I recently picked up a Virus that will not let me delete it because it does not appear in the list of "uninstall" programs. It is called "Clean This" and claims to be a Microsoft product. It constantly wants to get you to upgrade to the free version, beginning at $69. I have searched my computer and looked through the programs and system files but cannot find anything called "Clean This." Please help. RobertTuzik@AOL.COM
http://www.computing.net/howtos/sho...
The above shows how you got the fake AV and how to prevent it.
Also putting your e-mail into a post invites spammers from everywhere, that is not a good move on your behalf.Now that it's in your registry do the following.
Try downloading and running these utilities in the exact order
1- rkill.exe (kills the malware process)
2- TDSS killer (removes unwanted rootkits if found)
3- Malwarebytes
run in full scan and fix all it finds, then rebootAlso run trojan remover and fix all it finds
Some HELP in posting on Computing.net plus free progs and instructions Cheers
Robert- I have the same exact issue here...
Any suggestions on the fix?
I cannot start up in safe mode or anything?
calanchr, remove your drive and slave it to another pc to remove the problem Some HELP in posting on Computing.net plus free progs and instructions Cheers
I was able to remove this rogue Clean This by using mbam. I did two scans, one in safemode and another in normal startup. Dozens of file is detected and removed. I believed I got this crap when I downloaded a game from torrent servers. Follow this procedure: http://www.im-infected.com/rogue/re...
Thanks but no luck......I cannot start my task manager in time.
no luck- task manager not opening...I tried 20 times very quickly....thanks for the link though...
xpertise...Did you have to purchase the mbam?
Clean this is even in SAFE MODE....not able to work around it as of yet.
calancher..........any sucess with removing Clean This?? I have tried the Run>cmd option but will not accept the taskkill instruction........any ideas out there??
Firstly check your Proxy settings:
I have the virus myself ... did you fix it and how ? www.papaberch@yahoo.com
please let me know as my family and I are on a tight budget .
I have the virus also...did anyone fix it, and can tell me how?
Ok, I just got done cleaning the home computer of the "Clean This" virus. On our computer we have three users, each with their own passwords. Since the virus would let me do anything but run its scan and then try to get me to purchase its security program, I logged off and signed in on another users site. Once there I could access the internet and I found Stopzilla. Downloaded and ran the program for free and am now back on my log in page with no problems. Took a little while; but Stopzilla got the job done. Good luck
All the help on the web regarding this issue were useless. This is how i fixed this issue for an employee of mine
1) restart the computer in safe mode with command prompt (press f8 repeatedly while the system is restarting)
2) in the command prompt window type in explorer.exe
3) go to control panel and look for restore points
4) select a restore point (date before you started seeing this issue)
5) Let windows do the trick6) enjoy your computer and never fall to such gimmicks. There is nothing free in this world :))
krisguru,
All the help on the web regarding this issue were useless.
good luck with the restore....it will NOT remove the problem...refer to response #1 and YES there are better free cleaners and free AV's than most paid ones.Some HELP in posting on Computing.net plus free progs and instructions Cheers
XpUser4Real
Restore worked wonderfully for me. No need to try Malwarebytes etc for this like u mention in your post.All you need is to restore the computer to a restore point before you started seeing this issue.
the simplest way to do this is type in rstrui.exe in the command prompt. And go thru the wizard.
lol...I would bet if you try malwarebytes it will find things your AV has missed... Some HELP in posting on Computing.net plus free progs and instructions Cheers
Had the same virus and did the system restore today. This process worked for me.
Just finished recovery of my PC after about 8 hours of trying. I finally got to your recommendation and it worked. Many thanks for your recommendations - you're a hero in my eyes. - Going to bed now - it;s nearly 3am local time!
f8 then debug mode
will start without Clen This
then search for gog.exe and remove itclean this loads as msdos and stops win from working right.
good luck
The clean this was also at safe mode! Therefore I download f-secure rescue cd (zip file). This file had an iso file. I burn this iso file wtih power iso program and then start the pc with this cd (first boot). I had the internet connection (cable) and after it finished updated with the latest virus definitions it scanned the pc (it takes time), found it and managed to clear it. The pc restarted finally normally to be more sure I dovnload malwarebytes and after updating it I scanned it again the pc and that's it!
FYI, Hirem's Boot CD contains a "mini-XP" mode (runs in Linux) that should allow the user to access the system and kill the files without the nasty virus running. My in-laws PC got nailed, so I'll be trying this out over the weekend.
I deleted the file it is not listed as clean this its called gog and it was under the username roaming so just search for a file named gog and delete it. So far, so good for me.
I just successfully dealt with Clean This issue. The hacker has provided means to prevent any normal deletion of it and the gog.exe file locks up the computer to a large degree. I chose to restore my hard drive completely through use of the OS CD rom and other associated CD's.
See rip off report.com posted 4/2/11. The best thing it seems is to avoid the trial version of Clean This then back up and go to an earlier restore point if you have Vista.
I created a new user account, after extracting my files to my external harddrive, deleted the account with the infected download scripts, downloaded "MalwareBytes", performed the full scan option and deleted the remaining rogue files. Also, if you download the program, before you delete the accoung, try using the "program assassin" to kill the locked infected download file. This is the easiest way, i mean im 17 =]
I had this virus and used malwarebytes to remove it, but now I just have a black screen instead of the usual win 7 pics in the background. Other than that it seems to be working fine, but is there any reasons or fixes for the lack of display pic? Cheers
why not just add a new background? Some HELP in posting on Computing.net plus free progs and instructions Cheers
For people who have no computer language knowledge, the following are step by step simple instructions on how to remove CleanThis from your computer. It may look long and complicated, it is not, just takes patience and rechecking your typing for zero typing errors. If you follow each step slowly and surely, you will get rid of the virus. [If CleanThis does not allow you into the Start menu, repeatedly close CleanThis and/or click on the CleanThis button that says to proceed without security or protection, until you are finally able to click on the Start menu and open it.]
click on Start menu, click on Search, click on All Files and Folders, Click on Advanced, click on (check mark) all options except "Case Sensitive", type "gog" in the "All or part of the file name" search field and press Search button. (Type gog not "gog", that is, do not type the quotation marks)
Right mouse click on any files named "gog" that are found through Search. Delete all of the "gog" files. About 32 or so files will go to your trash folder. Make sure you empty your recycle bin. One gog file will remain. It should be in the following "location" --> D:\Documents and Settings\Owner\Application Data. [If it is not in this location, you must write down the location exactly as it is written for later reference.]
Click on Start menu, click on Accessories, click on Command Prompt.
In the Command Prompt window that opens, you should have the following command prompt --> D:\Documents and Settings\Owner [if you don't have this same command prompt, then go to note with **** below]
Type:
cd Application Data
Press Enter*Type:
rename gog.exe gog.txt
Press Enter****[If your location address was different from the one above, in the command prompt window, type "cd" (without quotation marks) and type the location address you had written down before, then press Enter, then type "rename gog.exe gog.txt", then press Enter.]
Close command prompt window.
Shut Down computer. I was unable to shut down my computer the preferred way, so I had to hold down my computer's power button for 30 seconds until it finally turned off.Wait 30 seconds, then power on your computer.
Repeat steps to go back to the command prompt window all the way to the step that says *Type, above. At this point type:
del gog.txtI suggest restarting the computer one more time. The CleanThis virus should be completely erased from your system.
Were you able to fix your computer? I was unable to do system restore or safe mode, I finally removed the virus manually. I wrote in detail how I deleted the virus under my post at bottom of this thread. See VirginiaSara
Heeha you legend, did what you said and happy days, off to watch the footie and have a few coldies!!!!!!!!!
Krisguru, Thank you so much. this worked perfectly. You're brilliant!
Dear krisguru. I LOVE YOU I LOVE YOU I LOVE YOU. I am a complete technophobe, but with your help, I've cracked it. Sooo easy to do. Well done my hero.
restore point advice work perfect Thanks
krisguru, thank you so much......it worked great on my Win 7 machine. Note that it's the "recovery" function under Control Panel for Win 7 (it takes me to the same restore function). Thanks again !
I just got Viper and it kicked it out pretty fast. Though the problem is that this Virus shuts down your browsers....so I downloaded the software on a clean system and then installed into the infected one with a flash drive. Pretty easy fix if you know how.
THe way to open up your OS is when the Clean virus opening screen pops on when you boot up....there is an option on top...forget whats its called...(Tools or something like that.) Pick that and choose run without proctection the inject the Anti Virus.
Also , lots of free Anti-vs will do the trick.
took me 10 minutes to get rid of this, let it do it scan, go into settings within clean this and allow safe start up. do a file search for gog.exe, it will come up with no file found, search hidden and system files, gog shows its ugly head. you cant delete it yet as it is in use, rename it gog.123. turn your computer off manualy and start up again. then you can download your program of choice and fix it. I just deleted it.
I cant use arrow keys to select SAFE MODE.
Also F8 wont give me a cmd prompt
DESPERATE
THANKS
thanks " XpUser4Real " your suggestions works for me thanks . limwell
why so difficult with the anti mallware programs,
just delete the gog.exe file in appdata/roaming
if you cant delete it , compress it first so it cant give itself any rights
I had this exact same problenm on my laptop. I tried hours trying to fix it.
This advise worked It took about 10 minutes to restore the laptop back to its glory days. This advise saved me good money has I was just about to take it in for repair thanks for the help.
CleanThis is not easily removed! There is a malware Registry entry to deal with:
HKCU\Software\Microsoft\Windows NT\CurrentConfiguration\Winlogon\\Shell = %AppData%\gog.exe
And, there are some files associated with the malware:
%UserProfile%\Application Data\completescan
%UserProfile%\Application Data\gog.exe
%UserProfile%\Application Data\install
Thank u very much for your help :)
i was able to delete the virus
Vista Users..,
it will get remove with "Safe mode with Command Prompt"
restart ur computer with "safe mode with command prompt"
them command prompt will open..
type "taskmgr.exe", Task Manager will open...
there create new task, and write"explorer.exe"..so ur taskbar and start menu will come.
goto c:\users\ [User Name] \Appdata\ Roaming..
there delete 3 files
1) gog.exe
2) install
3) complete scan.restart ur computer and u r done...
'Clean this' is using trojan to squeeze money from you. You cannot opt out, switch off the PC, removed thro normal ways, cut off from the internet usage unless u pay them. For normal spam ICANN will close your website. For this, they are ignorant.
I hope they take action.To remove. Easier way.
Click Start - Click Run.
Type 'regedit' in the given space. Enter
On the opened page's toolbar. Click 'Edit'.
On the opened menu click 'Find'
In the column on the small open page Type 'Clean THis'. Click 'Find Next' button
Wait awhile. If the trojan is present, files will show up in 'Regedit' blank space.
Right click on files especially gog.exe and install and delete. Click OK to confirm.
Restart PC. Hopefully it will not show up.I found this with more techniques in the internet last night. Tried this this morning and it works.
I wish to thank the writer/s in the website which for the love of god I can't find tonight. I wanted to tell you guys to go look it up. I think its PPC something. Im on my office PC. Forgive me for not searching hard for their URL. If you find it pls tell everyone. This is going viral. There were more people effected tonight than last night.
Adam
Thank you Virginia Sara!!!!!!!!!!!!!!!!!!!!!!!
I finally cracked it! Click Start than click Run than type in "regedit" than look on the left for HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="%Documents and Settings%\[UserName]\Application Data\gog.exe" Delete it and restart your computer and go upgrade your security software so you never have to deal with this again!
hi guys.. i have one more idea to delete this... 1.go to control panel>Folders Options>View then change setting to view hidden files and folders. Then click apply Then click ok.
2.go to c:>Documents and Settings>Administrator [ USER NAME ]>Application Data
3.Now create a new folder don't rename it.
4.Now drag these files gog.exe, install and complete scan [present in that same directory] file into new folder.
5.Now restart ur pc.
6.go to c:>Documents and Settings>Administrator [ USER NAME ]>Application Data
7.Delete that new folder.
Now clean this virus removed from your computer.
lingesh ( tamilan )
Trouble is, Clean This will destroy all your restore points. There is a way to get rid of this thing without buying a virus program made specifically for it, which is what most of these clowns suggest. Here is how I did it: It takes control of your Admin, and becomes your Admin, so, you can't delete the file. BUT you can delete the three attendant files by right clicking on the icon, showing properties and location. Go there, delete the three little files that go along with it. Then go to control panel, and create a new user, let's call the person Dog. OK, now, give Dog admin rights. Then reboot and let Dog run your computer. go to control panel again, even if you have to let the damned little thing run all its BS, and wait. Got to Control Panel as Dog. Now, change the attributes of the OTHER admin, to simply, user. NOW the thing is no longer running your computer; you are. NOW go find the .exe and delete it. It's gone. Then, go to avast.com and download their totally free virus protection scanner, and run it in silent mode. I don't work for them, and make no money from them, but Avast works, and you will NEVER get another virus from anywhere, because Avast updates itself, is totally free, and stops that kind of BS. Anyway, if it doesn't work for you, please email me or contact me thru AIM or ICQ from another computer, and I will help you step by step on how to do this. terian1234 AT yahoo.com ICQ: terian567 If you try to contact me on ICQ with the virus intact on your system, Avast will not let me talk to you. Use another computer.
Clean This wouldn't allow me to delete it OR access any kind of internet OR my system restore! So I took krisguru's advise to do the system restore, but like I said Clean This had cut me off from doing anything. What I ended up doing was simply creating a guest account and adding a password to my Admin account. I then logged on to my guest went to my control panel chose system restore typed in my admin pass chose yesterday's restore point instead of the first option(which was around when I got the virus) and POOF! no more Clean This. As soon as everything was back to normal I did a full system scan with my Microsoft Security Essentials when it came back that everything was ok, I went ahead and downloaded Malwarebytes (because I saw in some posts above that even once you restore there are still registry keys and MSE came back clean so I thought that wasn't right) I did a quick scan with Malwarebytes and it found all the infected registry keys and EVERYTHING else was about 700 some odd files that were MKEY registry keys(Clean This) and the like. So I found the easiest way is to do both restore then get Malwarebytes so you can be 100% sure that it is off your system :).
Thanks krisguru and XpUser4Real :) both of your advise worked perfectly!!!
Go to c:/users/"your user folder(Exa jayaka/App data/roaming .....
u can find unnecessary gog.exe. install, completscan,start. delete them. but u cant delete exe file. delete other fils and restart computer. thts all. u can go agin that path and delete gog.exe
Restore didnt work for me either. Tried renaming the file to open System Restore Wizard. Allowed me to select a restore date however on bootup again, there is the Crap Cleanthis once again. Eventually simply followed the advice of deleting Gog.exe from the registry and other related files. Ran the mbam software and finally everything looks good.
i have 2 operating systems on my pc one XP SP3 and one Vista Ultimate. i caught this s--- on my XP so all i did is booted up my Vista (first i checked the clean this shortcut on my xp desktop it said it is installed in documents and settings\MY NAME\application data) went to E:\documents and settings\MY NAME\application data and deleted all new files (about 6 of them) i couldnt delet the files in xp because the program was runing and wouldnt erase. now ive booted vista again and am doing a full system scan with my Avast(so far seems ok). hope it helps
start Windows in Safe Command Mode
delete gog.exe in C:\Users\User1\AppData\Roaming
restart Windows, Clean this should be gone.
Restart Windows in Safe Command mode.
delete gog.exe in C:\Users\User1\AppData\Roaming
Restart Windows in normal mode, Clean This should be gone!
to start off with, i am a computer illiterate person with windows 7. I receiced this virus during some irregular downloading on the internet. The way I rectified this issue is as follows. i already have AVG free installed.
As my main account on the computer would not allow me to log on the internet or restre to previous settings, i went to account settings and created a guest account.
Logged out my main account (administrator) and logged into guest account.
downloaded Malwarebytes free off the main site through simple search off google.
transfered the .exe file for Malwarebytes onto public shared folder.
Logged out guest account and re-entered my main account (admin) and let Clean this do its fake trojan scan.
once i could get control of the desktop, i installed Malwarebytes on my main account and let it update to its latest.
ran a full scan and left it for 12 hours whilst i was at work.
once i come back it had found inconjunciton with AVG 11 different critical Trojan and the sort which i let the program quanrantine.
Seems to have gotten rid of it.I hope this is useful to some whom are in same position as i was,
if not feel free to delete this post.
thanks to all who aided me in coming up with this
hi guys.. i have idea to delete this.. 1: go to your Control Panel
2:go To Action Center
3: in the secuity Click scan now
thats it!!!!
You are a legend Sara ....If you ever come to England I have a spare bed !
That's not it !
I got this Virus yesterday I called Microsoft tech support after three hours they were NO help. This is how I got rid of the Virus. I download Comodo Internet Security Pro 2011 the free trial it good for 30 days. Then after I ran all the scans
I tried the restore progarm and it let me restore my computer for Monday. Then I
reinstalled Comodo and rescanned and everything came out clean.
Ad Choices