Clean This

Clean This virus captures the computer through another Trojan infection. To remove ‘Clean This’ from the computer, run a full scan using an effective anti-malware program.

Clean This or also known as CleanThis virus is believed to be another variant of widely-spread rogue software called Think Point. Clean This is introduced as real anti-virus program on web sites created for promotional purposes. Authors of this malware also spread a Trojan in advance to infect web sites and modify each to run instant virus scan on visitor’s computer. The said online scan will show fake detection intended to influence victim to download and install a copy of Clean This. At first glance, innocent user may not know it as a threat. Some may consider the rogue program is useful because it clearly simulate to protect the system. Additionally, Clean This was developed using a nice graphical user interface. Most of all, it may turn out that the fake antivirus was part of the Windows operating system.

Victims may suffer from severe obstruction while using the PC when Clean This virus starts to display a lot of alerts and taskbar warning messages. It also blocks any programs from running and declares that relevant file is infected. This moment is the perfect time to advise the acquisition for full version of Clean This. Several pop-up is displayed suggesting immediate removal of identified Trojans and viruses.

Do not get deceived by this rogue product, start scanning the computer with genuine and effective security software as described below. The removal guide and free tool will help you remove Clean This virus without going through a long process.

Screenshot Image:

"Clean This" Virus

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Characteristics (Analysis)
Clean This virus is set to start up automatically by producing registry entry that contains this value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “cleanthis”

Malware Behavior

An attempt to run any installed program is blocked by this malware. Instead, it will state that the file is infected through this alert warning:

CleanThis
The application taskmgr.exe was launched successfully but was forced to shut down due to security reasons. This happened because the application was infected by a malicious program which might post a threat for the OS. It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.

How to Remove Clean This

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Step 1 : Remove Clean This with this recommended tool

First thing you should do is reboot the computer in Safe Mode with Networking to avoid Clean This from loading at start-up.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

To start Windows in Safe Mode with Networking, please do the following:

1. Remove all media such as floppy drive, cd, dvd, and USB devices. Then, restart the computer.

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8
a) Before Windows begins to load, press Shift and F8 on your keyboard.
b) On Recovery interface, click on 'See advanced repair options'.
c) Next, click on Troubleshoot option.
d) Then, select Advanced options from the list.
e) Lastly, please choose Windows Startup Settings and click on Restart. When Windows restarts, you will be send to a familiar Advanced Boot Options screen.
f) Select Safe Mode from the selections menu.

Safe Mode

2. Once the computer boots into Safe Mode, download the Removal Tool and save it on your Desktop or any location on your PC.

Download Tool

3. When finished downloading, locate and double-click on the file to install the application. Windows' User Account Control will prompt at this point, please click Yes to continue installing the program.
4. Follow the prompts and install with default configuration.
5. Before the installation completes, check prompts that software will run and update on itself.
6. Click Finish. Program will run automatically and you will be prompted to update the program before doing a scan. Please download needed update.
7. When finished updating, the tool will run. Select Perform full scan on main screen to check your computer thoroughly.
8. Scanning may take a while. When done, click on Show Results.
9. Make sure that all detected threats are checked, click on Remove Selected. This will delete all files and registry entries that belongs to Clean This.
10. Finally, restart your computer.

Note: If Clean This prevents mbam-setup.exe from downloading. Download the software from another computer. Renaming it to something like 'anything.exe' can help elude the malware.

Step 2 : Ensure that no more files of Clean This are left inside the computer

1. Click on the button below to download Norton Power Eraser from official web site. Save it to your desktop or any location of your choice.

NPE Download

2. Once the file is downloaded, navigate to its location and double-click on the icon (NPE.exe) to launch the program.
3. Norton Power Eraser will run. If it prompts for End User License Agreement, please click on Accept.
4. On NPE main window, click on Advanced. We will attempt to remove Clean This components without restarting the computer.

Advance Scan

5. On next window, select System Scan and click on Scan now to perform standard scan on your computer.

Scan the System

6. NPE will proceed with the scan. It will search for Trojans, viruses, and malware like Clean This. This may take some time, depending on the number of files currently stored on the computer.

7. When scan is complete. All detected risks are listed. Remove them and restart Windows if necessary.

Step 3 : Remove the Rootkit Trojan that installs Clean This

For automatic removal of rootkit Trojan using a free tool, you can refer to this guide. Download the tool and carefully follow the instruction.

1. Click on the button below to download the file FixZeroAccess.exe from official web site. A new window or tab will open containing the download link.

ZeroAccess Fix Tool

2. Close all running programs and remove any disc drives and USB devices on the computer.
3. Browse for the location of the file FixZeroAccess.exe.
4. Double-click on the file to run it. If User Account Control prompts for a security warning and ask if you want to run the file, please choose Run.
5. It will open a Zero Access Fix Tool End User License Agreement (EULA). You must accept this license agreement in order to proceed with rootkit removal. Please click I Accept.

6. It will display a message and prepares the computer to restart. Please click on Proceed.

FixTool

7. When it shows a message about 'Restarting System' please click on OK button.
8. After restarting the computer, the tool will display information about the identified threats. Please continue running the tool by following the prompts.
9. When it reaches the final step, the tool will show the scan result containing deleted components of Clean This and other identified virus.

Alternative Removal Procedures for Clean This

Option 1 : Use Windows System Restore to return Windows to previous state

During an infection, Clean This drops various files and registry entries. The threat intentionally hides system files by setting options in the registry. With these rigid changes, the best solution is to return Windows to previous working state is through System Restore.

To verify if System Restore is active on your computer, please follow the instructions below to access this feature.

Access System Restore on Windows XP, Windows Vista, and Windows 7

a) Go to Start Menu, then under 'Run' or 'Search Program and Files' field, type rstrui.
b) Then, press Enter on the keyboard to open System Restore Settings.

rstrui-win7

Open System Restore on Windows 8

a) Hover your mouse cursor to the lower left corner of the screen and wait for the Start icon to appear.
b) Right-click on the icon and select Run from the list. This will open a Run dialog box.
c) Type rstrui on the 'Open' field and click on OK to initiate the command.

rstrui-win8

If previous restore point is saved, you may proceed with Windows System Restore. Click here to see the full procedure.

Option 2 : Clean This manual uninstall guide

IMPORTANT! Manual removal of Clean This requires technical skills. Deleting system files and registry entries by mistake may result to total disability of Windows system. We advise you to perform a backup of registry before proceeding with this guide.

1. Kill any running process that belongs to Clean This.
- Press Ctrl+Alt+Del on your keyboard to access Task Manager.
- When Windows Task Manager appears, look for Clean This files (refer to Technical Reference) and click End Process or End Task.

End Task

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit and press Enter. This will open registry editor.
- Find and delete registry entries as mentioned in Technical Reference section.
- Close registry editor. Changes made will be saved automatically.

Run Regedit

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.

Start computer in Safe Mode using Windows 8
a) Before Windows begins to load, press Shift and F8 on your keyboard.
b) On Recovery interface, click on 'See advanced repair options'.
c) Next, click on Troubleshoot option.
d) Then, select Advanced options from the list.
e) Lastly, please choose Windows Startup Settings and click on Restart. When Windows restarts, you will be send to a familiar Advanced Boot Options screen.

- When you see Advanced Boot Options or Windows Advanced Options menu. Select Safe Mode.
- Windows will now start in Safe Mode. It runs on minimal set of drivers so expect your desktop to load a low-resolution display.

Safe Mode

- Thoroughly scan the computer with your updated antivirus software. Delete and clean all files that are infected with Clean This

4. Delete all files dropped by Clean This.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Technical Reference'. Make sure that you execute 'End Task' first before deleting the file. Otherwise, the system will not let you perform this action.

Technical Reference

Associated Files and Folders:Added Registry Entries:

Troubleshooting Guides

Did Clean This blocks your Internet access?

It is usual that rogue program prevents user from downloading removal tools from the Internet. Thus, infected computer may be denied to access the Internet by making changes to computer's proxy, DNS, and Hosts file. To fix Internet connection problem, follow these steps:

1. Download the free program called MiniToolBox. Click the button below to begin. Save the file on your hard drive or preferably in your Desktop.

MiniToolBox

2. Close all running Internet browser and double-click on the file to run. It opens a window showing a list of features.
3. Make sure that you have a check mark on the following items : Flush DNS, Reset IE Proxy Settings, and Reset FF Proxy Settings.

MiniToolBox

4. Click on the GO button to start the process. The program automatically closes and displays a text file for your reference.

5. If the above solution does not work, you may try other method like fixing a virus-blocked Internet access. Make sure that your hosts file is free from any malicious entries. View steps in cleaning Windows host file.

Ways to Prevent Clean This Infection

Here are some guidelines to help defend your computer from virus attack and malware activities. Being fully protected does not have to be expensive.

Install protection software to block Clean This and other threats

Having an effective anti-malware program is the best way to guard your computer against malware and threats. Although full version of anti-malware will cost some penny to obtain, it is still worthy to buy one. With real-time scan, it will be safer for you to browse the web, download files, and do more things online.

Get Protection Software

Keep all programs up to date

It is important to download critical update for installed programs. Software updates includes patches for security flaw that may utilize by an attacker to enter the computer. This flaw may be taken advantage by Clean This, viruses, and malware to attack the computer. Crucial programs to watch for updates are MS Windows, MS Office, Adobe Flash, Adobe Acrobat, and Java Runtime.

Activate security features of your Internet browser

SmartScreen Filter, Phishing and Malware Protection, and Block Attack Sites are the respective security features of Internet Explorer, Google Chrome, and Mozilla Firefox. Although, it may not fully guard your computer from online attack, at least it can lessen the risk. Enabling these features also helps to secure your private data and avoid identity theft.

Be a responsible Internet user

Antivirus programs and security features of Internet browser facilitates real-time protection and monitors harmful activities online. However, it tends to malfunction for some reasons. Thus, you do not have to be fully dependent on these tools. It is always best to practice safety measures when using the Internet.

You may also like...

88 Responses

  1. your help would be greatly appreciated.. :)

  2. Remove CleanThis says:

    Thank u i had this virus in my pc & after using your advise it has gone so thanks…!

  3. Malachy Thomas says:

    I am one of the stupid ones how went through buying this crap, can you tell me can i get my money back. Or is there any one who I can contact
    regarding this whole fiassco.
    Thanks
    M. Thomas

  4. Michael Mann says:

    Worked to remove this from a client’s system and was locked out of the task manager. Was able to get the registry editor to work so I removed the registry item and rebooted the system. The virus did not load and I was able to update the virus program and run a scan.

  5. John says:

    I’ve got this, and task manager fails to start… anybody got any clues?

  6. Justin says:

    Apparently, there is a new version that locks you out of MSCONFIG, REGEDIT, and the Task manager as well as preventing the use of Windows Defender and even the Help screen even in Safe Mode. Trying McAfee, I can still use that at the moment, then MalwareBytes. We’ll seee how it goes.

  7. John says:

    I’d love to know how Michael got regedit to run…

  8. Pete says:

    How do I get the continuious pop up “clean This” to stop alreay!? How anoying. It wont stop and is keeping me from using my computor

  9. Shannon says:

    I was another fool that fell for this. I could not do ANYTHING on my computer until my credit card information was put in. I couldn’t run my McAfee, or anything. It completely hijacked my computer. I have my bank monitoring my account for any more charges from this. That is all I could think of doing. Any other suggestions?

  10. steve says:

    Brilliant simple removal of Clean This virus. fraudsters sent me a link about my package at the post office on the day i was expecting one. silly me. thanks for this help.s

  11. leticia says:

    seme abrio el clean this..lo malo es que nome deja ahora abrir el windows, por tanto no puedo hacer nada de eso….hay alguna solucion? me abre la pantalla con la unica opcion de ejecutarl el clean this y nada mas.
    gracias

  12. Nadine Dutkiewicz says:

    Thank you very much for the information on “Clean this” I used the Malwarebytes to scan and delete this frustrating virus. I truly appreciate all the info.

  13. martinezj says:

    Thank you so much this helped me alot.

  14. jasdeep says:

    I cannot find hotfix.exe, instead i have 3 files csrss.exe, taskmgr.exe, winlogon.exe.
    How to remove it all?
    I can only click and end process on one and it doesnot help, please help me

  15. Paul says:

    I tried the above method, but there was no “hotfix.exe” start up item. Instead, when I right click on the “Clean This” icon on my desktop, the location comes up as c:users\(my name)\appdata\roaming\gog.exe. When I try to delete this file, I am denied permission. Does anyone have suggestions as to how to delete from this location? Thanks!!

  16. womble says:

    i just removed this from a neighbours pc, the file to end in the processes tab was gog.exe, i then opened regedit and did a key search for gog and it pointed me to a shell entry, i deleted this and restarted my neighbours pc and all was back to normal.

  17. Paul says:

    womble, thank you very much! I was able to find the registry editor (under tools rathere than startup) and found the gog.exe shell just as you said. Once found, it was as easy to remove by deleting as a vampire by sunshine. It is tenacious, however. After deleting the shell and the icons from the desktop, I emptied the trash. As I was emptying the trash, up popped the Clean This icon one last time, asking if I was sure I wanted to delete the file. Yes, I clicked, and after rebooting I am now once again in control of the startup of my computer. What an ordeal. Thanks again to womble and everyone else who has been posting suggestions.

  18. Patty says:

    I’m with John… Anybody got any advise on getting task manager to star-up??

  19. maggiezee says:

    For those who ended up paying like I did: my charge went thru the co. “chronopay”. I had success by calling chronopay directly. I told them I was charged for the product and that it was fraudulent. They said, they would refund the money. At my request, they sent me an e-mail confirming this but it takes 5-7 business days for it to be credited to my acct.

    I got the information about chronopay through an e-mail that was sent to me confirming my charge. I used a VISA card and it went through “verified by VISA”.

  20. Goge says:

    Simple-
    since ur browser, Task Manager are blocked..no more internet n ending processes…I presume…regedit is a tad complicated one for few..

    Here’s wat I did—>

    Boot ur system in Safe Mode–(go to msconfig)
    in the safe mode, let the clean this run (no option), and safely boot..
    Now go to the location where the program is located—>
    User/AppData/Roaming…delete the associated files (Install, Clean this, etc).U can’t delete gog.exe
    now that the above files r deleted..
    restart your system..The clean this program won’t run anymore..
    now again go back to the Location (User/AppData/Roaming)..delete the file gog.exe

    U r safe now…Run a full system scan!!
    Happy Computing.

  21. Michael says:

    My wife got this on her laptop and we tried all the list above. We ended up making a new admin. account and going in through that to do a system restore. It said that it restored correctly. We are now going to do a online system scan with the antivirus.

  22. Tim says:

    Thanks for the aid.
    I only had to delete
    “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\gog.exe”
    in the regedit and use msconfig to reboot the pc. Afterwards the messages had gone.
    hotfix.exe and all the other stuff of the technical details above, I did not find on my PC. Afterwards I updated my Antivir Software and a full scan showed no warnings.
    It works now, we will see if there is more coming up.

  23. Joe says:

    What do you do if your OS is Vista??

  24. a.chouinard says:

    My task manager is also being blocked… how can i get into this registry editor everyone is talking about?

  25. Pete says:

    I can not even pull up Task Manager.. I can get to safe mode and then it just reverts back to the virus (Clean This) This is getting frustrating.. Anyone have any easy suggestions to get rid of this virus.. thanks

  26. Fabrizio says:

    Thank you very much,
    you gave me extremely useful informations.
    Resolutive for this problem

  27. Denise says:

    thanks…very helpful..especially Womble and Tim’s advise..if you can follow the two postings…difficult when you are not that computer savvy…it does work.

  28. Daniel says:

    I was lucky, I just got Windows Security Esssentials, updated and ran a “quick scan”, and the virus was delted, I think I may have contracted an older and weaker version not one of the new ones.

  29. Joe Wessels says:

    Wow! This one really put me to the test. Thankfully, between being an old fart and remembering some of the DOS commands AND seeing this site and Goge’s comments, I was able to start the Restore feature and restore my laptop to an earlier time. Everything works now as it should.
    A bit THANK YOU to this site and everyone who commented.

  30. Maurice says:

    I used Michael’s solution of setting up a phantom administrator account using switch user. This enabled me to do a restore which was barred using my own account. This solution has now been thoroughly tested and the offending ‘Clean this’ virus is no more.

    Thank you Michael, a brilliant solution.

  31. Lisa says:

    Thank you everyone, just save myself a huge headache by following wombles advice…cheers mate all better now!

  32. Jim says:

    If you have access to a second computer, you can download a demo copy of Active Boot Disk for a 10-day trial at no charge (although I will likely now buy it, given how it saved me). Once you download and install the software on the second computer, you can use it to create a bootable CD or USB (if your BIOS supports it – check boot options by hitting F2 during system start-up). You can then take that bootable CD or USB to the infected computer and boot it up. Once you boot from the CD or the USB, the software will bring up a lightweight version of Windows 7 (PE), which has an Explorer-like tool. You can use the ‘Explorer’ to go to the c:\documents and settings\\application data folder, and once there, manually delete the files mentioned above. In my case, once those files were manually deleted, I was able to successfully boot back into my PC without CleanThis getting in the way, and then I could used REGEDIT to do the rest of the clean-up.

  33. dana says:

    I had to go in and use taskkill /f / im gog.exe to get into my task bar

  34. Harry says:

    If you cannot start the TaskManager because it is blocked, you can also use ProcessExplorer or pslist+pskill to kill the process

  35. Dave says:

    Help,,I have a DELL Inspiron 530. I am suffering from brain fart and cant seem to find my way through any of the above remedies. I cant open Task Manager,or find any of the above files for deleting. Can someone walk me through it? Thanks.

  36. ryan r says:

    Apparently they have changed things so that CTRL-ALT-DEL is disabled. I received a window and I can’t remember the message, but task manager was not available. There was no way out of the scan. Booting to safe mode did exactly the same thing and start the scan. I have recovery disks for that computer so I ran them, which partitions and formats the drive. After everything finished, I ran Malwarebyte’s Anti-malware program and it still somehow found a trojan on drive C and removed it. Thinking it had came from drive D, which wasn’t touched during recovery, nothing was found when I ran Anti-malware on it.

  37. Alex says:

    I would just like to add that i did not find the above tutorial in anyway helpful apart from

    Malicious Files Added by CleanThis:
    %UserProfile%\Application Data\gog.exe
    %UserProfile%\Application Data\cleanthis.exe
    %UserProfile%\Application Data\install

    The steps i got rid of the ‘clean this’ virus was:

    —> let the computer start up normally so that the window of clean this virus pops up.

    —> press the off button and you should see that it is trying to prevent the computer from shutting down, take note of the name in () witch should be ‘gog.exe’ continue with the shutdown process.

    —> then run the computer in safe mode with command prompt,
    the current directory that you should be in is

    C:\Windows\System32>

    —>type the following
    cd %appdata% ‘This may vary depending on witch vr of windows.
    C:\Users\%username%\Appdata\Roaming>

    dir *.exe ‘this shows all the .exe in the current directory.

    del gog.exe ‘this will delete the ‘clean this’ virus off the system.

    dir *.exe ‘just to make sure its gone.

    —> Now restart your computer, now you will have access to you computer because the main program/virus is now gone. Now you can intall anti-virus software as suggested as above.

    Thank you for your time in reading this post. I hope i can help any other people with this tutorial.

  38. Mark says:

    I followed this and it worked great. I also have a dell. All you have to do is let the virus run following the prompts. once it lets you do something, open the start menu and type regedit in the search bar. It will come up on top. Click on regedit and step through the menu until you find – HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\gog.exe. For those that aren’t pc suave, first you go to “HKEY_CURRENT_USER” and click on it. that will open another menu, find “software” and click on it. Next to “microsoft” and so on until you go as far as the menu lets you. the remainder of the string will be in a list on the right side of the screan. Right click on it and hit delete. After it is deleted, restart an problem should be gone

  39. Kyle says:

    Alex post was a blessing, thank you good sir for removing the headache and worry of trying to remove this horrible malware.

  40. REMOVE YOUR SOFTWARE FROM MY COMPTER

  41. matt says:

    how do i find the proper %appdata% label for windows vista cause the cd%appdata% didnt work

  42. matt says:

    in regards to my last post im an idiot never put spaces in……thank you greatly alex

  43. GH says:

    I have Clean This but can not even get to a screen for my malware and Cntrl/Alt/Del does nothing. Every time the computer reboots it goes only to Clen This and nothing else on the screen.
    Suggestions please.

  44. GH says:

    Tried Mark’s idea but I must not be smart enough did not grow up with computers. Carried thorugh the string through Winlogon. There were 2 string, one default and another. I deleted the2nd other, rebooted – same Clean This. Tried the F8, safe mode but safe mode boot still had Clean This. I can not get to the menu or desktop to even do Malware. The only screen is the “Clean This” in the middle and everything else is black and gone. Glad I have a laptop to see if I can get help.

  45. GH says:

    I tried Mark’s idea and last string had 2 and I deleted the 2nd but it did not work.
    I tried safe boot command, msconfig – NO; regedit – NO. Tried a safe reboot but no. No Safe Mode seemd to work.

    HELP

  46. EPSON says:

    I can’t RUN my TaskMager. it was blocked by CleanThis. what should I do?

  47. EPSON says:

    Thank YOU everyone…. I finally removed my CLEAN THIS…

  48. JohnJasper says:

    I cannot access with the task manager .. what am i going to do? is there any way to remove this virus??

  49. richard says:

    i logged in my pc as a different user and did a system restore and it got rid of the virus. recommend that u set up a 2nd user account for stuff liek this even if u never use the account itself!

  50. Scott says:

    Alex you are everything that is awesome so far. This thing was pissing me off since I work online and it kept giving me the gog.exe cleanthis screen of death in the beginning. I was beginning to think I would have to buy the thing before I could delete it!

  51. GH says:

    Still not able to get rid of it – and no suggestions out there for me?

    Tried several ideas as listed above.

    TY

  52. Phil says:

    Alex, you are officially a lifesaver, bro. Everyone listen to him – he shows the actual way of getting rid of it without using another account or task manager.

  53. Dana says:

    I could not get regedit, task manager or msconfig to work.

    I did solve it by right clicking on the CleanThis shortcut on the desktop, choosing properties then Find Target, locating the exe file in c:\documents and settings\(user)\local settings (hidden folder)\application data and renaming the gog.exe file.

    Then rebooted and ran malwarebytes, which was thankfully already installed on my system.

  54. jorge morales says:

    ese clean this se metio a mi computador y no me deja usar internet explorer, mozilla ni google chrone, solo puedo utilizar msn y a veces los documentos del escritorio y mi pc. como hago para sacarle eso a mi pc, porfa ayudenme.

  55. Costas says:

    i Cant find hotfix.exe from mscongig

  56. Rajeev says:

    One quick fix. Search for gog.exe and rename it any other extension restart the system. You are good to go. Enjoy and have fun.

  57. KenAldrickImbing says:

    Scan Clean This with MalwareByte’s Anti-Malware and everything will be OK! trust me.how to get malwarebytes? download it from another computer.

    reboot go set up choose save mode
    run the scan.

    restart

    BACK TO NORMAL!
    enjoy :D

    mail me for question
    keenster[at]rocketmail.com

    ps: i dont know how to remove the clean this icon. XD

  58. Elliott says:

    I just want to thank Alex, whose comment above helped me a lot. I wasn’t able to access the Task Manager or regedit or any other program with the newer version of Clean This. However, by following Alex’s advice above, I’m not in Safe Mode and running MalewareBytes and Spybot. Should be clean by the end of the afternoon. Thanks, Alex! (And thanks to the author of this)

  59. Elliott says:

    *now, NOW in Safe Mode. Sorry. :)

  60. mike says:

    luckily I had spybot installed already. Microsoft security essentials did not find the clean this virus, but spybot did and removed it. Could not run regedit.

  61. sara says:

    Thank you so much alex (and matt for mentioning space :p)

  62. Bill says:

    I just wanted to say ‘THANKS’ to Alex for his solution to this problem. I was getting nowhere with all of the other suggested solutions until this one. Thanks again Alex, I owe you bigtime for helping me with this mess.

  63. Owais says:

    ALEX, YOU ROCKED YOU IDEA TO GET RID OF THIS FCUK WORKED AWESOME. 5 START AND HATS OFF. :)

  64. Barba Zvone says:

    JUST DOWNLOAD MALWAREBYTES PROGRAM FREE TRIAL VERSION (FROM OTHER COMPUTER), UPDATE IT, RUN SCAN, DELETE THE INFECTED OBJECTS, RESTART THE COMPUTER AND YOU ARE SAFE!!!
    EASIEST AND QUICKEST WAY…

  65. Andera says:

    ALEX!! Ur a genius! Thx soooooooooooo much. It worked. :)

  66. Tom says:

    seems that it has evolved. I’ve read through past problems and it continues to get harder and harder to eliminate. I just got it and have tried everything listed. Here’s what doesn’t work:

    – control/alt/delete to stop program from running
    – trying to shut down (doesn’t respond)
    – trying to log off to log in as another user (no response)
    – turn on with safe mode (doesn’t accept password)
    – turn on in safe mode with command prompt (doesn’t accept password)

    The only way i log in onto computer is the standard way or through safe mode with networking. once i log on, right click is disabled. the only selection i’ve found to work is pressing the “safe startup” button from their window. Any suggestions??

  67. robert says:

    i just got rid of clean this on 25 april 2011, i let it run, went into clean this setting and tick run unprotected and it let me on to computer, with black screen but all my icons, i then went to start typed in on search bar clean this opened file where it was draged onto desk top and changed name. restarted computer, clean this did not come on so i deleted the clean this file i renamed and not as yet had a problem. now i am running malwarebytes to clean any thing it changed. hope this works the same for all you

  68. jay says:

    OMG. Is this anti-virus thing fake? I wasn’t sure and was freaking out and accidently bought it and now I’m getting really irritated because everytime I open an internet explorer window, it pops up saying that I have a virus and needs to buy this anti-virus thing again! it’s starting to piss me off. any help ASAP please!

  69. brian says:

    since it is a process that starts and loads in the boot i had to restart in safe mode, sign in as administrator. i did a search for “gog”. from there i deleted the folder “gog” that was in the documents and settings folder and the shortcut from the desktop. i also ran regedit. searching for gog . there were two places in the registry that contained the files. after deleting these values i rebooted in normal mode and “cleam this ” was gone. it wasnt a major effort but still a pain to loose the hour of time.

  70. Paul says:

    Guys just do what ALEX said his method his the best
    do not download malware bytes just boot into safemode with command prompt and delete gog.exe

    stupid scammers should be shot whoever made this program

    you know they are on here watching

    good thing we will tackle everything they do with google

    stupid virus scammers!!!!!!!!!!

  71. abhishek says:

    clean this is the worst software i have ever seen…@##%***

  72. link says:

    I just got rid of this troublesome malware a few hours ago. I don’t know whethere this is an effective way but it worked with my laptop. I just let the supposed “best security” programme do the ritual “scan” when i started my laptop ,then i set the settings to “enable startup without protection” (sth like that, i couldn’t remember), anyway, I ticked the checkerbox and clicked on the close button, and I gained access to my desktop. Then, create a new user ( make sure it is admin ), log out, and in again ( using the new user). The new user, to my surprise, had all the functions ( internet browser, task manager etc) needed to get rid of the malware in tact. I disabled the malware in task manager, download the malware protection programme, operate a full scan on my laptop, and two hours later, I finally got rid of the malware.

  73. John Walker says:

    I just spent this morning getting rid of CleanThis from a PC. I think I would have had the same difficulties as everyone else as the task manager was not accessible, malwarebytes was not installed, no system restore, etc.

    But what was present was another admin user account. Logging into this account gave me enough time to run Windows Defender, which while it did not find lots of other less malicious wares, did find the CleanThis trojan.

    Subsequently I have installed Malwarebytes and managed to log back into the main user’s account with no problems.

    It looks to me that the origin of this malware was when the computer user attempted to get around some strict OpenDNS safeguards… and found himself in a dodgy part of the internet. One of the dubious downloads was allegedly an Adobe Flash Player update, no doubt required to view some interesting content, but it was not downloaded from Adobe. LOL

  74. Sarah says:

    I thankful got the virus removed my going to task manager and deleting the other things too. Now i just wanna get my money back and wondering if anyones had success with that?

  75. Jon Smith says:

    Clean This was somehow installed on my computer and it completely locked me out of the internet and Itunes for a couple of days… It was pissing me off to no end but u finally helped me get rid of it. I owe u!!!

  76. Paul says:

    Thanks Tim.

  77. darrell says:

    CHECK THIS OUT THE EASIEST WAY GET RID OF THE CLEAN THIS VIRUS. YOU START THE COMPUTER LET IT DO ITS THING THEN GO TO USER ACCOUNTS CREATE A NEW USER THE VIROUS WILL NOT BE THERE GO ONLINE AND DOWNLOAD THE FREE VERSION OF AVG AND RUN IT. IT WILL GET RID OF THE VIRUS. THEN REMOVE THE SECOND ACCOUNT IF YOU WANT. I READ ALL THIS STUFF ON HERE AND IT DID NOTHING BUT CONFUSE ME BECAUSE IF YOU ARE NOT A GENUS THIS IS JUST A BUNCH OF WORDS. SO I FIGURED IT OUT MYSELF AND THIS WORK LIKE A CHARM. TRY IT YOU WILL SEE

  78. ALopez says:

    Yo! Mark! Your comment really helped.Now I can access task manager and access the Internet!! Thanks for your help. Now my laptop won’t be starting with clean this and that or whatever…
    :D woohoooooo!!!!! my laptop’s fixed thanks to you

  79. ALopez says:

    If your google chrome 7’s browser doesnt work try doing this so you would be able to access the internet even with the virus in the pc or laptop…

    Go to the google chrome’s shortcut then right click
    choose–open file location
    choose–old_ chrome (you must have an old google chrome which has been updated to 7)
    then you are free to surf the net

  80. f4rib0rz says:

    thanks for alex post…

  81. Neil says:

    Thanks to the wizard who suggested restart in safe mode. I opened in safe mode (windows 7) with command prompt. entered explorer.exe. sought out control panel and restored system to two days ago. Clean This has gone! Yippee!

  82. Adam says:

    thanks you very much for the guide, now i removed clean this virus………..

  83. Patricia says:

    Alex, you are a genius!!!; thanks a lot!!!!! your help was wonderfull, i can use now my computer!!!, thank youuuuuuu

  84. balki65 says:

    Help me with a problem is that computer constantly restarts in two modes with pomoshnik and normal start. No one can log into the system and I tried to boot CD 5.0.3 PIC was not anyone there. Sorry for bad english but work with Google Chrome e-meil: sprintbg @ mail.bg. Thanks

  85. Steven says:

    Got this and used Microsoft Security Essentials to erradicate it. That program is easier to use and this “Clean This” virus was the first thing it scans.

  86. WoodenThumb says:

    ALEX… U R Awesome… your step by step directions worked perfectly. When the “Clean This” screen came up I had tried to get into task manager but received a black screen. Your step by step directions in safe mode were perfect…. I was able to get back my desktop after deleting gog.exe and am now running the anti virus software recommended above… Thanks for you help… U saved me allot of time and hassle!!

  87. Lemonilla says:

    For people who cant open task manager using Ctrl+alt+del you can use command propt “explorer .” to open a window to delete:

    %UserProfile%\Application Data\gog.exe
    %UserProfile%\Application Data\cleanthis.exe
    %UserProfile%\Application Data\install

    and use “regedit” to delete:

    HKEY_CURRENT_USER\Software\PAV
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “cleanthis”
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\gog.exe”

  88. Lemonilla says:

    Sorry for double post, but to open command prompt use

    tap f8 while booting
    select “open in safemode with command prompt”
    enter password
    type “explorer .”
    hit enter
    search for:
    %UserProfile%\Application Data\gog.exe
    %UserProfile%\Application Data\cleanthis.exe
    %UserProfile%\Application Data\install
    delete them
    exit explorer window
    type “regedit” into command prompt
    find
    HKEY_CURRENT_USER\Software\PAV
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “cleanthis”
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%Documents and Settings%\[UserName]\Application Data\gog.exe”
    delete them

Leave a Reply

Your email address will not be published. Required fields are marked *