CleanBoan is a fake security program that is part of a very broad family of malicious anti-virus applications designed to target Korean computer users. CleanBoan and its clones are characterized by their use of brightly colored interfaces, convincing websites and Korean text. Despite the fact that most sources of CleanBoan infections are located on South Korean servers and websites, numerous cases of non-Korean computers are becoming infected with CleanBoan or its clones. Fortunately, CleanBoan is easy to recognize as a fake security program simply by its behavior, without needing to read or understand Korean. If CleanBoan is installed on your computer (the name 'CleanBoan' is written in English characters at the top of this fake security program's main window), ESG malware analysts advise the utilization of a competent and updated anti-malware program to analyze your PC.
ESG security researchers have observed the following symptoms related to infections involving CleanBoan or its many clones:
- CleanBoan is designed to display numerous error messages and intrusive system alerts meant to scare you into believing that your computer is infected with malware.
- CleanBoan makes changes to the Windows Registry that allows CleanBoan to start up automatically when the victim logs into Windows.
- CleanBoan will launch a fake scan of your computer as soon as you access Windows. This scan will always report that your machine is severely infected with numerous viruses and Trojans. Although the names of the supposed malware infections do correspond to real viruses and Trojans, these are taken from virus encyclopedias and do not indicate a malware infection on your computer.
- Computer users trying to remove these supposed threats with the help of CleanBoan will be redirected to CleanBoan's website where they will be prompted to purchase a 'full version' of CleanBoan.
English speakers that do not understand CleanBoan's Korean text will experience having their computer hijacked by this fake security program without being vulnerable to the social engineering component. In general, having your work constantly interrupted with error messages, browser redirects and pop-up windows is an indication of a severe malware infection on your computer. ESG malware analysts recommend protecting your computer with a reliable anti-malware scanner at all time. If you have regular contact with Korean servers or websites, it is recommended to be on the lookout for CleanBoan and other Korean rogue security applications.