||||
Symantec.com > Business > Security Response > AdvancedCleaner
PRINT THIS PAGE

AdvancedCleaner

Printer Friendly Page

Updated: July 31, 2007 6:04:47 PM
Type: Misleading Application
Name: AdvancedCleaner
Version: 1.0.35.0
Publisher: AdvancedCleaner
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP


Behavior
When the program is run, it displays a window that allows the user to scan the computer for security threats. The program then reports a number of false threats:



The user is then prompted to pay for a full license of the application in order to remove the falsely reported threats:



The misleading application can be manually downloaded and installed.


Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\AdvancedCleaner Free.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner HomePage.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner Online Manual.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner Online Support.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\Uninstall AdvancedCleaner.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner.lnk
  • %ProgramFiles%\AdvancedCleaner Free\InstStat.exe
  • %ProgramFiles%\AdvancedCleaner Free\UADC.exe
  • %ProgramFiles%\AdvancedCleaner Free\UADCcw.exe
  • %ProgramFiles%\AdvancedCleaner Free\acu.dat
  • %ProgramFiles%\AdvancedCleaner Free\antiVlog.dat
  • %ProgramFiles%\AdvancedCleaner Free\appAct.dat
  • %ProgramFiles%\AdvancedCleaner Free\AppDB\AppBase.xml
  • %ProgramFiles%\AdvancedCleaner Free\AppDB\profiles.dat
  • %ProgramFiles%\AdvancedCleaner Free\AppDB\prowords.dat
  • %ProgramFiles%\AdvancedCleaner Free\appv.dat
  • %ProgramFiles%\AdvancedCleaner Free\atl71.dll
  • %ProgramFiles%\AdvancedCleaner Free\img\button.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\button2.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\header.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\logo.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\spacer.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\top1.jpg
  • %ProgramFiles%\AdvancedCleaner Free\img\top2.jpg
  • %ProgramFiles%\AdvancedCleaner Free\img\top_line.gif
  • %ProgramFiles%\AdvancedCleaner Free\lapv.dat
  • %ProgramFiles%\AdvancedCleaner Free\license.rtf
  • %ProgramFiles%\AdvancedCleaner Free\manual.url
  • %ProgramFiles%\AdvancedCleaner Free\mfc71.dll
  • %ProgramFiles%\AdvancedCleaner Free\msvcp71.dll
  • %ProgramFiles%\AdvancedCleaner Free\msvcr71.dll
  • %ProgramFiles%\AdvancedCleaner Free\naglinks.dat
  • %ProgramFiles%\AdvancedCleaner Free\readme.rtf
  • %ProgramFiles%\AdvancedCleaner Free\report.dat
  • %ProgramFiles%\AdvancedCleaner Free\req.dat
  • %ProgramFiles%\AdvancedCleaner Free\request.dat
  • %ProgramFiles%\AdvancedCleaner Free\support.url
  • %ProgramFiles%\AdvancedCleaner Free\tasks.dat
  • %ProgramFiles%\AdvancedCleaner Free\transformer.dat
  • %ProgramFiles%\AdvancedCleaner Free\UADC.url
  • %ProgramFiles%\AdvancedCleaner Free\UADC.xml
  • %ProgramFiles%\AdvancedCleaner Free\unins000.dat
  • %ProgramFiles%\AdvancedCleaner Free\unins000.exe
  • %ProgramFiles%\AdvancedCleaner Free\uninstall.ico
  • %ProgramFiles%\AdvancedCleaner Free\UninstallPage.html
  • %ProgramFiles%\AdvancedCleaner Free\upser.dat
  • %UserProfile%\Local Settings\Temp\UADC_0001_[EIGHT RANDOM CHARACTERS]\installer.exe


Next, the program creates the following registry entries so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AdvancedCleaner Free" = ""C:\Program Files\AdvancedCleaner Free\UADC.exe" /min"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"UADC_104911963" = ""C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c"

It also creates the following registry subkeys:
HKEY_ALL_USERS\SofTware\AdvancedCleaner Free
HKEY_LOCAL_MACHINE\SOFTWARE\AdvancedCleaner Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UADC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\UADC_[EIGHT RANDOM CHARACTERS]


Similar Security Risks
DriveCleaner

Search by name
Example: W32.Beagle.AG@mm
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS