Author Topic: Alureon fixed by system restore? Is my info safe?  (Read 1764 times)

0 Members and 1 Guest are viewing this topic.

Offline draftpeppin

  • Newbie
  • *
  • Posts: 1
Alureon fixed by system restore? Is my info safe?
« on: January 23, 2011, 08:00:19 PM »

I haven't found a discussion exactly on point for this.  At this point, I'm just curious and wanted to throw this out there.

Four days ago, I was on the web, using Firefox, with Avast running of course, on Windows 7 Starter, and something popped up with the Sun and Java logos, indicating I needed to update Java.  I don't remember the details, but something just didn't seem right, so I tried to decline it.  Then, the Windows security thing that comes up with a sort of yellowish box that confirms you want to install software came up, and I declined it.  I figured something bad almost happened, but figured I stopped it.

The next morning, I went to use the computer, and there was a message about a file being infected.  I got that message repeatedly, no matter what program I tried to open, including Task Manager.  I also saw a scan running for viruses in something that wasn't Avast.  I knew then that I had picked up one of the rogue antivirus program viruses.

I shut down, went into Safe Mode, and did a system restore.  I rolled it back one or two days.  When I came back up, everything seemed to be running just fine.

I also did some of the free online scanners, and nothing found anything.  Foolishly, I forgot to run a full Avast scan until last night.  It ended up finding a .tmp file in the temp folder under my user profile that was infected with Alureon.

I read a bit about that virus and saw that it can be used to steal passwords and things.

So, my questions are: 1) How likely is it that my passwords and other info were at risk in the time between doing a system restore (which eliminated all the other symptoms) and the time that I found the infected .tmp file?  and 2)Did denying permission to install the program prevent it from installing completely, or did the system restore clear it out? From experience, I have found that the system restore generally does not fix these rogue antivirus viruses, so I was surprised that it worked.  I wonder now if maybe it didn't fully install, and therefore maybe a simple reboot would have cleared what little bit of it was running in RAM, and that it was the reboot, not the system restore, that kept it from showing symptoms.

Any other comments to help me understand what happened are appreciated.