Author Topic: alureon-k!!!...new guy  (Read 8918 times)

0 Members and 1 Guest are viewing this topic.

themadness

  • Guest
alureon-k!!!...new guy
« on: March 31, 2012, 02:24:08 PM »
i have the alureon-k and have been through a list of things to get it out. after a fresh install of avast, a full scan finally recognized it but wont get rid of it. moving it to the chest isnt an option. deleting it doesnt get rid of it.

here is what i have tried thus far(with no supervision by anyone who knows what they are doing) ;)

avast boot scan- all clear
MBAM- full scan didnt find it
Superantispyware- removed the typical stuff but didnt find this
combofix- wouldnt scan at all, just hung up at the starting of the scan
tdsskiller- wouldnt open or run
eset- found nothing
bitdefender-  nothing
microsoft security essentials- found nothing
stared at the screen with an angry face- didnt work
threatened with a baseball bat- nothing


i have read there is a "partition" that is protecting the files from being removed. if you guys can walk me through this i would greatly appreciate it.

running windows xp pro service pack 3

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #1 on: March 31, 2012, 02:25:24 PM »
OK lets see what aswMBR says

Download aswMBR.exe ( 4.1mb ) to your desktop.
 Double click the aswMBR.exe to run it  Click the "Scan" button to start scan 



On completion of the scan click save log, save it to your desktop and post in your next reply



themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #2 on: March 31, 2012, 02:49:32 PM »
wont open :-\

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #3 on: March 31, 2012, 03:06:35 PM »
OK before I proceed with the tedious bit

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #4 on: March 31, 2012, 03:16:46 PM »
i'm using the only computer i have(laptop)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #5 on: March 31, 2012, 03:21:12 PM »
I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB) 

Create a bootable CD, for Gparted from the ISO image. 
You can use ImgBurn do this.

Now boot off of the newly created Gparted CD. 



 You should be here... Press ENTER



By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER. 



Choose your language and press ENTER. English is default [33]



Once again, at this prompt, press ENTER 
You will now be taken to the main GUI screen below



According to your logs, the partition that you want to delete is 2 MB

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions: 



 Now you should be here:

 


Is "boot" next to your OS drive? 

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags 

In the menu that pops up, place a checkmark in boot like the picture below:



Now double-click the button.

You should receive a small pop up like this:



Choose reboot and then press OK. 

themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #6 on: March 31, 2012, 03:40:40 PM »
is there any way to do it without making a boot disc? my cd drive has decided to quit working. i had a similar virus on a desktop several years ago that did the same thing to the cd drive.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #7 on: March 31, 2012, 03:43:52 PM »
Download and install LinuxLive USB Creator on your MS Windows computer.  http://www.linuxliveusb.com/
Download the GParted Live iso file. http://gparted.sourceforge.net/download.php
From Windows, install then run the LinuxLive USB Creator program and follow the instructions in the GUI to install GParted Live on your USB flash drive.

Then reboot from the flash drive and follow the previous instructions


themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #8 on: March 31, 2012, 04:06:11 PM »
not working either :(

port wont recognize the usb drive

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #9 on: March 31, 2012, 04:18:35 PM »
Within disc management could you right click bad partition and see if the delete option is available - just look

Then copy aswMBR.exe to your root c drive and rename it to explorer so you then get C:\explorer.exe

Then from the run key type in the following

C:\explorer.exe -ap 1

Does it run ?

THEN

We need to install the recovery console so I will use Combofix to do that.  When it runs allow the installation of the recovery console

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #10 on: March 31, 2012, 04:25:47 PM »
to be sure i am renaming it right. aswMBR is on my c: drive folder. just click the icon and rename it "explorer"?

and i already have combofix. i downloaded it yesterday

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #11 on: March 31, 2012, 04:28:13 PM »
Yes rename it and see if we can fool the malware

Is the delete option available for that partition ?


themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #12 on: March 31, 2012, 04:30:17 PM »
aswMBR gave  me "application failed to initialize"

and the delete option was unavailable

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: alureon-k!!!...new guy
« Reply #13 on: March 31, 2012, 04:37:31 PM »
OK go and run combofix - so that I will have the option of using the recovery console to switch partitions

By the time it has finished running and you have posted the log I may have a way around this

themadness

  • Guest
Re: alureon-k!!!...new guy
« Reply #14 on: March 31, 2012, 04:39:50 PM »
ok i will run combofix.

just to note though. i bought this laptop used several months ago and dont have a recovery cd. what other options do i have if i cant get rid of this virus? baseball bat?