CleanThis is a fake anti-virus application that was spread by means of a Fake Microsoft Security Essentials infection. Also called as Clean This virus, it will display a fake alert stating that computer is contracted with an Unknown Win32/Trojan. A prompt to scan the computer using a fake virus scanner is followed. After, the fake alert will display the result asserting that system is infected with Trojan.Horse.Win32.PAV.64.a. At this point it will advise to install a copy of CleanThis software to be able to clean the computer. After successful installation it will prompt to reboot the computer that will make the rogue program to be places on the start-up entry of Windows.
Since CleanThis was configured to run each time the computer starts, expect an automatic scan that will load without self initialization. The scan will run for a couple of minutes and produce fabricated results in an effort to deceive users. This scare tactics will attempt to persuade users into obtaining the paid version of CleanThis. Although it may look like a real AV software, keep in mind that rogue applications are created to be sold in an illegal manner. Remove CleanThis as soon as possible before it can bring additional damage to the computer. Follow the procedures below to completely remove CleanThis together with all of its files and registry entries.
What are the Symptoms of CleanThis Virus Infection?
It will modify Windows Registry and add the following entries:
HKCU\Software\Microsoft\Windows NT\CurrentConfiguration\Winlogon\\Shell = %AppData%\hotfix.exe
The threat will drop the following malicious files:
%UserProfile%\Application Data\completescan
%UserProfile%\Application Data\hotfix.exe
%UserProfile%\Application Data\install
How to Remove CleanThis Virus Manually
1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the files.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
– Update antivirus program
– Scan computer and delete all detected threats.
How to Easily Remove CleanThis Virus
1. Download and run Removal Tool to remove this computer threat.
Awesome information….this virus is a huge pain!
Hi Everyone,
I have just had customer bring there computer to me with the Clean This Virus. I have read that if started in safe mode it will not start well that’s not case it is defying all logic because it is starting in safe mode can any one help with this I have not made a mistake Cleanthis starts in safe mode I have triple checked this and have loaded safe mode several times and all I get is the cleanthis boot screen I am very confused because safe mode cannot be infected or so I thought.
Here’s an amateur solution that worked for me on WinXP Home.
I was having the same problem as Comserv IT: CleanThis would run even in safe mode. I found that CleanThis only infected one user account (that I’ll call USER), the others were fine.
I booted into safe mode using the built in Administrator account, copied USER’s my documents folder to shared documents then deleted USER’s account. Then I created a new account and copied USER’s my documents into the new account. It’s not ideal, but this user’s documents were saved and the computer is usable again. Malware bytes scan returned no infected files.
Maybe someone could provide more insight into how to proceed removing CleanThis even when it runs in safe mode.
I just finished working on this problem on my own home computer. You guys are right it did still run when I booted up in safe mode so I just let it finish it’s bogus scan and then followed the instructions listed above. I was able to find and remove the registry and files and the program was removed. I know have use of my computer again including browsing and task manager which I could not use while “clean this” was running!