Clean Security

Posted: July 22, 2011

Clean Security Description

ScreenshotClean Security is an ironically-named rogue application with a penchant for using imitations of security features in lieu of the real thing. Our research team has also found that the company that markets Clean Security has acquired a reputation of charging fraudulent credit card bills and disseminating similar rogue software clones around through a handful of other websites. Clean Security and websites related to it should be shied away from, since any Clean Security infection may cause negative system setting changes, including altered file-viewing settings, desktop behavior and security program blacklisting. You should delete Clean Security with the use of an anti-virus or other security product that's able to revert Clean Security's Registry alterations and other system changes.

Tracing Clean Security's Scummy Trail Back to the Source

Clean Security (also sold under the alias Clean Security 2011) is sold by, a professional-looking but bare-bones website that offers a credit card-processing feature ostensibly to purchase Clean Security and not much else. Although the Clean Security website does claim to have good customer service, most victims of Clean Security infections or related credit card charges have reported that the Clean Security's help service is evasive, at best.

Unintentional ways of being infected by Clean Security can entail:

The aims of these rogue programs, including Clean Security, coincide in their desire to steal your credit card number, which will then be used for multiple sixty-dollar charges, at the least. Cancel your credit card if you've accidentally or intentionally given its information to the criminal enterprise that designed Clean Security.

The majority of Clean Security's attacks exploit the Windows Registry, and for this reason, our malware experts recommend the application of good anti-malware software instead of deleting Clean Security's files by yourself.

The Remainder of the Traps That Clean Security Sets for Your PC

Our malware researchers have found that Clean Security has the usual selection of traits that are indicative of rogue security software, and harboring Clean Security on your PC only allows the following unpleasant events to strike:

  • Clean Security will launch itself without your permission and continue to remain active even if you attempt to close it.
  • Clean Security creates fake errors that imply that your PC is in even more urgent condition than its real status would imply. These errors may make it appear as though critical programs are infected or otherwise damaged.
  • Your actual security products may fail to run while Clean Security is active; our PC security team recommends the use of Safe Mode or rebooting from a USB drive if this prevents you from removing Clean Security.
  • Other Clean Security attacks can include, but aren't limited to, browser hijacks, disabling your ability to view Hidden or System files and attacking your security settings.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS]
    2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
    3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS]
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Clean Security may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.