootkits than 32-bit systems.

Panda Cloud Cleaner will automatically detect if it is running on a 64-bit system and will then disable the High Security Analysis option.

The trusted boot scan can be enabled by clicking on the Advanced options on the main screen, and enabling the corresponding check

main trusted trusted options

Phase 1. Setup

Phase 1 starts with the drivers installation. A reboot is required to end up the installation process successfully.


Phase 2. Boot Scan: building up a safe environment (a white list)

Phase 2 starts immediately after the reboot required to install the aforementioned drivers. During this phase the driver is already active and Panda Cloud Cleaner can check file and process creation. The tool performs an initial scan looking for suspicious items, which can be blocked later on by the user.

phase2 boot scan

After the Phase 2 scan is complete, Panda Cloud Cleaner will display the scan results like a Quick Scan.

Clicking on each category will display the list of items to be blocked after restart. To put it briefly, Panda Cloud Cleaner will use a white list of items that will be allowed to run in Phase 3, whereas any other items will be blocked. This white list will be used to configure the boot of the computer (during the trusted boot phase), so any kind of suspicious item will not be loaded.

In addition, Panda Cloud Cleaner will virtualize the registry entries to block, so that if anything fails at the beginning of Phase 3, they will not be affected when Panda Cloud Cleaner is uninstalled and the computer will be able to boot up normally. Click Clean to restart the computer in ‘secure’ mode.

Phase 3. Trusted Boot: Scan and disinfection in a safe environment

This phase scans your computer just like the Quick scan option but in a safe environment. All items (Registry entries and files) not marked as safe or not allowed at the end of the Phase 2 scan will be blocked. For example, if during this phase the user tries to manually run a not allowed item, Windows will display an error message. Obviously no malware should be able to run during this phase, unless the program was not configured properly.

phase3 scanning

After the Phase 3 scan is complete, Panda Cloud Cleaner will display the scan results:

phase3 results main

In addition, and only in this phase, Panda Cloud Cleaner can identify Master Boot Record modifications and suspicious drivers as ‘anomalies’ (“Unknown Files & Anomalies” Category)

All suspicious items found during the scan appear unselected, for the user to select those that they consider dangerous and want removed on the next restart. We advise users to carefully check through the unknown elements list, and select only those they consider malicious.

After restarting the computer the disinfection process is complete.

Panda Cloud Cleaner offers a set of advanced tools only recommended for advanced users. Those tools are accessible through the Advanced Tools Menu on the Right Upper corner of Panda Cloud Cleaner.

The available tools are:

  • Kill all processes: All programs not required for system operation will be terminated (using several different methods). It´s important to make sure that any document that´s been editingis saved before using this tool.
  • Unlock files allows you to access files which are locked by malware, for example if you need to delete or modify those files manually.
  • Send files to Panda allows you to help us by sending those files that you consider malware and Panda Cloud Cleaner does not detect.

By default Panda Cloud Cleaner performs a Quick Scan. However, other scan options are available too, as a full computer scan or a customized scan where the user can select the folders to analyze.

These options are available in the arrow down of the “Accept and Scan” button:

additional scan options