Home Malware Programs Rogue Anti-Spyware Programs Clean Security

Clean Security

Posted: July 22, 2011

ScreenshotClean Security is an ironically-named rogue application with a penchant for using imitations of security features in lieu of the real thing. Our SpywareRemove.com research team has also found that the company that markets Clean Security has acquired a reputation of charging fraudulent credit card bills and disseminating similar rogue software clones around through a handful of other websites. Clean Security and websites related to it should be shied away from, since any Clean Security infection may cause negative system setting changes, including altered file-viewing settings, desktop behavior and security program blacklisting. You should delete Clean Security with the use of an anti-virus or other security product that's able to revert Clean Security's Registry alterations and other system changes.

Tracing Clean Security's Scummy Trail Back to the Source

Clean Security (also sold under the alias Clean Security 2011) is sold by clean-security.com, a professional-looking but bare-bones website that offers a credit card-processing feature ostensibly to purchase Clean Security and not much else. Although the Clean Security website does claim to have good customer service, most victims of Clean Security infections or related credit card charges have reported that the Clean Security's help service is evasive, at best.

Unintentional ways of being infected by Clean Security can entail:

The aims of these rogue programs, including Clean Security, coincide in their desire to steal your credit card number, which will then be used for multiple sixty-dollar charges, at the least. Cancel your credit card if you've accidentally or intentionally given its information to the criminal enterprise that designed Clean Security.

The majority of Clean Security's attacks exploit the Windows Registry, and for this reason, our malware experts recommend the application of good anti-malware software instead of deleting Clean Security's files by yourself.

The Remainder of the Traps That Clean Security Sets for Your PC

Our SpywareRemove.com malware researchers have found that Clean Security has the usual selection of traits that are indicative of rogue security software, and harboring Clean Security on your PC only allows the following unpleasant events to strike:

  • Clean Security will launch itself without your permission and continue to remain active even if you attempt to close it.
  • Clean Security creates fake errors that imply that your PC is in even more urgent condition than its real status would imply. These errors may make it appear as though critical programs are infected or otherwise damaged.
  • Your actual security products may fail to run while Clean Security is active; our PC security team recommends the use of Safe Mode or rebooting from a USB drive if this prevents you from removing Clean Security.
  • Other Clean Security attacks can include, but aren't limited to, browser hijacks, disabling your ability to view Hidden or System files and attacking your security settings.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS]
    2 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe
    3 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS]
    4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mode'HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'