Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: zpupster on April 05, 2012, 12:38:56 AM

Title: Alureon-M[rtk]
Post by: zpupster on April 05, 2012, 12:38:56 AM

hello support,
SOS!!

MBR rootkit

Alureon-M[rtk]

I need instructions on how to remove

thanks,

craig

Title: Re: Alureon-M[rtk]
Post by: Pondus on April 05, 2012, 12:42:52 AM

we do that in the virus and worms forum section   ;)      http://forum.avast.com/index.php?board=4.0


Follow this guide and attach logs from malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0



it may take several hours before any of the removal specialists arrive....so be patient

Title: Re: Alureon-M[rtk]
Post by: zpupster on April 05, 2012, 01:22:35 AM

thanks for the reply and direction.

craig

Title: Re: Alureon-M[rtk]
Post by: zpupster on April 05, 2012, 01:17:51 PM

hello support,

i am trying to run in safe mode but aswMBR keeps crashing.

i shows the Alureon-M in the boot record but when scanning further it stops.

thanks,

craig

Title: Re: Alureon-M[rtk]
Post by: Pondus on April 05, 2012, 01:28:56 PM

just attach the logs you are able to and Essexboy will help you when he arrive

Title: Re: Alureon-M[rtk]
Post by: DavidR on April 05, 2012, 02:32:08 PM

Try running aswMBR again but Select 'None' in the AV Scan: drop down list.

Title: Re: Alureon-M[rtk]
Post by: essexboy on April 05, 2012, 08:48:19 PM

Hi there are two things you could try for me

First :

Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg)
   
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg)
   
  
• Click the Start Scan button.
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg)
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg)
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
  (http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg)
   
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Then :

Go start > Run
Type diskmgmt.msc
The disc management console will open
Ensure that all drives are visible by expanding the view
Take a screenshot and attach to your next post

Title: Re: Alureon-M[rtk]
Post by: DavidR on April 05, 2012, 09:20:33 PM

@ essexboy
We are getting some duplication of effort here (by essexboy and others) as zpupster has two topics on the go, this one and one in the viruses and worms forum,  http://forum.avast.com/index.php?topic=96755.0 (http://forum.avast.com/index.php?topic=96755.0) with all of the logs.

Title: Re: Alureon-M[rtk]
Post by: essexboy on April 05, 2012, 09:32:53 PM

Ah did not check the names - unsubscribing from this  ;D