• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

New rogue anti spyware – AlfaCleaner

Myantispyware team February 2, 2006    

Sunbelt and Spyware Warrior reports about new rogue anti spyware AlfaCleaner.
alfa cleaner rogue antispyware
AlfaCleaner is a variant of the Anti Virus Pro, Winhound Spyware Remover, & XSRemover
Downloadable from alfacleaner.com, innovagest2000.com

We recommend to blocking specific domains and IP address:

x-stories.org – 69.50.187.19
zlex.org – 85.255.115.227, 85.255.116.213, 85.255.117.51
Noi.themovie.com that calls the x-stories.org – 69.50.187.19
Cleanchan.net – (formally fullchain.net) -195.255.177.21

If your PC don`t have WMF patch, please patch now. The Alfa Cleaner using wmf exploit for install.

Update: read How to remove AlfaCleaner

Rogue Anti Spyware

 Previous Post

How to remove VideoCodec3_05b – ICQCHK.exe – MSX.DLL

Next Post 

Remove Win32/Mywife.E@mm BlackWorm, W32.Blackmal.E@mm, WORM_GREW.A, W32/Nyxem-D, Email-Worm.Win32.VB.bi now

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

3 Comments

  1. Patrik
    ― February 4, 2006 - 7:32 am  Reply

    if you got AlfaCleaner, and can`t remove from your computer, please make HijackThis log and post there.

  2. Henrique Ferreira
    ― February 6, 2006 - 6:20 am  Reply

    Logfile of HijackThis v1.99.1
    Scan saved at 12:14:00, on 06-02-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Programas\QuickTime\qttask.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Programas\Analog Devices\SoundMAX\Smax4.exe
    C:\Programas\Babylon\Babylon.exe
    C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Programas\Softwin\BitDefender8\bdnagent.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Acesoft\Tracks Eraser Pro\te.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe
    c:\programas\softwin\bitdefender8\bdmcon.exe
    C:\Documents and Settings\hpf\Ambiente de trabalho\HijackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 – BHO: SpywareBlock Class – {0A87E45F-537A-40B4-B812-E2544C21A09F} – C:\Programas\SpyCatcher 2006\SCActiveBlock.dll
    O4 – HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
    O4 – HKLM\..\Run: [QuickTime Task] “C:\Programas\QuickTime\qttask.exe” -atboottime
    O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 – HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 – HKLM\..\Run: [SoundMAX] “C:\Programas\Analog Devices\SoundMAX\Smax4.exe” /tray
    O4 – HKLM\..\Run: [Babylon Client] C:\Programas\Babylon\Babylon.exe -AutoStart
    O4 – HKLM\..\Run: [CXMon] “C:\Programas\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe”
    O4 – HKLM\..\Run: [H2O] C:\Programas\SyncroSoft\Pos\H2O\cledx.exe
    O4 – HKLM\..\Run: [AnyDVD] C:\Programas\SlySoft\AnyDVD\AnyDVD.exe
    O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 – HKLM\..\Run: [HP Update 4300C] C:\DOCUME~1\hpf\AMBIEN~1\hpupdate.exe 4300C
    O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe
    O4 – HKLM\..\Run: [SpyCatcher Reminder] “C:\Programas\SpyCatcher 2006\SpyCatcher.exe” reminder
    O4 – HKLM\..\Run: [BDMCon] “C:\Programas\Softwin\BitDefender8\bdmcon.exe”
    O4 – HKLM\..\Run: [BDNewsAgent] “C:\Programas\Softwin\BitDefender8\bdnagent.exe”
    O4 – HKCU\..\Run: [MSMSGS] “C:\Programas\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [Tracks Eraser Pro] C:\Programas\Acesoft\Tracks Eraser Pro\te.exe min
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O4 – Global Startup: SpyCatcher Protector.lnk = C:\Programas\SpyCatcher 2006\Protector.exe
    O4 – Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
    O9 – Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590-48f4-11d9-9669-0800200c9a66} – %windir%\bdoscandel.exe (file missing)
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Programas\Messenger\msmsgs.exe
    O12 – Plugin for .mid: C:\Programas\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 – Plugin for .wav: C:\Programas\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 – DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) – http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
    O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 – AppInit_DLLs: interceptor.dll
    O23 – Service: AutoComplete Service (Autocomplete) – Acesoft – C:\Programas\Acesoft\Tracks Eraser Pro\autocomp.exe
    O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Scan Server\bdss.exe” /service (file missing)
    O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
    O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Programas\Ficheiros comuns\Softwin\BitDefender Communicator\xcommsvr.exe” /service (file missing)

  3. Patrik
    ― February 6, 2006 - 10:23 am  Reply

    Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: AlfaCleaner

    Then using Windows Explorer, delete the following folder: C:\Program Files\AlfaCleaner

    Download HijackThis and save the file to your desktop.
    Double click on the file to extract it to it’s own folder on the desktop.

    If you do not already have Ad-Aware SE installed, follow these download and setup instructions. Also check for updates.

    Again, do NOT run a scan yet.

    Next, please reboot your computer in Safe Mode by doing the following:

    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.

    Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

    O4 – HKLM\..\Run: [AlfaCleaner] C:\Programas\AlfaCleaner\AlfaCleaner.exe

    Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

    Next, run Ad-aware and perform a full scan. Remove everything found.

    Finally, restart your computer normally.

Leave a Reply to Henrique Ferreira Cancel reply

New Guides

Split Max AC Reviews, Scam or Legit, Uncovering the Truth!
Nusayin Cooling Ace Review: Scam or Legit? What You Need to Know
Imwing Cooling Ace Reviews, Scam or Legit, Uncovering the Truth!
How to remove Amencest.co.in pop-up ads
scam alert
Don’t Get Tricked by GEROLAX.com: The Bitcoin Promo Code Scam

Follow Us

Search

Useful Guides

Best free malware removal tools
Best Free Malware Removal Tools 2025
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to reset Mozilla Firefox (Updated Apr. 2018)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

Recent Guides

How to remove VideoCodec3_05b – ICQCHK.exe – MSX.DLL
How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)
How to remove AdwarePunisher – rogue anti spyware
Winamp 5.13 released
Malware Domain List – Updated

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.