Win32:Alureon-EC[Rtk]

[matrixdude171]

Yea, it does, and I have a few CD's but they aren't RW's. I have a 1gig flash drive, and a 4gig one as well if that works better instead.

[YoKenny]

You can backup the data on the CDs or the Flash drive.

How much data do you have that needs to be backed up?

[matrixdude171]

Uh, way more than is practical via flash drive or CD. It's like a couple hundred gigs.

[pnt]

Hi friends, For the last 15 days I suffered badly due to "Win32:Alureon-EC[Rtk] which continued to pop up every 30 minutes or so and was detected by Avast. Everytime I moved it to Avast Virus Chest assuming that the problem was solved for ever, but it simply was not happening. I even scanned my computer during boot but Avast reported it as clean. But the problem persisted.

I found "malwarebytes" and used it, but that too reported everything to be clean. Then I came across "ComboFix" at http://www.webuser.co.uk/ and from there downloaded the latest version of "ComboFix" and take my chance. At the forum they ask you to post HijackThis log etc but I consciously chose to ignore it as I couldnot afford to waste more time. I followed all instructions after running ComboFix.

I am happy to tell you that after that my problem has been solved and there has been no pop up ever since. However, after the scan my Avast home stopped working properly and was unable to load the main screen from which I could control the virus scan etc. I immediately uninstalled the existing version and did a fresh install of the latest Avast version. And ever since everything appears to be working well. I just love Avsat as it has saved me numerous times from virus and spyware attacks. However, this is the first time it was unable to remove this rootkit.

I sincerely hope someone at Avast notices this post and takes some positive action to improve Avast. Thank you Avast and Thank you ComboFix.

[pnt]

Hi again friends.

Sorry... forgot to mention. CoboFix is a powerful program so it's important to use it properly. Here is a link that will lead you to a tutorial: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please use your own judgment befor using CoboFix to solve your problem. I took a risk... it helped me, but all computers are configured different.

Have fun :-)

[essexboy]

Very true combofix is powerfull and sometimes things can go wrong - but most helpers have trained for this eventuality and know how to recover

@matrixdude171

Could you run and post the following log for me and I will assist

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    

[polonus]

Hi pnt,

I would not endorse for the average user to dabble in ComboFix without the assistence of a qualified malware eliminator. If you venture out to do it as an experienced user ask for the help from some-one who is qualified to analyze and make a removal script. Just like HijackThis these are malware analyzing tools that are dangerous in the hands of those that do not know exactly what they are doing. There are sources online to determine what to keep or what to fix, but these must always be backed up by the knowledge of an experienced user,

polonus

[matrixdude171]

I'm thankful for the help, but I used combofix and it got rid of the problem. I had a bit of trouble getting it to run since because it says there's a date error, but the real culprit was a program that came with my computer called NTI backup, and I got rid of that too. Since then I've had no issues, but I'll run OTL and post the logs anyways. It only made a OTL log, not an extra log and I don't know why, I ran it twice to be sure.

http://www.mediafire.com/?vlamlzkdkum

[pnt]

Hi polonus/essexboy,

Thank you for your responses. Even I don't recommend that a novice use a dangerous product unassisted and that's why I talked about the ComboFix tutorial. But I do endorse Avast for one and all for keeping the computer safe from viruses etc.

However, I do feel that somewhere one has to learn to take a risk that may fructify into something beautiful. I am not a computer expert but have been using a computer for donkeys ages and everything I learned I did it by trial and error. But that's me. My belief is that if I don't take responsibility for my own actions, no one else will.

Further, a novice becomes an experienced user only with time and by being involved in trial and error and also by getting out of the shadows of masters. On the net we can find all kinds of products/services, and it all depends on ones own judgment what to use and how to use it. Over the years I have learnt many tricks using my own judgment. I have made my mistakes but I have managed to survive without complicating my life :-)

Bless you all.

[essexboy]

Combofix got the lot and left nothing behind

To remove all the tools... Run OTL and hit the cleanup button.
This will remove combofix and itself

[matrixdude171]

Thank you for all the help you've given me, and that it's all clean now! 

[Abrasax]

Hello, I recently had this same problem and, after reading this thread ran ComboFix.  The problem seems to have been resolved, but I was wondering if someone could take a look at the logs.  I have the OTL.txt file: http://www.mediafire.com/?nzjfywey5rw, Extras.txt file: http://www.mediafire.com/?g42nzzmjydz, and the ComboFix log: http://www.mediafire.com/?anmmzqwl43a.  Would someone be willing to take a look and let me know?  Thanks a bunch.