CleanThis (Clean This) Virus Removal Guide

Virus Type: Rogue Security Application
Threat Level: 8 / 10

CleanThis, also known as Clean This, is a new fake antivirus / antispyware application. The fake application was introduced in mid to late March 2019. CleanThis claims to offer a variety of features, which includes a Scanner, Heuristic, Firewall, Privacy, and Support; CleanThis markets itself to the user as “CleanThis: World’s leading security solution”. When the user attempts to use the Heuristic, Firewall, Privacy, or Support, they are shown a message by CleanThis and are not allowed access to these specific features. CleanThis is a clone of previous fake antivirus programs and is similar in look and functionality to ThinkPoint and Palladium Pro. The main different in look is a slight difference in colors of the program. CleanThis attempts to look legitimate by making itself look like the legitimate Microsoft Security Essentials program, which is a real security application created by Microsoft. In doing so, it hopes to trick the user into purchasing the fake program because the user may be convinced that the program is legitimate. CleanThis main executable is generally fixed and doesn’t change from computer to computer. CleanThis main executable file is gog.exe.

Below is our recommended removal tool for CleanThis. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

If you are unable to run the removal tool, or are unable to run any programs in general, you may need to stop the processes associated with CleanThis with task manager. If task manager has been blocked by CleanThis, try using Process Explorer.

CleanThis Removal Tip – CleanThis will block applications from running. The only method to get around this is to rename the executable of the program; this will generally allow the file to bypass CleanThis. However, please exercise caution when renaming executable files since renaming files can cause programs to not function properly.

CleanThis, like many other fake antivirus programs, will create a series of warnings and pop ups in order to scare the user into purchasing the fake program. CleanThis may also create these warnings in an attempt to make it look legitimate. For example, CleanThis will generally block programs from running and will show a warning which can be found below. CleanThis will block applications to make it harder to remove CleanThis.

“The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.

This happened because the application was infected by a malicious program which might pose a threat for the OS.

It is highly recommended to install the neccessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.”

Other messages created by CleanThis can be found below.

Your system has been infected with multiple spyware programs.

Your should consider installing the neccessary heuristic module to protect your computer.

Also, you are to install the heuristic module to protect other computers, as well as your pc has repeatly tried to infect other computers via Internet, and to send spam.

The fact of spamming can result in criminal prosecution, despite the fact that you are the victim of malicious software.

For the safety of your system it is essential for you to install the neccessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it.”

When CleanThis starts up, the only method to gain access to the computer in the normal start up mode is to click “Safe Startup” and close CleanThis after the program loads. This will allow the user to access the desktop.

It is recommended to use safe mode when removing the virus because CleanThis will generally not be able to load in safe mode. To enter safe mode, restart the computer and press F8 multiple times before the Windows screen to bring up the boot options.

Boot Menu

The safe mode with networking option will allow the user to be able to use the internet in safe mode. CleanThis can be removed by using the

or by manually removing the virus.

View CleanThis Files
View CleanThis Keys

Common symptoms and characteristics of CleanThis and other rogue security programs include:
1. CleanThis is generally installed without user permission.
2. CleanThis uses pop ups and fake virus scans to scare the user.
3. Various antivirus and system programs on the user’s computer will stop functioning.

The user comments for ThinkPoint may provide insight into removing CleanThis since the viruses are similar.

Manual CleanThis Removal – In order to manually remove CleanThis, the processes associated with CleanThis must be stopped, the files associated with the processes must be removed, and the registry entries must be corrected to the previous state before CleanThis entered the computer.

Important: Before attempting to manually remove CleanThis, we recommend that the user read through comments posted by other users on how they removed specific fake antivirus programs since many fake antivirus programs are similar. These comments can be found by clicking here. These comments may provide additional information which may be useful in removing CleanThis. However, please use discretion since these specific comments pertain to other fake antivirus programs.

Stop CleanThis Processes (Learn How To Do This)
gog.exe

Remove CleanThis Files (Learn How To Do This)

For Windows XP -
C:\Documents and Settings\[username]\Application Data\install
C:\Documents and Settings\[username]\Application Data\completescan
C:\Documents and Settings\[username]\Application Data\gog.exe

For Windows Vista & Windows 7
C:\Users\[username]\AppData\Roaming\install
C:\Users\[username]\AppData\Roaming\completescan
C:\Users\[username]\AppData\Roaming\gog.exe

Remove CleanThis Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\CleanThis
HKEY_LOCAL_MACHINE\SOFTWARE\CleanThis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanThis

Remove CleanThis Startup Entry (Learn How To Do This)
gog.exe

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What is a rogue security application? (Click Here To View)
5. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

If you have any questions or comments, please don’t hesitate to comment below. If you need any help with any of the steps, please don’t hesitate to comment below. We recommend that you follow our safety tips so that you can keep your computer clean Please Click Here to View Our Safety Tips.

Your feedback is very highly valued by others so please feel free to comment below. Please feel free to share a solution that you may have used to remove CleanThis.

This entry was posted on Monday, March 21st, 2020 at 3:44 am and is filed under Malware Removal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

33 Responses to “CleanThis (Clean This) Virus Removal Guide”

Tom March 27th, 2020 at 5:16 pm

The original problem came with an e-mail “Post Express” informing me our package which we are expecting is undeliverable. Wasn’t thinking and clicked on it and started my problems. Would not let me do anything include shutting down windows. Used Malwarebytes antimalware free software to get rid of most of “Clean This” still checked registry and applications. registry was clean, applications still had some remnants to manually remove. Thanks to your website for removal info.

brokericon March 30th, 2020 at 1:47 am

The “Clean This” virus has corrupted my safe mode entry. I cant download the recommended product to get rid of it.

What else can i try?

Paul March 31st, 2020 at 1:25 pm

Simple way to remove CLEAN THIS VIRUS it worked for me !

1 Re – boot pc and press F8 to access options.

2 enter – REPAIR MY COMPUTER.

3 enter – SYSTEM RESTORE – pick a date before your pc became infected.

4 RUN SYSTEM RESTORE.

5 download / update & run Microsoft SECURITY ESSENTIALS- full scan to clean up your system

Good luck
Paul.

Troy April 1st, 2020 at 7:17 pm

Paul, my computer doesn’t give me a “repair my computer” option when I hit F8, any suggestions?

Steve April 3rd, 2020 at 3:03 pm

keep hitting the F8 key immediately after you switch on

Irwin April 4th, 2020 at 11:45 pm

My wife just noted this virus on her laptop. I put it in safe mode and the thing has taken over safe mode. After I log into the cpu in safe mode a screen appears with the virus heading-Clean this. What can I do?

Heinz April 5th, 2020 at 7:06 am

Thank you Paul, your way was successful to remove the trojan.

Jarvis April 5th, 2020 at 11:52 am

(You ROCK) PAUL this worked for me thanks BIG TIME

Mary Ann Chaffin April 5th, 2020 at 2:53 pm

Paul, Excellent!!! You are the master!!!

coolguygoeson April 5th, 2020 at 10:15 pm

Hi, the file location is incorrect:

The actual location is:
XP: C:\Documents and settings\%USER Profile%\Application Data

Vista\Win7 : C:\Users\%User Profile%\AppData\Roaming

Happy Troubleshooting

Raul April 6th, 2020 at 12:36 am

Paul this is not allowing me.. It says my computer can’t restore to that specific date. I am currently trying a different date.. Anything else I can do?

Stephanie K April 6th, 2020 at 4:36 am

OMG!!! This worked like a charm! Paul, you are my hero!!

steve mac April 9th, 2020 at 5:43 pm

I have windows 7 64 bit. F8 does nothing. I found the file location its called gg. That’s the only other file besides the clean this shortcut and desktop icon. So now the problem is deleting it. Access is denied it says its stil running in system/? I can’t turn it off on the start menue or control pannel. I even tried to go into system to change the virus’ settings but u can’t. The settings are all set to allow all and u can’t change it everything else is dimmed out and unclickable. To even get to my desktop I have to let clean this run its scan. Eventually I’m able to see the clean this settings and click alllow unprotected or something like that. This let’s me get to my desktop without buying there fake software which is obviously what the virus is trying to make suckers do. Its clearly fake but also so sneaky and hard to access, makes me wonder what else its doing to my files and email etc. If anyone knows how I can shut down the program and delete it to rid my computer of this virus I’d appreciate it. ThaNk you.

jon April 9th, 2020 at 5:53 pm

Hi Steve,

F8 must be pushed multiple times directly when you turn on the computer so that the computer will load additional options on how to load. If you have a fast computer, it must be pressed immediately.

In order to delete an executable file, you have to stop the process in task manager.

Mohammed April 15th, 2020 at 10:16 am

Salam ALeuikom
Make this batch file

taskkill /IM helphost.exe /F
taskkill /IM helpsvc.exe /F
taskkill /IM gog.exe /F
taskkill /IM WLIDSVCM.EXE /F
taskkill /IM WLIDSVC.EXE /F
taskkill /IM tvt_reg_monitor_svc.exe /F
taskkill /IM SeaPort.exe /F
taskkill /IM nvsvc32.exe /F

and run it
it should kill the virus and all related tasks
worked for me atleast

nogeeks April 16th, 2020 at 10:58 pm

Everyone is missing the point here. You must boot up using Safe Mode with Command Prompt since the rogue will auto-run even in Safe Mode. That will allow you to access regedit and remove the rogue’s entries. You will also have file system access (assuming you can do basic tasks in a Command Shell) and can remove the rogue’s .exe

richard April 17th, 2020 at 4:37 pm

I got rid of this virus by logging into my PC as another user and then doing a system restore to a couple of days ago. i couldn’t do this in my usual account. it worked fine and i can now access my PC via my usual user account. Hope this helps! I’ve now downloaded malwarebytes anti-malware software to try and get rid of viruses like this more easily in the future!

hundertzuehnGustav April 20th, 2020 at 10:59 am

removed the HDD and put it into a storage bay.
plugged the storagebay via USB.
removed the Virus manually.

put the HDD back in its place.
removed the registry entries.
done.

Marcel April 20th, 2020 at 6:47 pm

Thanks Paul!
Works like a charm!

Damon April 25th, 2020 at 7:38 pm

THANKS PAUL!!! My parents computer is up and running.

johnny five April 28th, 2020 at 2:48 pm

pauls posting on march 31st worked for me but i had to keep pressing f8 multiple times like a mad man to get to the second set of prompts. that is where the repair my computer option was found, from there i did the restore option to an earlier date and now my computer works great. remember to keep pushing f8 like crazy to get to the second set of prompts

Scar April 29th, 2020 at 11:21 am

There is no option “Repair my Computer”
Only Safe Mode
Debugmode
and much more but no REPAIR option!

Jab April 30th, 2020 at 1:17 pm

Thank you very much. I’m in Thailand.

Machu May 2nd, 2020 at 10:54 am

After several hours (most of which was re-learning DOS) I managed to get back into windows. If you can’t get into safe mode, you need to enter safe mode with command prompt. You need to delete the file gog.exe. it will be located in C:\Users\[username]\Appdata\Roaming. After I deleted this file I was able to enter Windows normally and Clean This did not start allowing me to run a virus scan and all was good.

Steve May 7th, 2020 at 10:05 am

I just won a battle with this one.
Start “Safe Mode with Command Prompt”
Ignore the malware screen
At the command prompt, type “Explorer.exe”
You will then have a desktop to work with.
Right-Click on the task bar and select “Task Manager”
Can then terminate the malware process. Proceed with removal as above.
Also clear all temps, temp internet files etc.

Moby May 16th, 2020 at 4:12 pm

I just won the battle with this virus with Steve and Paul’s help by restoring the system.

Sherri May 28th, 2019 at 9:22 pm

F8 did the trick!!! Thank you…and for the instructions after that! I had actually started to try to purchase it to “fix” my problem…then I started to get an uneasy feeling about it…the states were not in ABC order in the drop down menu and I would not take money from a visa gift card…Thank Goodness! Due to the uneasy feeling, I felt I didn’t want to give my credit card or my debit card #…Thank you Lord for keeping me from this! Then I went to another computer to look it up and found you all!

Mike June 11th, 2019 at 5:50 pm

Wow…what a pain. Thanks for the help.
What worked for me (for those who don’t remember DOS)

1. Start in safe mode…hitting F8 on reboot
2. Choose SAFE MODE WITH COMMAND PROMPT
3. Select Operating System (XP Home for me)
4. Be patient while it loads
5. I was given a choice between ADMINISTRATOR and USER name. I chose ADMINISTRATOR….my user name was operating when I picked up the virus.
6. At the prompt I typed “cd C:\”
7.At the C:\ prompt enter “cd Documents and Settings”
8. at the next prompt “cd USER NAME
9. Your prompt should now read “C:\Documents and Settings\USER NAME
10. Now type “dir” and hit enter

In this directory list your should see “gog.exe”…fyi this is the only way I was able to locate this nasty virus.

11. now type ” del gog.exe”

Hopefully this works for you.

soso June 19th, 2019 at 10:08 pm

thank you so much Paul,I have restored my computer and the virus is removed,yesssss

Julia June 21st, 2019 at 6:46 pm

Re: Paul, 31st March…. I want your babies!! Well done, thank you, worked a treat! My ‘clean this’ came from an e-mail attachment re: McDonalds vouchers

Louisa June 21st, 2019 at 8:14 pm

What a nasty virus.

After four hours I was able to work it out this way.

1 Re – boot pc and press F8 to access options.

2 Start “Safe Mode with Command Prompt”

3 At the command prompt, type “Explorer.exe”
You will then have a desktop to work with.

4 Hit “Start”

5 Hit “All Programs”

6 Hit “System Tools”

7 Hit – SYSTEM RESTORE – pick a date before your pc became infected.

4 RUN SYSTEM RESTORE.

Also clear all temps, temp internet files etc.

I would like to maim the culprits fingers whomever came up with this virus. Cost me a days work.

Good Luck All!!!

Linda June 22nd, 2019 at 10:21 pm

Thank you..thank you..thank you Paul! It absolutely worked. And I am not that computer savvy. 1.Reboot 2.F8 (keep hitting it) 3.Restore my computer 4.System Restore (date before your computer was infected) 5.Run System Restore 6.Download update and Micro Security. Works like a charm! Try it everyone it works. Thanks again!

Helper June 23rd, 2019 at 3:22 am

THE EASIEST WAY : If you have a “clean this” shortcut on your desktop do the following.

1- click the “clean this” shortcut on your desktop using the right mouse button.

2- choose “open file location

3- a window will open in which you’ll see a file named “gog(.exe)”. Delete this file using the keys “Shift+delete” in your keyboard.

If not, and you’re using Vista/Windows 7. and do not have the shortcut on your desktop (maybe you deleted it).

1-go to Computer, press “ALT + T simultaneously”, then choose “folder Options”. go to “view”, choose the option “Show hidden files and folders”. then press the “OK”.

2- Go to the disk “C”, then the folder “USERS”, then the folder that has your user name.

3- in the top-right corner, you’ll see a square for searching files, type “gog” in there. a File will appear, delete the it. DONE!

Leave a Reply