I was recently asked to help fix a friend’s laptop. Unfortunately they’d been a victim of the Clean This virus. The virus works by tricking users into thinking that it is a legitimate anti-virus product, but upon installation it continuously gives fake virus reports in an attempt to persuade you to purchase the ‘full’ product. In reality you would just lose your money.
Once the virus has been installed, you are presented with the following screen when you start up, asking you to click to do a ‘Safe Startup’:
There are several automated tools available to fix this, but I prefer to do it manually (some of the tools may themselves contain viruses). Here are the steps I followed to clear the virus from the machine:
- Reboot the computer, press F8 before Windows starts and select the option to enter Windows in Safe Mode with Command Prompt only.
- Once the command prompt appears, type ‘explorer’ and press enter:
- This will then bring up the normal Windows dekstop. From here, go to the Start button, then choose Run, and enter ‘regedit’ to open the Registry Editor.
- In the Registry Editor, you need to navigate to ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon’, and look for the Shell key, which will have a value of a filepath and ‘gog.exe’. Take a note of the filepath, then delete this key.
- Now, open Windows Explorer and navigate to the filepath noted previously. Here you should find ‘gog.exe’, which can now be deleted.
Finally, restart the PC normally and it should load Windows normally. Now it would be advisable to run a full virus scan, and also use something like Malwarebytes’ Anti-Malware to ensure nothing is left.