CleanThis - video
Thanks to rogueamp for making this video
CleanThis masquerades as Microsoft Security Essentials alert and claims that your computer is infected with unknown Win32/Trojan. The fake security alert box does not go by clicking the "X" mark at the right top corner. Actually, it won't go unless I click "OK" or "Continue", which will install "CleanThis" and reboot your computer. After a reboot, you will see the "Windows CleanThis World's leading security solution" screen instead of your normal Windows desktop.
Fake security threat warning:
CleanThis doesn't appear in the list of "uninstall" programs. This rogue applications disables pretty much everything on your computer, Task Manager, Internet Explorer, it hides your Desktop even in safe mode. It modifies Windows registry so that the rogue programs runs automatically during system bootup. Thankfully, we've got the removal instructions to help you to remove CleanThis. Please be advised, if you pay for this phony security software, you will subjected to monetary theft, or in a worst-case example, ID Theft. There is no guarantee that your credit card details aren't going to be sold to other third parties. Do not hesitate to contact us if you need further assistance or you have questions regarding removal of CleanThis. Please leave a comment below. Good luck and be safe online!
CleanThis is a new variant of ThinkPoint and Palladium Pro scareware.
CleanThis removal instructions:
1. Restart your computer. Once the "CleanThis World's leading security solution" window comes press the "Safe Startup" button to do the safe start. It may take a few seconds to load.
2. The CleanThis scanner will show up. Click "OK" to run a full system scan. It may take a few minutes to complete. Then, select "Settings" from the menu and check a checkbox "Allow unprotected startup." Click "Safe settings" to safe the changes.
Close the CleanThis scanner by clicking the "X" mark at the right top corner.
3. Click Start -> Run or press WinKey+R. Type in cmd and press Enter key or click OK.
Type in: taskkill /f /im gog.exe and click Enter. This will stop the CleanThis malware.
4. Download the following file to your Desktop: windows-shell.reg. Double-click to run it. Click "Yes" when it asks if you want to add the information to the registry. This file will fix the Windows Shell entry. This step is important because if you won't fix this entry, then your Windows Desktop may not be displayed the next time you reboot. Once the new registry value has been added, you can delete the file from your computer.
5. Download free anti-malware software from the list below and run a full system scan.
6. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.
Alternate CleanThis removal instructions:
1. Reboot your computer is "Safe Mode with Command Prompt". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Command Prompt" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
2. When Windows loads, the Windows command prompt will show up as show in the image below. At the command prompt, type explorer, and press Enter. Windows Explorer opens.
3. Then open the Registry editor using the same Windows command prompt. Type regedit and press Enter. The Registry Editor opens.
4. Locate the following registry entry:
In the righthand pane select the registry key named Shell. Right click on the registry key and choose Delete. Click Yes to confirm and exit the Registry editor.
5. Delete CleanThis files. Delete gog.exe and other files as shown in the image below.
- C:\Documents and Settings\[User Name]\Application Data\ (Windows XP/2000)
- C:\Users\[User Name]\AppData\Roaming\ (Windows Vista/7)
NOTE: By default, Application Data folder is hidden. If you can find it, please read Show Hidden Files and Folders in Windows.
6. Go back into "Normal Mode". Download free anti-malware software from the list below and run a full system scan.
7. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET NOD32 Antivirus 4.
Associated CleanThis files and registry values:
For Windows XP users:
- C:\Documents and Settings\[User Name]\Application Data\gog.exe
- C:\Documents and Settings\[User Name]\Application Data\[SET OF RANDOM CHARACTERS].bat
- C:\Documents and Settings\[User Name]\Desktop\CleanThis.lnk
- C:\Documents and Settings\[User Name]\Start Menu\Programs\CleanThis.lnk
- C:\Users\[User Name]\AppData\Roaming\gog.exe
- C:\Users\[User Name]\AppData\Roaming\[SET OF RANDOM CHARACTERS].bat
- C:\Users\[User Name]\Desktop\CleanThis.lnk
- C:\Users\[User Name]\Start Menu\Programs\CleanThis.lnk
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell = "%AppData%\gog.exe"