clickfix-protection-after-testing – Sample infections with clickfix

Test Assistance & Prevention

1. Test Assistance: What to do if the test virus executed on your system?

Basic Test: The basic test displays only a single window. Once you close this window, the test is complete. Since the attack operates through the clipboard, you may clear it for peace of mind, though this is not strictly necessary for security purposes.

Using the keyboard combination ‘Windows key + V’ will likely show our ‘attack’ in your clipboard history. There is a ‘Clear all’ button in the top right corner that will remove the last traces of our ‘attack’ from your system.

For Mac users: The attack works differently but also operates through the clipboard, similar to Windows. On Mac, you can close the windows (in this case two) and nothing will remain. If you wish to clear the clipboard, simply copy an empty text (or any other content of your choice). Mac systems are more secure than Windows in this regard, as they do not maintain clipboard history by default—one new copy action will overwrite the previous item.

Advanced Test: This test performs more modifications beyond simply launching a PowerShell script. It creates a file at C:\Temp\clickfixdemo.txt and (without you noticing) sends an email to samples@click-fix.nl to demonstrate that outbound emails are possible. This email contains no data except the test ID, which is unique and visible on your screen during the test. This demonstrates during security audits that an email was actually sent. In addition to the basic test instructions, you should also delete the file at C:\Temp. Note that this text file also indicates which test was performed, demonstrating that a ransomware attack or information stealer would have succeeded if this had been a real attack.

2. Prevention: How could I have protected myself against this type of attack?

With ClickFix attacks, you essentially infect your own computer without realizing it. The primary goal of this website is to educate you about how this works, so you can learn to recognize and prevent a real attack. Using the Windows key + R combination ‘runs’ a mini-program—exactly what hackers want. Never use this key combination when requested by a website. The first layer of protection is knowledge: if you’ve learned this (hopefully through our site), you’re already better protected.

There are many additional measures you can take. BSM’s Top 11 Computer Security guidelines will help you better defend against this type of attack, particularly the principle of ‘not operating with administrator rights,’ which limits the attack’s permissions and potential damage.

If you own a business, work for a company, or have an IT department, there are many more effective options to protect yourself and all colleagues immediately. This website primarily aims to demonstrate how ClickFix works. The organization behind it, BSM Business Security Management B.V., is a company that can help you stay ahead of this virus type. Please contact us at info@bsm.nl.

Help us make the digital world safer by submitting information through our feedback form (hyperlink link available soon) about your device type, antivirus software, whether this is a work or home PC, and whether the ClickFix test virus executed on your system. We do not collect any personal data but will publish statistics on this site to help others improve their security.