Alfa Cleaner Removal

Alfa cleaner is a "spyware removal program" that has been known to install itself when visiting a WMF exploit-infected web page. It is known to endorse affiliates to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. If you are infected with this program you may receive warnings in your task bar that appear to be from Microsoft Security Center stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the commercial version of Alfa Cleaner. These warnings are fake and are a goad to have you buy the commercial version of this software.

As this program tends to be installed with other known Smitfraud infections, we will have you run the smitFraud remover as well.

You'll see a new icon in the system tray when you are infected by this problem. intell321exeicon.jpg (924 bytes) This file is associated with the intell321.exe file shown in the Hijackthis log.

You'll also see a new icon on your desktop alfacleanericon.jpg (1959 bytes) and your desktop background will probably show the following message:

infection.jpg (23296 bytes)
 

Removal Instructions :

Tools Needed for this fix : CCleaner

                                      smitRem

                                      Hijack This

                                      Spysweeper

                                      Registry Crawler

Download the Above mentioned programs and install them.

Run Msconfig. Disable all Startup Items Except Antivirus Programs and Reboot the System.

Uninstall Alfacleaner.com and Desktop Uninstall from ADD or REMOVE Programs. It will Prompt to Reboot the System. Please do not Reboot do it at this time.

Run CCleaner to Remove all The Crap Files from the System.

Run smitRem. When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.

If there is an uninstaller present for an infection found by smitRem, itwill start this uninstaller. Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and smitRem will prompt you to continue. Now you should press any key to continue.

When no more uninstallers can be found, the tool will continue. Your desktop will disappear and you will start seeing text scroll across the screen. This is normal and nothing to be concerned about. When smitRem has finished running it will automatically start the Disk Cleanup program as shown by the image below.

Cancel the Disk Cleanup Tool.

Now Run Registry Crawler and Remove all Alfacleaner entries from registry.

Delete the following files and folders if they exist (Do not be concerned if they do not exist):
 C:\Program Files\AlfaCleaner\
C:\Windows\System32\intell321.exe
C:\Windows\System32\voi640.exe
C:\Windows\warnhp.html
c:\winstall.exe
C:\Windows\uninstDsk.exe
C:\Windows\System32\voi271.exe

Open Control Panel. When in the Control Panel double-click on the Display icon. Click on the Desktop tab and then click on the Customize Desktop button. Click on the Web tab and under Web Pages you should see an entry that says Security Info or something similar. If it is
there, select the entry and press the Delete button. Press the OK button and the Apply button and then the OK button again.
 

Run Hijack This. Press the Scan button has started put a checkmark next to each of these entries if they are present and then click on Fix Checked.

O4 - HKLM\..\Run: [intell321.exe] C:\WINDOWS\system32\intell321.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe
 

Finally RUN a SPYSWEEPER SCAN after updating the definitions. Remove the left over spyware infections if any.