MBR:Alureon-L [Rtk]

[REDACTED]

Hi!

I was searching in the web for any solution to remove the Alureon-L Virus (MBR), but I was not able alone.

No viruses detected with Malewarebytes and Avast! (virus detected with Startup analysis, see aswBoot.tst attached)

Could anyone help me, please?

Thank you very much in advance.

Gemma

NB: It is not possible to run aswMBR.exe and TDSSKiller.exe in my computer

[REDACTED]

More logs...

[DavidR]

A malware removal specialist has been informed of your topic.

[REDACTED]

Great!

Thanks DavidR

[essexboy]

Thanks for all the logs 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-3927925257-714619915-3580257784-1001\..\SearchScopes\{B5B86DFA-62C9-4FF6-9498-729DAA49D455}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
[2012/10/06 15:39:25 | 000,006,522 | ---- | M] () -- C:\Users\gmulachs\AppData\Roaming\mozilla\firefox\profiles\j7zymhuw.default\searchplugins\bProtect.xml
[2012/06/27 20:27:34 | 000,003,998 | ---- | M] () -- C:\Users\gmulachs\AppData\Roaming\mozilla\firefox\profiles\j7zymhuw.default\searchplugins\sweetim.xml

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
• Then click on Change parameters.
   
  
   
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
  
• Click the Start Scan button.
   
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Get the report by selecting Reports

 

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

Please attach the log at C:\TDSSKiller date time in your next reply.

[REDACTED]

Thanks essexboy for your help.

Find attached the file result of OTL fix and log file of OTL Scan.

The problem is that I am not able to run TDSSKiller  .

Regads,

Gemma

[essexboy]

OK that narrows it down, could you restart your computer and press then hold F8 to get to the safe mode menu
On the menu is there the option "repair my Computer"
If selected does it run ?

Do you also have listparts on a USB stick, or could you put it on there as we will need to work outside of windows

[REDACTED]

Hi!

"Repair my computer" doesn't work. My computer is blocked trying to load files ("Windows is loading files..." screen)  .

Yes, I have listparts on a USB stick, and I could you put it on there as we will need to work outside of windows  ,

[essexboy]

Download the following three programmes to your desktop :

 
1.  WiNTBootIc
2.  Windows 7 64bit RC
3.  ListParts64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy Listparts to the same USB




Insert the USB into the sick computer and start the computer.  First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

 
When you reboot you will  see this although yours will say windows 7.
Click repair my computer

 
Select your operating system

 
Select Command prompt

 
At the command prompt type the following  :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\Listparts64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.

Press Scan button.
It will make a log (results.txt) on the flash drive. Please copy and paste it to your reply.

[REDACTED]

Hi essexboy, here you are log files:

1. Without BCD list (Result.txt)

2. With BCD list option selected (Result_BCD.txt)

Thanks!

[REDACTED]

Sorry, you said copy and paste 


Percentage of memory in use: 12%
Total physical RAM: 3950.1 MB
Available physical RAM: 3462.75 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3441.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Datos) (Fixed) (Total:224.29 GB) (Free:192.79 GB) NTFS
3 Drive e: () (Fixed) (Total:230.52 GB) (Free:72.92 GB) NTFS
4 Drive f: (Recovery) (Fixed) (Total:10.84 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive h: () (Removable) (Total:1.91 GB) (Free:1.71 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB     9 MB         
  Disk 1    Online         1955 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            10 GB  1024 KB
  Partition 2    Primary            100 MB    10 GB
  Partition 3    Primary            230 GB    10 GB
  Partition 0    Extended           224 GB   241 GB
  Partition 4    Logical            224 GB   241 GB

======================================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   Recovery     NTFS   Partition     10 GB  Healthy    Hidden 

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   System Rese  NTFS   Partition    100 MB  Healthy           

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E                NTFS   Partition    230 GB  Healthy           

======================================================================================================

Disk: 0
Partition 4
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   Datos        NTFS   Partition    224 GB  Healthy           

======================================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1955 MB    16 KB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                NTFS   Removable   1955 MB  Healthy           

======================================================================================================
==========================================================
TDL4: custom:26000022


****** End Of Log ******

[essexboy]

Intriguing the initial listparts log showed a possible infected partition, but now it does not

Restart  the recovery console please and select command prompt
At the command prompt type the following pressing enter after each line

bootrec /fixmbr
bootrec /fixboot

Reboot to normal windows and run TDSSKiller again please

[REDACTED]

I am very sorry, but after the last operation (bootrec) I cannot start my computer (neither restoring nor normal)    .

Maybe I could restore my system from an image (that I suppose is infected). Do you have a better solution?

[essexboy]

From the safe mode menu select startup repair please and let me know if that works

[REDACTED]

Trying to restore...