Posted: November 11, 2010

CleanScan Description

CleanScan is a rogue anti-malware program that displays threat alerts to confuse any victims into paying for a fake, premium disinfection service. Unlike the functions of real anti-malware products, detections from CleanScan installations have no corroboration with real attacks against your computer, and malware researchers have found no compelling reasons to avoid classifying CleanScan as scamware. Although current samples of this fraudulent software lack advanced defensive measures, a good rule of thumb is to use dedicated anti-malware tools to remove all threatening software, including using them to remove CleanScan.

The Dirt behind CleanScan's Scans

CleanScan, sometimes detected as a PUP, a FraudTool or even a variant of the Artemis Trojan, is threatening software that imitates the outer appearance of real anti-malware scanners. However, rather than providing the appropriate security functions, CleanScan displays fake warnings about your PC's health. These alerts may include imitative system scans that show inaccurate infection results, as well as other, generalized pop-ups.

CleanScan borrows its skin from the family, and, like most members of that family, specializes in targeting residents of South Korea. Although its interface is almost entirely in Korean, PCs of other regions visiting compromised sites associated with CleanScan also could be at risk of being attacked. The Onescan family especially is noted for its abuse of exploits that could install its members, like CleanScan, onto your computer as soon as the relevant website loads.

Unlike some other, more well-developed scamware families, CleanScan, and its variants have no histories of blocking real security software or engaging in major attacks besides loading fake security features. However, malware experts have found many variants of Onescan updating themselves, which could allow for the inclusion of new features to CleanScan automatically. The same backdoor connection also may be used to notify CleanScan's administrators of the original infection.

Cleaning Up after a CleanScan Attack

CleanScan's is meant to deliver revenue to third parties by imitating the features of a software product, but can provide none of the functions CleanScan promotes, and its purchase is heavily discouraged. Your response to any visible signs of CleanScan, SpeedCure, Dr.Boan or similar scamware always should treat these scamware products as threatening software whose removal is necessary for your PC's security. Likewise, any information delivered through CleanScan's fraudulent company website or entered during its registration must be assumed to be in third parties possession.

CleanScan family members include

Many, but far from all brands of anti-malware products have historically good rates for detecting Onescan variants like CleanScan. Taking all steps needed to block CleanScan (and other threats) from launching, and then scanning your PC with real anti-malware products, should provide the simplest method of deleting CleanScan with no side effects. With respect to prevention, malware experts merely encourage using safe browser practices, installing all updates routinely and avoiding domains that are well-known for their links to rogue security products like CleanScan.

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanScan"

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to CleanScan may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.