« previous next »
Pages: [1]   Go Down

Author Topic: Win32 Alureon-ER  (Read 3887 times)

0 Members and 1 Guest are viewing this topic.

rbtbob

  • Guest
Win32 Alureon-ER
« on: December 24, 2009, 09:54:51 PM »
This is my first time dealing with a virus and I have handled it very poorly so far. I have been moving it to the chest only to have it reappear again at startup or later in the session, also have deleted the file with the same result. The virus is in file tdlcmd.dll . I need to know how to proceed from here to remove the virus and also the security risks involved. XP Home edition, service pack 3, Pentiun 4, 2.66 GHZ, 512 MB Ram.Thanks Rbtbob
« Last Edit: December 24, 2009, 10:19:52 PM by rbtbob »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37619
  • Not a avast user
Re: Win32 Alureon-ER
« Reply #1 on: December 25, 2009, 07:59:20 PM »
Win32 Alureon
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fAlureon

Try scanning with

MBAM http://filehippo.com/download_malwarebytes_anti_malware/
update and run quick scan, click the button "remove selected" to quarantine anything found

SAS http://filehippo.com/download_superantispyware/

Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

you may also try

Boot time Avast Antivirus Scanning http://www.digitalred.com/avast-boot-time.php

Dr.Web CureIt http://www.freedrweb.com/cureit/
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/

Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en

you may post the scan logs here
« Last Edit: December 25, 2009, 08:01:09 PM by Pondus »
Logged

rbtbob

  • Guest
Re: Win32 Alureon-ER
« Reply #2 on: December 26, 2009, 12:44:20 AM »
Thank you, Pondus, for your responce, have downloaded free version of malwarebytes and below is the scan log. It should be noted that I have moved to the virus chest two more detections of the Alureon infected file tdlcmd.dll while installing and running this scan
Malwarebytes' Anti-Malware 1.42
Database version: 3430
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/25/2009 5:27:49 PM
mbam-log-2009-12-25 (17-27-49).txt

Scan type: Quick Scan
Objects scanned: 135125
Time elapsed: 16 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
As I said in my first post, I have been moving the infected file to the virus chest and deleting it for about two weeks. After reading about the nature of this virus I am very concerned about my internet accounts with  credit card and PayPal usage involved. What would you advise at this point as the best measures to prevent possible abuse of passwords and other confidential information??
« Last Edit: December 26, 2009, 01:18:13 AM by rbtbob »
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37619
  • Not a avast user
Re: Win32 Alureon-ER
« Reply #3 on: December 26, 2009, 01:06:28 PM »
Quote
After reading about the nature of this virus I am very concerned about my internet accounts with  credit card and PayPal usage involved. What would you advise at this point as the best measures to prevent possible abuse of passwords and other confidential information??
I would change all Usernames / Passwords, and don`t use this computer for online banking before it is clean
Logged
Pages: [1]   Go Up
« previous next »