CleanThis
Posted: March 19, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | March 21, 2011 |
|---|---|
| Last Seen: | January 29, 2019 |
| OS(es) Affected: | Windows |
The rogue program CleanThis is a copy of older malware threats like ThinkPoint and shares in their aggressively debilitating behavior. Although CleanThis might look like software that can help you clean malware from your computer, it has no affiliation with Microsoft and is a fraudulent product that shuts down programs while generating misleading error messages. Because this rogue product disables so many parts of your PC, you should remove CleanThis whenever you find it to be lurking on your hard drive. Until then, your computer's security will be seriously compromised!
Far from Clean Software
CleanThis shares a trojan-based delivery method with many other rogue applications, and can be injected by the widespread fake Microsoft Security Essentials Alert trojan. This trojan can drop an incredible variety of rogue programs; the key to stopping it is to notice the unusual error message and react with appropriate defensiveness. Here's the message you should watch out for:
Microsoft Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click ‘Show details’ to learn more.
After this, the trojan will alert you to the fake presence of an 'Unknown Win32/Trojan,' which, after a few more click-throughs will be revealed as a more specific trojan infection type. This infection doesn't exist and is only warned to get you to willingly download CleanThis or another rogue program. If you see these messages, reboot your system into Safe Mode and take steps to rid yourself of the trojan. Otherwise, CleanThis may be installed even if you try to avoid it.
Getting loaded down with CleanThis will inflict many different problems on the PC, all of which are caused by this rogue program or its helping trojan:
- CleanThis will take over your desktop and your system in general, loading itself before everything else and preventing you from accessing most of your PC's interface. You may or may not be allowed to use shortcuts, et cetera as per the norm after waiting through a fake scan on CleanThis's part. If CleanThis does scan your PC, it will pretend to find malware each and every time - because it's not even looking for real threats!
- A secondary symptom of CleanThis infection is a number of warning messages different from the ones caused by the trojan that delivered it. These errors are just as false, but shouldn't be completely ignored - they can prevent you from seeing real errors and may contain links to malicious websites.
- Different programs are also completely disabled by CleanThis. Your Windows Task Manager, Control Panel, Registry Editor and anti-virus software are all prime targets for CleanThis to block off. This particularly dangerous functionality makes CleanThis a real threat to your computer's security, even if it's not causing active damage.
Cleaning Out CleanThis
Although CleanThis will keep on telling you that you should register it to fix your PC back up to perfect health, this is just a scam designed to steal your money and personal information. Users who've fallen for this trick and given up their credit card information should talk to their credit card company and get charges revoked; most companies will allow this in a case of such clear-cut fraud.
Disable CleanThis through whatever methods you need to regain access to all your blocked programs, since trying to delete CleanThis while the rogue program is still running may result in failure. Since there have been cases reported of CleanThis running even in Safe Mode, specialized anti-malware software solutions may be required. However, the rogue product CleanThis is based on has been around for more than long enough for good solutions to be developed by the industry, so you have nothing to fear!
While removing CleanThis, be particularly cautious to remove any infections that are linked to it, too. The fake Microsoft Security Essentials Alert trojan is paired with CleanThis in most cases and can drop other rogue software like Red Cross Antivirus, and Major Defense Kit and, of course, ThinkPoint. Take care to remove CleanThis and its malware friends completely the first time, and you'll save yourself the bother of having to do it a second time later.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\gog.exe
File name: gog.exeSize: 602.62 KB (602624 bytes)
MD5: 17fc78683265940605870d1c789b4720
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%
Group: Malware file
Last Updated: March 21, 2011
Additional Information
| # | Message |
|---|---|
| 1 | The application taskmgr.exe was launched successfully but was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might post a threat for the OS. It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it. |
Hi,
How can I follow the procedure when the computer starts with the CleanThis screen? It runs in Safe Mode as well.
Thanks,
Eric
I have windows 7
But Clean this doesn't let me access theTask manager
Do you have a solution?
DANGER - you can disable Clean This by using regedit and finding "gog.exe" then removing the data where it appears. This stops the program from running on startup. You must then reboot and delete the file wherever it appears as shown in the article.
NOTE THAT RUNNING REGEDIT is very dangerous. Do NOT make any other changes unless you know exactly what you are doing.
My computer was attacked by "Clean This" yesterday, and it completely disabled my computer! My internet service is Verizon FIOS, so I called their tech support and told them a very nasty virus got by all their security measures, and I need the to get rid of it . This tech-support guy did a HECK of a job and completely eradicated it!! MEGA KUDOS to Verizon FIOS Tech-Support!!!!
If you DO use your internet service tech support, let them know right away that you can open a browser from the Clean This registration screen by hitting Ctrl +n . This will make it a lot easier for the tech to gain remote access and bring all his "bug killers" with him. HAPPY HUNTING!!!!
guys i had the same prob. what i done was created another account and done a system restore, it worked for me!!!
hey im at the sign up part and it wont let me open up windows what do i do?
I am also at the sign up part and it will not let me open up windows. What can I do
I had the clean this thing-i turned of my computer, then restarted it in safe mode then selected a date proir to getting clean it and let the computer do its thing-it worked for me-life is good again
restart in safe mode and do a system restore-worked for me
I contacted the Clean This virus 3 days ago and had all the problems mentioned here. I used another computer to download a reputable anti malware software for a low price onto a flash drive. I plugged the flash drive into my infected computer, ran the program and it was immediately fixed.
i can not see other post with that n my way can i remove.
A family member referred me to your website. Thank you for the details.