Alfacleaner - Removal questions

Alfacleaner - Removal questions
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Alfacleaner - Removal questions Kat 03-16-2006
Posted by =?Utf-8?B?S2F0?= on March 16, 2006, 12:46 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi, we are running Windows XP and use McAffee Suite. Last week, AlfaCleaner
appeared on our computer. I had no idea what it was or where it came from.
I noticed it only because I was getting warnings saying it was trying to
connect to the internet.

I tried to remove the program by clicking on the "uninstall" option.
However, after 3 attempts at this, each one resulting in a "fatal error"
which shut down the computer, I opted to do a system restore back to a date
before the appearance of the AlfaCleaner. This removed the program from my
desktop and list of programs.

My concern is that I did some research on AlfaCleaner today and learned it
is malware and has teh ability to reactivate itself even after removal. I'm
not a computer whiz and concerned this will happen to us. I found 11 pages
worth of instructions on bleepingcomputer.com outlining how to remove the
Alfacleaner and am wondering if that's what I need to do.

This evening I dowloaded Windows Defender. It scanned and only came up with
one suspicious file (not AlfaCleaner) that I had it remove. My question
is...was the system restore I did sufficient to remove AlfaCleaner or could
it still be out there lurking on my computer. I would appreciate any help or
guidance you could offer.

Thanks,

Posted by Malke on March 16, 2006, 8:16 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Kat wrote:

> Hi, we are running Windows XP and use McAffee Suite. Last week,
> AlfaCleaner
> appeared on our computer. I had no idea what it was or where it came
> from. I noticed it only because I was getting warnings saying it was
> trying to connect to the internet.
>
> I tried to remove the program by clicking on the "uninstall" option.
> However, after 3 attempts at this, each one resulting in a "fatal
> error" which shut down the computer, I opted to do a system restore
> back to a date
> before the appearance of the AlfaCleaner. This removed the program
> from my desktop and list of programs.
>
> My concern is that I did some research on AlfaCleaner today and
> learned it
> is malware and has teh ability to reactivate itself even after
> removal. I'm
> not a computer whiz and concerned this will happen to us. I found 11
> pages worth of instructions on bleepingcomputer.com outlining how to
> remove the Alfacleaner and am wondering if that's what I need to do.
>
> This evening I dowloaded Windows Defender. It scanned and only came
> up with
> one suspicious file (not AlfaCleaner) that I had it remove. My
> question is...was the system restore I did sufficient to remove
> AlfaCleaner or could
> it still be out there lurking on my computer. I would appreciate any
> help or guidance you could offer.

AlfaCleaner is related to the Smitfraud/Spyaxe/Spyfalcon type of
malware. If you want to be sure you're clean, run through the Smitfraud
removal steps listed at the link below after going through the
preparatory steps at the first link:

http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://www.elephantboycomputers.com/page2.html#Smitfraud_Trojan

It won't hurt to do this and then you'll be reassured - or clean!

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by David H. Lipman on March 16, 2006, 4:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hi, we are running Windows XP and use McAffee Suite. Last week, AlfaCleaner
| appeared on our computer. I had no idea what it was or where it came from.
| I noticed it only because I was getting warnings saying it was trying to
| connect to the internet.
|
| I tried to remove the program by clicking on the "uninstall" option.
| However, after 3 attempts at this, each one resulting in a "fatal error"
| which shut down the computer, I opted to do a system restore back to a date
| before the appearance of the AlfaCleaner. This removed the program from my
| desktop and list of programs.
|
| My concern is that I did some research on AlfaCleaner today and learned it
| is malware and has teh ability to reactivate itself even after removal. I'm
| not a computer whiz and concerned this will happen to us. I found 11 pages
| worth of instructions on bleepingcomputer.com outlining how to remove the
| Alfacleaner and am wondering if that's what I need to do.
|
| This evening I dowloaded Windows Defender. It scanned and only came up with
| one suspicious file (not AlfaCleaner) that I had it remove. My question
| is...was the system restore I did sufficient to remove AlfaCleaner or could
| it still be out there lurking on my computer. I would appreciate any help or
| guidance you could offer.
|
| Thanks,


It is suggested that you execute the following tool in Normal Mode then in Safe
Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being
exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun
Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp



Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it
will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if
you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have
to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in
your bowser
but your PC will automatically be shutdown. It is suggested that you move the
report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of
the HTML
report for each session.


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Similar ThreadsPosted
pki - CRL questions November 13, 2006, 10:15 am
Newbie questions... March 29, 2006, 2:13 pm
Registry questions February 22, 2007, 2:33 pm
More registry questions... March 13, 2007, 10:59 am
2 preventing access questions October 8, 2005, 10:54 am
Questions about CDP an AIA distribution points July 11, 2006, 7:41 am
Help PKI installation - lots of questions ! December 27, 2007, 9:55 am
Is this the right group for C&A remediation questions? August 5, 2008, 5:46 pm
Re: passwords/secret questions change?? June 28, 2005, 9:29 am
RE: passwords/secret questions change?? June 28, 2005, 7:17 am

The site map in XML format XML site map

Contact Us | Privacy Policy