Posted: March 19, 2011
Threat Metric
Threat Level: 10/10
Infected PCs 5

CleanThis Description

ScreenshotThe rogue program CleanThis is a copy of older malware threats like ThinkPoint and shares in their aggressively debilitating behavior. Although CleanThis might look like software that can help you clean malware from your computer, it has no affiliation with Microsoft and is a fraudulent product that shuts down programs while generating misleading error messages. Because this rogue product disables so many parts of your PC, you should remove CleanThis whenever you find it to be lurking on your hard drive. Until then, your computer's security will be seriously compromised!

Far from Clean Software

CleanThis shares a trojan-based delivery method with many other rogue applications, and can be injected by the widespread fake Microsoft Security Essentials Alert trojan. This trojan can drop an incredible variety of rogue programs; the key to stopping it is to notice the unusual error message and react with appropriate defensiveness. Here's the message you should watch out for:

Microsoft Security Essentials Alert
Potential threat details
Microsoft Security Essentials detected potential threats that might compromise your privacy or damage your computer. Your access to these items may be suspended until you take an action. Click ‘Show details’ to learn more.

After this, the trojan will alert you to the fake presence of an 'Unknown Win32/Trojan,' which, after a few more click-throughs will be revealed as a more specific trojan infection type. This infection doesn't exist and is only warned to get you to willingly download CleanThis or another rogue program. If you see these messages, reboot your system into Safe Mode and take steps to rid yourself of the trojan. Otherwise, CleanThis may be installed even if you try to avoid it.

Getting loaded down with CleanThis will inflict many different problems on the PC, all of which are caused by this rogue program or its helping trojan:

  • CleanThis will take over your desktop and your system in general, loading itself before everything else and preventing you from accessing most of your PC's interface. You may or may not be allowed to use shortcuts, et cetera as per the norm after waiting through a fake scan on CleanThis's part. If CleanThis does scan your PC, it will pretend to find malware each and every time - because it's not even looking for real threats!
  • A secondary symptom of CleanThis infection is a number of warning messages different from the ones caused by the trojan that delivered it. These errors are just as false, but shouldn't be completely ignored - they can prevent you from seeing real errors and may contain links to malicious websites.
  • Different programs are also completely disabled by CleanThis. Your Windows Task Manager, Control Panel, Registry Editor and anti-virus software are all prime targets for CleanThis to block off. This particularly dangerous functionality makes CleanThis a real threat to your computer's security, even if it's not causing active damage.

Cleaning Out CleanThis

Although CleanThis will keep on telling you that you should register it to fix your PC back up to perfect health, this is just a scam designed to steal your money and personal information. Users who've fallen for this trick and given up their credit card information should talk to their credit card company and get charges revoked; most companies will allow this in a case of such clear-cut fraud.

Disable CleanThis through whatever methods you need to regain access to all your blocked programs, since trying to delete CleanThis while the rogue program is still running may result in failure. Since there have been cases reported of CleanThis running even in Safe Mode, specialized anti-malware software solutions may be required. However, the rogue product CleanThis is based on has been around for more than long enough for good solutions to be developed by the industry, so you have nothing to fear!

While removing CleanThis, be particularly cautious to remove any infections that are linked to it, too. The fake Microsoft Security Essentials Alert trojan is paired with CleanThis in most cases and can drop other rogue software like Red Cross Antivirus, and Major Defense Kit and, of course, ThinkPoint. Take care to remove CleanThis and its malware friends completely the first time, and you'll save yourself the bother of having to do it a second time later.


Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to CleanThis may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%AppData%gog.exe File name: gog.exe
Size: 602.62 KB (602624 bytes)
MD5: 17fc78683265940605870d1c789b4720
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%
Group: Malware file
Last Updated: March 21, 2011

Additional Information

The following messages's were detected:
# Message
1The application taskmgr.exe was launched successfully but was forced to shut down due to security reasons.

This happened because the application was infected by a malicious program which might post a threat for the OS.

It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.


Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.