1. /
  2. Security Response/
  3. AdvancedCleaner

AdvancedCleaner

Updated:
July 31, 2007 6:04:47 PM
Type:
Misleading Application
Name:
AdvancedCleaner
Version:
1.0.35.0
Publisher:
AdvancedCleaner
Risk Impact:
Medium
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior

When the program is run, it displays a window that allows the user to scan the computer for security threats. The program then reports a number of false threats:



The user is then prompted to pay for a full license of the application in order to remove the falsely reported threats:



The misleading application can be manually downloaded and installed.


Installation

When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\AdvancedCleaner Free.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner HomePage.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner Online Manual.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner Online Support.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\Uninstall AdvancedCleaner.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\AdvancedCleaner Free\AdvancedCleaner.lnk
  • %ProgramFiles%\AdvancedCleaner Free\InstStat.exe
  • %ProgramFiles%\AdvancedCleaner Free\UADC.exe
  • %ProgramFiles%\AdvancedCleaner Free\UADCcw.exe
  • %ProgramFiles%\AdvancedCleaner Free\acu.dat
  • %ProgramFiles%\AdvancedCleaner Free\antiVlog.dat
  • %ProgramFiles%\AdvancedCleaner Free\appAct.dat
  • %ProgramFiles%\AdvancedCleaner Free\AppDB\AppBase.xml
  • %ProgramFiles%\AdvancedCleaner Free\AppDB\profiles.dat
  • %ProgramFiles%\AdvancedCleaner Free\AppDB\prowords.dat
  • %ProgramFiles%\AdvancedCleaner Free\appv.dat
  • %ProgramFiles%\AdvancedCleaner Free\atl71.dll
  • %ProgramFiles%\AdvancedCleaner Free\img\button.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\button2.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\header.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\logo.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\spacer.gif
  • %ProgramFiles%\AdvancedCleaner Free\img\top1.jpg
  • %ProgramFiles%\AdvancedCleaner Free\img\top2.jpg
  • %ProgramFiles%\AdvancedCleaner Free\img\top_line.gif
  • %ProgramFiles%\AdvancedCleaner Free\lapv.dat
  • %ProgramFiles%\AdvancedCleaner Free\license.rtf
  • %ProgramFiles%\AdvancedCleaner Free\manual.url
  • %ProgramFiles%\AdvancedCleaner Free\mfc71.dll
  • %ProgramFiles%\AdvancedCleaner Free\msvcp71.dll
  • %ProgramFiles%\AdvancedCleaner Free\msvcr71.dll
  • %ProgramFiles%\AdvancedCleaner Free\naglinks.dat
  • %ProgramFiles%\AdvancedCleaner Free\readme.rtf
  • %ProgramFiles%\AdvancedCleaner Free\report.dat
  • %ProgramFiles%\AdvancedCleaner Free\req.dat
  • %ProgramFiles%\AdvancedCleaner Free\request.dat
  • %ProgramFiles%\AdvancedCleaner Free\support.url
  • %ProgramFiles%\AdvancedCleaner Free\tasks.dat
  • %ProgramFiles%\AdvancedCleaner Free\transformer.dat
  • %ProgramFiles%\AdvancedCleaner Free\UADC.url
  • %ProgramFiles%\AdvancedCleaner Free\UADC.xml
  • %ProgramFiles%\AdvancedCleaner Free\unins000.dat
  • %ProgramFiles%\AdvancedCleaner Free\unins000.exe
  • %ProgramFiles%\AdvancedCleaner Free\uninstall.ico
  • %ProgramFiles%\AdvancedCleaner Free\UninstallPage.html
  • %ProgramFiles%\AdvancedCleaner Free\upser.dat
  • %UserProfile%\Local Settings\Temp\UADC_0001_[EIGHT RANDOM CHARACTERS]\installer.exe


Next, the program creates the following registry entries so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AdvancedCleaner Free" = ""C:\Program Files\AdvancedCleaner Free\UADC.exe" /min"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"UADC_104911963" = ""C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c"

It also creates the following registry subkeys:
HKEY_ALL_USERS\SofTware\AdvancedCleaner Free
HKEY_LOCAL_MACHINE\SOFTWARE\AdvancedCleaner Free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UADC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\UADC_[EIGHT RANDOM CHARACTERS]


Similar Security Risks
DriveCleaner

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver