Removing Win32:Aluroot-B [Rtk]

[kingoftheremotes]

Sure thing, here is the Zoek Results.

[magna86]

Hi,
You have even run ESET Online scanner , Windows Repair Tool ...
I'm familiar with this kind of work, it is impossible not to remember who you helped and where. 


Step#1

-Uninstall Glary Utilities

Re-run zoek.exe as you did before but use this script:

Code: [Select]

C:\Program Files\Glarysoft Toolbar;fs
C:\users\Rich Fraenkel\AppData\Roaming\GlarySoft;fs
C:\users\Rich Fraenkel\AppData\Locallow\Toolbar4;fs
C:\Program Files\Glarysoft Toolbar\toolbar;fs
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}];r
[-HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88}];r
installedprogs;
FFdefaults;
chrdefaults;
autoclean;

Click on RunScript. Attach here fresh zoek log




Step#2


Again, re-run zoek.exe as you did before but use this script:

Code: [Select]

csrsrv.dll;z
C:\Windows\system32\csrsrv.dll;virustotal;
Click on RunScript. Attach here fresh zoek.log.

[kingoftheremotes]

Removed Glary and reran and then ran again with the scripts you provided. The second time a website popped up called virustotal. This is the page: https://www.virustotal.com/en/file/f190f2dcb416d109dfca167628824ce053774fb708aa494450ad6313ef6be654/analysis/

I've attached the zoek results as well. Thanks!

[magna86]

Re-run zoek with this script:

Code: [Select]

standardsearch;
silentrunners;
Attach here zoek log.

[kingoftheremotes]

Sure thing, this time. No pop up website this time.

[magna86]

Ok, here is the thing:

aswMBR uses his own heuristic scan + avast database to scan critical system sections.


23:10:37.186    AVAST engine scan C:\Windows
23:10:39.003    AVAST engine scan C:\Windows\system32
23:10:46.134    File: C:\Windows\system32\csrsrv.dll  **INFECTED**
Win32:Aluroot-B [Rtk]
23:12:05.925    AVAST engine scan C:\Windows\system32\drivers
23:12:15.215    AVAST engine scan C:\Users\Rich Fraenkel
23:16:10.404    AVAST engine scan C:\ProgramData
23:16:45.357    Scan finished successfully


I'v check the csrsrv.dll file via zoek script and also was sent the file via zoek script for analysis on virustotal site ... file looks leght and by Microsoft.
Also last Zoek log looks clean and doesn't see any malware. Your PC looks good now.


> How is your computer running now?

[kingoftheremotes]

I did an uninstall of Avast and that fixed it. I'm able to update Avast, Java and Windows update. Avast MBR isn't showing an infection anymore either. Thanks for all your help. I really appreciate it.

[magna86]

Let's remove used toold for post cleaning: 

Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.

Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.


****************


I recommended to keep Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.