Clean Security

Clean Security Description

ScreenshotESG team of researchers advises against downloading or installing Clean Security. This program is a fake security program, also known as a rogue application. Unlike many rogue programs, which are mostly distributed by Trojans, Clean Security and Clean Security's clones are often downloaded by unwary computer users. This is because there is a large-scale marketing campaign promoting Clean Security and other similar programs. This campaign includes an official-looking website, fake reviews, and numerous websites set up with the express purpose of promoting this bogus security program. Some clones of Clean Security include Ultimate Defender, Ultimate Guard, Unlimited Defender, Ultimate Scan, Unlimited Guard, and many others. ESG malware researchers consider all of these programs as dangerous threats to a computer's security. Clean Security should not be downloaded or installed, and if Clean Security has already been installed, Clean Security should be removed immediately with an anti-malware program.

Clean Security will Not Keep Your Computer Clean or Secure

Beware of Clean Security's claims. If one visits the official website behind this rogue,, he/her will find a very convincing layout with numerous testimonials and features. According to ESG malware researchers, this is all a complete lie. Far from keeping your computer clean or secure, Clean Security is designed to cause numerous problems on a computer system with the sole purpose of convincing the computer users to pay for a "full version" of this useless program. Much like a dishonest mechanic that purposefully breaks things in a car to keep customers coming back to his shop, Clean Security masks itself as a real security program to make Clean Security's victims pay to solve the very problems Clean Security causes. Some typical programs associated with Clean Security include instability and slowness; constant system and application crashes; annoying and frequent pop-up notifications; error messages; and fake security alerts; blocked access to the Internet; files that become hidden for no reason; and several other effects common to all rogue security programs.

Don't Become a Victim of the Clean Security Scam

The main goal of Clean Security is to obtain your credit card information. Because of this, everything Clean Security does is designed to either panic you into buying this useless rogue, or aggressively pushing you towards the form for entering your credit card information. ESG malware researchers strongly advise against paying for this program. If you have already bought Clean Security, it may not be too late; call your credit card company and request for the Clean Security transaction to be blocked.

Technical Information

File System Details

Clean Security creates the following file(s):
# File Name Detection Count
1 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe N/A
2 %Documents and Settings%\[UserName]\Local Settings\Temp\[RANDOM CHARACTERS] N/A
3 %Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS] N/A
4 %Documents and Settings%\All Users\Application Data\[RANDOM CHARACTERS] N/A

Registry Details

Clean Security creates the following registry entry or registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation "TLDUpdates" = '1'
HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exee" -a "%Program Files%\Internet Explorer\iexplore.exe"'
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = '1'
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe" -safe-mo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = '1'
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%1" %*'
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = '"%Documents and Settings%\[UserName]\Local Settings\Application Data\[RANDOM CHARACTERS].exe" -a "%Program Files%\Mozilla Firefox\firefox.exe"'