I read a Usenet post earlier this week that suggested possible Messenger Service spam (or maybe it was Smitfraud). It was a fake warning and an enticement to go to a particular Web site and download a "registry cleaner." I'm curious to know if people analyze samples. The suspicious file can be found at:

hxxp://www.clean32.c*m/setup.exe (asterisk used in place of "o")

I'm sure this is a scam. How can this Web site be taken off the Web?

Mod Edit: Disabled link.

clean32.com is listed as a malware site here.
http://www.viruspool.net/hits/2006-12-12.txt

It appears to be related to getting a user to download Registry Cleaner, a rogue program that claims to fix registry problems. One of the obvious signs of smitfraud is a fake warning alert that entices you to go to another site to download a program to correct the problems identified by the warning alert. However, the link you are getting is an executable to download a setup file.

If the message alert on the title bar says Messenger Service, it could be spam provided by the Messenger Service but just the same the link is leading to malware so clicking any links should be avoided. In this case it would be best to "Disable the Messenger Service in XP"

If the alert was coming from a flashing icon in the system tray that generates balloon messages or in the middle of the desktop, then the user is probably already infected and would need to follow the self-help guide How to remove Registry Cleaner.