Author Topic: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen  (Read 16784 times)

0 Members and 1 Guest are viewing this topic.

rogertheme

  • Guest
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #15 on: August 05, 2010, 11:44:38 AM »
-deleted-
« Last Edit: August 05, 2010, 09:23:23 PM by rogertheme »

rogertheme

  • Guest
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #16 on: August 05, 2010, 11:46:53 AM »
-deleted-
« Last Edit: August 05, 2010, 09:23:34 PM by rogertheme »

rogertheme

  • Guest
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #17 on: August 05, 2010, 11:47:21 AM »
-deleted-
« Last Edit: August 05, 2010, 09:23:47 PM by rogertheme »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #18 on: August 05, 2010, 03:00:32 PM »
My laptop has been infested with these malwares, Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen, BV: AutoRun-G [Wrm].

I have since moved them to the Virus Chest in the Avast program, cleaned up the Registry and did Spyware scans and fixes.

However, there are still some 'side effects' such as my laptop slowing down and the inability to log on to youtube. As such, I am hoping to remove these malwares so that the 'side effects' to be removed as well.

I have attached the OTL log in the next post, although I am not sure how much help this can be. Hope someone can help me out on this. Thanks!

You haven't actually attached the log, see below, but spread it out over many posts and pages making it very difficult to read for ever it is that can analyse these. So if you can actually attach the log 'file' to a post it will make their analysis much easier.

Attaching a file - When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt). Also see How to post an Image.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rogertheme

  • Guest
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #19 on: August 05, 2010, 09:17:49 PM »
Hi DavidR,

Thank you for yr reply.

I hope I have attached the log the right way, pls pardon me for the errors because I m not very gd at this.

Thanks!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #20 on: August 05, 2010, 09:30:34 PM »
Hi lets reset your hosts (which is why you cannot get to youtube) and then check for TDSS

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

Code: [Select]
:OTL
O33 - MountPoints2\{0fcc8741-d6bc-11dc-b412-000b5d973199}\Shell\Auto\command - "" = Recycler.exe
O33 - MountPoints2\{68d95b70-0982-11de-b76f-0017423b734a}\Shell\AutoRun\command - "" = E:\gi2ky.exe -- File not found
O33 - MountPoints2\{68d95b70-0982-11de-b76f-0017423b734a}\Shell\open\Command - "" = E:\gi2ky.exe -- File not found
O33 - MountPoints2\{68d95b71-0982-11de-b76f-0017423b734a}\Shell\AutoRun\command - "" = E:\fbak.exe -- File not found
O33 - MountPoints2\{68d95b71-0982-11de-b76f-0017423b734a}\Shell\open\Command - "" = E:\fbak.exe -- File not found
O33 - MountPoints2\{7f3c6aa0-befc-11dd-b69f-0000f0b0ddd5}\Shell\Auto\command - "" = E:\sxs2.exe -- File not found
O33 - MountPoints2\{8b773450-4728-11dd-b53f-000b5d973199}\Shell\1\Command - "" = F:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{b4ded434-4624-11df-babc-0017423b734a}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe -- File not found
O33 - MountPoints2\{b4ded434-4624-11df-babc-0017423b734a}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe -- File not found

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
NEXT

Hi, :)

:welcome:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.





  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #21 on: August 05, 2010, 11:11:44 PM »
Thank you for yr reply.

I hope I have attached the log the right way, pls pardon me for the errors because I m not very gd at this.

You're welcome, you have attached the file successfully, so now you know how to di it.

Essexboy is on the case now so if you can follow his instructions hopefully it won't be long before you are in the clear.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rogertheme

  • Guest
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #22 on: August 06, 2010, 07:54:03 PM »
Thanks DavidR and Essexboy for your help!

Essexboy, I have attached the log from OTL below. (I can now log on to youtube!)

From the TDSSKiller scan, it seems that all is clear for my laptop as no suspicious or infected file was found.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #23 on: August 06, 2010, 08:17:45 PM »
You're welcome, hopefully essexboy will be able to check out your OTL log file.

From my very limited OTL knowledge there seems to be some general cleaning to do with Mountpoints and autorun file, stuff, but that I will have to leave for essexboy.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #24 on: August 06, 2010, 08:41:08 PM »
Quote
O1 HOSTS File: ([2008-11-06 08:15:48 | 002,852,607 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 209.85.203.100 gdata.youtube.com
O1 - Hosts: 209.85.203.100 gdata.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.37 sjc-v98.sjc.youtube.com
O1 - Hosts: 64.15.125.38 sjc-v99.sjc.youtube.com
O1 - Hosts: 64.15.125.39 sjc-v100.sjc.youtube.com
O1 - Hosts: 64890 more lines...
This was your problem

Subject to all being OK - run OTL and hit the cleanup button and it will disappear  ;D

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #25 on: August 06, 2010, 09:09:54 PM »
@ essexboy

Living and learning here:
About those entries for the mountpoints (033 entries), whilst they point to non-extant files "E:\AutoRun.exe -- File not found"

Should the mountpoints not be removed to avoid future infected USB sticks (presumably the E:\ drive/partition is a USB location) ?

Whilst the E:\LaunchU3.exe -- File not found and F:\LaunchU3.exe -- File not found mount points would be valid if the OP was using/had a U3 usb drive plugged in previously. Or are these generally created ?

The same general query about the 032 Autorun entries, but mainly the C:\autorun.inf and D:\autorun.inf locations if they relate to a HDD which shouldn't have these files (folders yes if Flash Drive Disinfector had been run, but no record of that in the topic).
« Last Edit: August 06, 2010, 09:15:29 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #26 on: August 06, 2010, 09:46:08 PM »
The mountpoints relate generally to external drives, the ones I removed pointed to malware files from a USB at some stage , the others are legit (at the moment) versions of files run from CD's and USB's

Autorun files again are generally not a problem, removal would stop CD's etc from autoplaying.  So I leave them unless I have an indication that they are malicious   

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #27 on: August 06, 2010, 10:45:20 PM »
OK thanks.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rogertheme

  • Guest
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #28 on: August 07, 2010, 08:08:15 AM »
Hi Essexboy,

I have run the OTL and hit the cleanup button.

By the way, another query, it seems that the Available Physical Memory on my laptop can fluctuate quite greatly, it can drop from 300+MB to less than 20MB in a short period and this causes my laptop to slow down (this happens even though no program is running). And I need to restart it several times (and by force at times by pulling the plug) to get it back to running at an "acceptable pace".

Thus, is there anything I should pay special attention to so that Available Physical Memory would not be fluctuating so much, thus affecting the speed my laptop is running at because it is extremely frustrating when I need the laptop to work quickly for work purposes.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89428
  • No support PMs thanks
Re: Win32:Alureon-FE[RTK], Win32:Malware-gen, Win32:Spyware-gen
« Reply #29 on: August 07, 2010, 02:53:06 PM »
Short of having the task manager open to monitor the Processes actual use of memory to try and pin down what it is that is using the memory.

What were you doing at the time of these spikes ?

I don't know how difficult or expensive it would be to increase your laptops RAM from presumably 512MB to 1GB by adding another 512MB stick of RAM. It would certainly improve overall system performance.

With a laptop part of your RAM would be shared with the Graphics chip, sometimes that value can be too much or the RAM that you have and could be reduced, again that depends on your use of the laptop.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security