|
Been infected with spyware? Tell us about your problem. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware |
New rogue anti spyware - AlfaCleaner
Sunbelt and Spyware Warrior reports about new rogue anti spyware AlfaCleaner.
AlfaCleaner is a variant of the Anti Virus Pro, Winhound Spyware Remover, & XSRemover
Downloadable from alfacleaner.com, innovagest2000.com
We recommend to blocking specific domains and IP address:
x-stories.org – 69.50.187.19
zlex.org - 85.255.115.227, 85.255.116.213, 85.255.117.51
Noi.themovie.com that calls the x-stories.org – 69.50.187.19
Cleanchan.net – (formally fullchain.net) -195.255.177.21
If your PC don`t have WMF patch, please patch now. The Alfa Cleaner using wmf exploit for install.
Update: read How to remove AlfaCleaner
February 2, 2006 on 6:51 am | In Rogue Anti Spyware | |Submit to: Digg | SlashDot | Del.icio.us
3 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Previous Posts:
- How to remove AntispywareXP 2009
- Removal instructions for SpywareGuard2008
- How to remove PersonalAntispy malware
- How to remove VideoActiveXCodec malware
- How to remove rogue anti-spyware application eAntivirusPro
- How to remove VirusResponseLab
- How to remove rogue antispyware application Cleaner2009
- How to remove SpyDevastator
- How to remove Antispyware PRO XP
- How to remove XP Protector 2009
- How to remove System Antivirus 2008
- How to remove Smartantivirus2009
- How to remove Total Secure 2009
- MalwareBytes Anti-malware - free spyware, malware, trojan remover.
- How to remove Antivirus XP 2008 and tdssserv.sys trojan
- How to remove rogue antispyware: XP Guard, AntiVir64, MSAntivirus, Power Antivirus, SpywarePrevent, XpertAntivirus
- How to remove cnn.com and msnbc.com fake breaking news spam-virus and joke-bluescreen malware
- XLGuarder - fresh rogue antispyware | How to remove
- VirusRemover2008 - fake antispyware | How to remove
- Fresh rogue antispyware: WistaAntivirus, WinDefender, SpywareScanner2008
Forum posts:
- Removing CiD pop-ups
- Win:32KdCrypt(Cryp)
- Have a Joke-Bluescreen and XP Antivirus 2008 problem
- Adware and PUA - i need help
- Combofix Virus [W32.Scrapkut worm]
- Need help with antivirus spyware
- XP Antivirus 2008/2009, Malaware
- autorun malware removal
- Popup Problems
- xpsecuritycenter infection, as well as braviax
- Empty Device manager list = (apropos virus??)
- HijackThis log here, help please :) [ AntivirusXP ]
- False Pop-UPs Help
- Joke Bluescreen - HELP!!! [Antivirus XP]
- Windows Explorer closes by itself.
- prorat infection that doesnt go away
- Please help w/ Vundo
- Infected with Trojan.Vundo PLEASE HELP
- Infected with Zinaps7 virus. Hijackthis log included.
- Bifrose detected, what to do? using combofix?
Categories:
- Pop-Up Blockers and Firewalls (rss) (5)
- Adware (rss) (10)
- Anti Virus Software (rss) (11)
- Best Programs (rss) (6)
- Browser Hijacking (rss) (14)
- Critical patch (rss) (22)
- Exploits & Vulnerabilities (rss) (58)
- FAQ (rss) (8)
- Free Software (rss) (65)
- Identity Theft (rss) (8)
- Internet Browsers and Mail and News readers (rss) (12)
- Linux (rss) (4)
- Malware (rss) (11)
- Online Scanners (rss) (11)
- Phishing (rss) (2)
- Rogue Anti Spyware (rss) (60)
- Rookit (rss) (3)
- spyware (rss) (3)
- Spyware protection and removal (rss) (79)
- Tips (rss) (80)
- Trojan (rss) (37)
- Tutorials - HowTo (rss) (85)
- Updates (rss) (16)
- Virus (rss) (20)
- Worms (rss) (14)
Archives:
- October 2008 (3)
- September 2008 (10)
- August 2008 (5)
- July 2008 (3)
- June 2008 (4)
- May 2008 (5)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Blogroll
- PC Tips
- Sans Org - Internet Storm Center
- Spyware RU
- Sun Belt Blog
Help Us:
- MyAntiSpyware needs your support. Please make link from your site to us.
Use the button:
Bookmark Us:
MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^
if you got AlfaCleaner, and can`t remove from your computer, please make HijackThis log and post there.
Comment by Patrik — February 4, 2006 #
Logfile of HijackThis v1.99.1
Scan saved at 12:14:00, on 06-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32×86\3\hpztsb04.exe
C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programas\Analog Devices\SoundMAX\Smax4.exe
C:\Programas\Babylon\Babylon.exe
C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programas\Softwin\BitDefender8\bdnagent.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Acesoft\Tracks Eraser Pro\te.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
c:\programas\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\hpf\Ambiente de trabalho\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Programas\SpyCatcher 2006\SCActiveBlock.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programas\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32×86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] “C:\Programas\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 - HKLM\..\Run: [Babylon Client] C:\Programas\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [CXMon] “C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe”
O4 - HKLM\..\Run: [H2O] C:\Programas\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Update 4300C] C:\DOCUME~1\hpf\AMBIEN~1\hpupdate.exe 4300C
O4 - HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] “C:\Programas\SpyCatcher 2006\SpyCatcher.exe” reminder
O4 - HKLM\..\Run: [BDMCon] “C:\Programas\Softwin\BitDefender8\bdmcon.exe”
O4 - HKLM\..\Run: [BDNewsAgent] “C:\Programas\Softwin\BitDefender8\bdnagent.exe”
O4 - HKCU\..\Run: [MSMSGS] “C:\Programas\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Programas\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Programas\SpyCatcher 2006\Protector.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programas\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Programas\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: interceptor.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Programas\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe” /service (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe” /service (file missing)
Comment by Henrique Ferreira — February 6, 2006 #
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: AlfaCleaner
Then using Windows Explorer, delete the following folder: C:\Program Files\AlfaCleaner
Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.
If you do not already have Ad-Aware SE installed, follow these download and setup instructions. Also check for updates.
Again, do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):
O4 - HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe
Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.
Next, run Ad-aware and perform a full scan. Remove everything found.
Finally, restart your computer normally.
Comment by Patrik — February 6, 2006 #