Saturday, March 19, 2011

CleanThis Removal Guide

CleanThis Removal Guide
CleanThis is a fake antivirus program that cannot detect and remove any malware. However, once CleanThis is installed in the computer, it WILL SURELY state that the computer has been infected by malwares and ask the user to purchase the full version of CleanThis. CleanThis is part of Microsoft Security Essential infection. Do not ever purchase CleanThis as it cannot detect and remove any malware. CleanThis will start automatically when Windows boot. Then CleanThis will states that it is a World's leading security solution. Actually, CleanThis cannot protect any computer from malwares.

CleanThis provide fake features such as Quick Scan, Full Scan and Firewall. It scares the user that the %ProgramFiles%\Messenger\msmsgs.exe is infected with Trojan.Horse.Win32.PAV.64.a. Don't be cheated as the file is clean. It disable Windows Task Manager and stop other legitimate antivirus program from protecting the computer.

CleanThis should be removed immediately!

CleanThis Removal Guide
Kill Process
(How to kill a process effectively?)
gog.exe

Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "%Documents and Settings%\[UserName]\Application Data\gog.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "CleanThis"


Remove Folders and Files
%Documents and Settings%\[User Name]\Desktop\CleanThis.lnk
%Documents and Settings%\[User Name]\Start Menu\Programs\CleanThis.lnk
%Documents and Settings%\[User Name]\Application Data\[random].bat
%Documents and Settings%\[User Name]\Application Data\gog.exe
%Windows%\Tasks\At[random].job

No comments:

Post a Comment