• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › New rogue anti spyware – AlfaCleaner

New rogue anti spyware – AlfaCleaner

Myantispyware team February 2, 2006     3 Comments    

Sunbelt and Spyware Warrior reports about new rogue anti spyware AlfaCleaner.
alfa cleaner rogue antispyware
AlfaCleaner is a variant of the Anti Virus Pro, Winhound Spyware Remover, & XSRemover
Downloadable from alfacleaner.com, innovagest2000.com

We recommend to blocking specific domains and IP address:

x-stories.org – 69.50.187.19
zlex.org – 85.255.115.227, 85.255.116.213, 85.255.117.51
Noi.themovie.com that calls the x-stories.org – 69.50.187.19
Cleanchan.net – (formally fullchain.net) -195.255.177.21

If your PC don`t have WMF patch, please patch now. The Alfa Cleaner using wmf exploit for install.

Update: read How to remove AlfaCleaner

Rogue Anti Spyware

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. Patrik
    ― February 4, 2006 - 7:32 am  Reply

    if you got AlfaCleaner, and can`t remove from your computer, please make HijackThis log and post there.

  2. Henrique Ferreira
    ― February 6, 2006 - 6:20 am  Reply

    Logfile of HijackThis v1.99.1
    Scan saved at 12:14:00, on 06-02-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Programas\QuickTime\qttask.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programas\Analog Devices\SoundMAX\Smax4.exe
    C:\Programas\Babylon\Babylon.exe
    C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Programas\Softwin\BitDefender8\bdnagent.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Acesoft\Tracks Eraser Pro\te.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
    c:\programas\softwin\bitdefender8\bdmcon.exe
    C:\Documents and Settings\hpf\Ambiente de trabalho\HijackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 – BHO: SpywareBlock Class – {0A87E45F-537A-40B4-B812-E2544C21A09F} – C:\Programas\SpyCatcher 2006\SCActiveBlock.dll
    O4 – HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
    O4 – HKLM\..\Run: [QuickTime Task] “C:\Programas\QuickTime\qttask.exe” -atboottime
    O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 – HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 – HKLM\..\Run: [SoundMAX] “C:\Programas\Analog Devices\SoundMAX\Smax4.exe” /tray
    O4 – HKLM\..\Run: [Babylon Client] C:\Programas\Babylon\Babylon.exe -AutoStart
    O4 – HKLM\..\Run: [CXMon] “C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe”
    O4 – HKLM\..\Run: [H2O] C:\Programas\SyncroSoft\Pos\H2O\cledx.exe
    O4 – HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
    O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 – HKLM\..\Run: [HP Update 4300C] C:\DOCUME~1\hpf\AMBIEN~1\hpupdate.exe 4300C
    O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe
    O4 – HKLM\..\Run: [SpyCatcher Reminder] “C:\Programas\SpyCatcher 2006\SpyCatcher.exe” reminder
    O4 – HKLM\..\Run: [BDMCon] “C:\Programas\Softwin\BitDefender8\bdmcon.exe”
    O4 – HKLM\..\Run: [BDNewsAgent] “C:\Programas\Softwin\BitDefender8\bdnagent.exe”
    O4 – HKCU\..\Run: [MSMSGS] “C:\Programas\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [Tracks Eraser Pro] C:\Programas\Acesoft\Tracks Eraser Pro\te.exe min
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O4 – Global Startup: SpyCatcher Protector.lnk = C:\Programas\SpyCatcher 2006\Protector.exe
    O4 – Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
    O9 – Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
    O12 – Plugin for .mid: C:\Programas\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 – Plugin for .wav: C:\Programas\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 – DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) – http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
    O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 – AppInit_DLLs: interceptor.dll
    O23 – Service: AutoComplete Service (Autocomplete) – Acesoft – C:\Programas\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe” /service (file missing)
    O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe” /service (file missing)

  3. Patrik
    ― February 6, 2006 - 10:23 am  Reply

    Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: AlfaCleaner

    Then using Windows Explorer, delete the following folder: C:\Program Files\AlfaCleaner

    Download HijackThis and save the file to your desktop.
    Double click on the file to extract it to it’s own folder on the desktop.

    If you do not already have Ad-Aware SE installed, follow these download and setup instructions. Also check for updates.

    Again, do NOT run a scan yet.

    Next, please reboot your computer in Safe Mode by doing the following:

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

    O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe

    Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

    Next, run Ad-aware and perform a full scan. Remove everything found.

    Finally, restart your computer normally.

Leave a Reply Cancel reply




New Guides

Defense-fordesktop.com Click Allow Scam
Defense-fordesktop.com Virus Removal Guide
Searches.today Google Search results
How to get rid of Searches.today redirect from Chrome, Firefox, IE, Edge
Helllomedias.com Click Allow Scam
Helllomedias.com Virus Removal Guide
AccessibleSearchGuide mac app adware
How to uninstall AccessibleSearchGuide app/extension from Mac (Virus removal guide)
Link 2captcha Virus Click Allow Scam
Link 2captcha Virus (removal guide)

Follow Us

Search

Useful Guides

Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Malwarebytes won’t install, run or update – How to fix it
How to reset Internet Explorer settings to default
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
adwcleaner
AdwCleaner – Review, How to use, Comments

Recent Posts

How to remove VideoCodec3_05b – ICQCHK.exe – MSX.DLL
How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)
How to remove AdwarePunisher – rogue anti spyware
Winamp 5.13 released
Malware Domain List – Updated

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.