AlfaCleaner

AlfaCleaner is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. When AlfaCleaner is downloaded through an exploit, it puts an icon in the system tray and shows a false warning that the computer is infected with spyware. It may also display pop-up warnings of spyware on the computer as a scare tactic.0

General information:

Malware Name:	AlfaCleaner
Malware Type:	Adware
Company Name:
Company URL:	http://www.alfacleaner.com/
Threat Level:	High
Operating System:	WIN XP
Installation Type:	Installed through EXE
Operation:	Time of After Installation

Company Description:

Spyware Description:

Characteristics/Symptoms:

-> Collects information about the pages visited -> Shows popup ads -> It also associates with other Adwares -> Full-scale protection from keyloggers -> Automatically update the anti-virus base0

Additional information might be found here:

	Search at Google for AlfaCleaner
	Search at Bing for AlfaCleaner
	Search at Yahoo for AlfaCleaner

Processes Running:

AlfaCleaner.exe

File information Created after Installation:

File Location	Size (Bytes)	Type
C:\Program Files\AlfaCleaner\AlfaCleaner\Panels\common\dlgs\dlg_ref\warning_logo.PNG	4855	PNG Image
C:\Program Files\AlfaCleaner\AlfaCleaner\Panels\common\main\buttons\cleanup_wizard_deff.png	2796	PNG Image
C:\Program Files\AlfaCleaner\AlfaCleaner\Panels\common\main\buttons\cleanup_wizard_dis.png	1607	PNG Image

Folder information Created after Installation:

Folder Location
C:\Program Files\AlfaCleaner
C:\Program Files\AlfaCleaner\AlfaCleaner

Registry information Created after Installation:

Main Registry Key	Sub Registry Key	Key Value Name
HKEY_LOCAL_MACHINE	SYSTEMCurrentControlSetServicesEventlogSystemAlfaCleanerService	EventMessageFile
HKEY_LOCAL_MACHINE	\SYSTEM\CurrentControlSet\Services\AlfaCleanerService\Enum	0
HKEY_LOCAL_MACHINE	\SYSTEM\CurrentControlSet\Services\Eventlog\System\AlfaCleanerService	TypesSupported