Hey Jake
'AlfaCleaner' is another rogue remover from the same company who make
Winhound, It can be removed easily but the problem is the other trojans that
have infected your system. If you have a spyware warning in the system tray
and the spyware desktop background then its related to the smitfraud
infections so you should use Smitrem and Ewido to repair the damage and
remove the trojan files, SmitRem removes Winhound but not 'Alfacleaner' so
first uninstall that rogue junk
If its still on your system goto start menu then run and copy and paste this:
C:\Program Files\AlfaCleaner\unins000.exe
press ok and this will then run the uninstaller for Alfacleaner, Next
download Ewido and Smitrem
Download SmitRem
http://noahdfear.geekstogo.com/click counter/click.php?id=1
Save it to your desktop,Right click on the file and extract it to it's own
folder on the desktop.
Download Ewido Anti Malware
http://www.ewido.net/en/download/
When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes (the status bar
at the bottom will display "Update successful") Exit Ewido. DO NOT scan yet.
Download Ccleaner To Remove Temp and unused files from your system
http://download.ccleaner.com
Install Then close, copy this to notepad and save it so you can still view
it in safe mode.
Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard. If done right a Windows Advanced Options
menu will appear. Select the Safe Mode option and press Enter. To return to
normal mode just restart your computer as you normally would.
Run Smitrem :
Open the smitRem folder, then double click the RunThis.bat file to start the
tool. Follow the prompts on screen. Wait for the tool to complete and disk
cleanup to finish. The tool will create a log named smitfiles.txt in the root
of your drive, eg; Local Disk C: or partition where your operating system is
installed.
Run Ewido
Click on the Scanner button in the left menu, then click on complete system
scan. When ewido finds something, it will pop up a notification. Select
"clean" and check the boxes "Perform action with all infections" and "Create
encrypted backup" before clicking on ok. When the scan finishes, click on
"Save Report" from the bottom of the screen and save it to your desktop
incase you need more help with this.
Run Ccleaner and press "Run Cleaner" then exit.
Then Reboot back to Normal Mode
Delete the AlfaCleaner folder:
C:\Program Files\AlfaCleaner <--Delete this folder
Delete its start up entry if it still exists, Open Microsoft Antispyware,
Goto Advanced Tools then System Explorers. Click Start Up Programs then check
the Registry Local Machine Run area for [AlfaCleaner], if found left click
and press 'Permanently remove startup program' from the menu on the right and
click Yes to confirm.
You will need to reload your wallpaper after this tool finishes, To change
your wallpaper right click desktop and choose properties, Set the Theme to XP
if you are running XP then goto the Desktop tab and choose your wallpaper
from there.
I did a quick test on google using the same keywords you mentioned and it
does bring back some very malicious sites, About 6 out of 10 I tried use .wmf
exploits written into the main page, if your updates from MS are not up to
date then you will get infected as soon as you open the page so the next step
is to visit Windows Updates and download all available High Priority updates.
http://windowsupdate.microsoft.com/
Let us know if you have any problems
All The Best
Andy
