Home Malware Programs Rogue Anti-Spyware Programs CleanThis

CleanThis

Posted: March 19, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 5
First Seen: March 21, 2011
Last Seen: January 29, 2019
OS(es) Affected: Windows

ScreenshotThe rogue program CleanThis is a copy of older malware threats like ThinkPoint and shares in their aggressively debilitating behavior. Although CleanThis might look like software that can help you clean malware from your computer, it has no affiliation with Microsoft and is a fraudulent product that shuts down programs while generating misleading error messages. Because this rogue product disables so many parts of your PC, you should remove CleanThis whenever you find it to be lurking on your hard drive. Until then, your computer's security will be seriously compromised!

Far from Clean Software

CleanThis shares a trojan-based delivery method with many other rogue applications, and can be injected by the widespread fake Microsoft Security Essentials Alert trojan. This trojan can drop an incredible variety of rogue programs; the key to stopping it is to notice the unusual error message and react with appropriate defensiveness. Here's the message you should watch out for:

Microsoft Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click ‘Show details’ to learn more.

After this, the trojan will alert you to the fake presence of an 'Unknown Win32/Trojan,' which, after a few more click-throughs will be revealed as a more specific trojan infection type. This infection doesn't exist and is only warned to get you to willingly download CleanThis or another rogue program. If you see these messages, reboot your system into Safe Mode and take steps to rid yourself of the trojan. Otherwise, CleanThis may be installed even if you try to avoid it.

Getting loaded down with CleanThis will inflict many different problems on the PC, all of which are caused by this rogue program or its helping trojan:

  • CleanThis will take over your desktop and your system in general, loading itself before everything else and preventing you from accessing most of your PC's interface. You may or may not be allowed to use shortcuts, et cetera as per the norm after waiting through a fake scan on CleanThis's part. If CleanThis does scan your PC, it will pretend to find malware each and every time - because it's not even looking for real threats!
  • A secondary symptom of CleanThis infection is a number of warning messages different from the ones caused by the trojan that delivered it. These errors are just as false, but shouldn't be completely ignored - they can prevent you from seeing real errors and may contain links to malicious websites.
  • Different programs are also completely disabled by CleanThis. Your Windows Task Manager, Control Panel, Registry Editor and anti-virus software are all prime targets for CleanThis to block off. This particularly dangerous functionality makes CleanThis a real threat to your computer's security, even if it's not causing active damage.

Cleaning Out CleanThis

Although CleanThis will keep on telling you that you should register it to fix your PC back up to perfect health, this is just a scam designed to steal your money and personal information. Users who've fallen for this trick and given up their credit card information should talk to their credit card company and get charges revoked; most companies will allow this in a case of such clear-cut fraud.

Disable CleanThis through whatever methods you need to regain access to all your blocked programs, since trying to delete CleanThis while the rogue program is still running may result in failure. Since there have been cases reported of CleanThis running even in Safe Mode, specialized anti-malware software solutions may be required. However, the rogue product CleanThis is based on has been around for more than long enough for good solutions to be developed by the industry, so you have nothing to fear!

While removing CleanThis, be particularly cautious to remove any infections that are linked to it, too. The fake Microsoft Security Essentials Alert trojan is paired with CleanThis in most cases and can drop other rogue software like Red Cross Antivirus, and Major Defense Kit and, of course, ThinkPoint. Take care to remove CleanThis and its malware friends completely the first time, and you'll save yourself the bother of having to do it a second time later.

ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AppData%\gog.exe File name: gog.exe
Size: 602.62 KB (602624 bytes)
MD5: 17fc78683265940605870d1c789b4720
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%
Group: Malware file
Last Updated: March 21, 2011

Additional Information

The following messages's were detected:
# Message
1The application taskmgr.exe was launched successfully but was forced to shut down due to security reasons.

This happened because the application was infected by a malicious program which might post a threat for the OS.

It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.

12 Comments

  • Eric says:

    Hi,

    How can I follow the procedure when the computer starts with the CleanThis screen? It runs in Safe Mode as well.

    Thanks,
    Eric

  • Edgardo Olivari says:

    I have windows 7
    But Clean this doesn't let me access theTask manager
    Do you have a solution?

  • Al says:

    DANGER - you can disable Clean This by using regedit and finding "gog.exe" then removing the data where it appears. This stops the program from running on startup. You must then reboot and delete the file wherever it appears as shown in the article.
    NOTE THAT RUNNING REGEDIT is very dangerous. Do NOT make any other changes unless you know exactly what you are doing.

  • Tony says:

    My computer was attacked by "Clean This" yesterday, and it completely disabled my computer! My internet service is Verizon FIOS, so I called their tech support and told them a very nasty virus got by all their security measures, and I need the to get rid of it . This tech-support guy did a HECK of a job and completely eradicated it!! MEGA KUDOS to Verizon FIOS Tech-Support!!!!

    If you DO use your internet service tech support, let them know right away that you can open a browser from the Clean This registration screen by hitting Ctrl +n . This will make it a lot easier for the tech to gain remote access and bring all his "bug killers" with him. HAPPY HUNTING!!!!

  • khurram says:

    guys i had the same prob. what i done was created another account and done a system restore, it worked for me!!!

  • john says:

    hey im at the sign up part and it wont let me open up windows what do i do?

  • brad says:

    I am also at the sign up part and it will not let me open up windows. What can I do

  • bob says:

    I had the clean this thing-i turned of my computer, then restarted it in safe mode then selected a date proir to getting clean it and let the computer do its thing-it worked for me-life is good again

  • bob says:

    restart in safe mode and do a system restore-worked for me

  • Tom Suarez says:

    I contacted the Clean This virus 3 days ago and had all the problems mentioned here. I used another computer to download a reputable anti malware software for a low price onto a flash drive. I plugged the flash drive into my infected computer, ran the program and it was immediately fixed.

  • nicole conner says:

    i can not see other post with that n my way can i remove.

  • Carroll says:

    A family member referred me to your website. Thank you for the details.

Loading...