Author Topic: win32: Alureon-FZ  (Read 15114 times)

0 Members and 1 Guest are viewing this topic.

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #30 on: April 26, 2011, 10:14:38 PM »
Do you think this was my problem all along?  Causing the frequent blue screens?  What about the Alureon-FZ virus?

You have been tremendously helpful and it is much appreciated.

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-26 15:11:00
-----------------------------
15:11:00.296    OS Version: Windows 5.1.2600 Service Pack 3
15:11:00.296    Number of processors: 4 586 0xF0B
15:11:00.296    ComputerName: D2JZC5G1  UserName:
15:11:41.406    Initialize success
15:11:45.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:11:45.953    Disk 0 Vendor: SAMSUNG_HD501LJ CR100-13 Size: 476940MB BusType: 3
15:11:45.984    Disk 0 MBR read successfully
15:11:46.000    Disk 0 MBR scan
15:11:46.031    Disk 0 scanning sectors +976768065
15:11:46.140    Disk 0 scanning C:\WINDOWS\system32\drivers
15:12:13.046    Service scanning
15:12:21.375    Disk 0 trace - called modules:
15:12:21.390    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:12:21.406    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac4dab8]
15:12:21.406    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8acabf18]
15:12:21.421    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac93940]
15:12:21.437    Scan finished successfully

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: win32: Alureon-FZ
« Reply #31 on: April 26, 2011, 10:22:16 PM »
Yes it could have been - Avast was blocking the malware from updating by killing the droppers.  And was warning about the infection... Although it could have been a little clearer 

This is only one of the two specialist tools that I would trust to remove TDL3 - with other tools there is a high probability that the system will become unbootable.  Intriguingly not even Kaspersky's AV will cure this - you need to run TDSSKiller on it  ;D

Let it run for 24 hours and when you are happy I will remove my tools and tidy you up

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #32 on: April 26, 2011, 10:24:23 PM »
Let what run for 24 hours?  I don't think anything is still running.

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #33 on: April 26, 2011, 10:27:14 PM »
The blue screens started in early March (2-3 weeks before I made this post http://forum.avast.com/index.php?topic=74899.0) and the first detection by Avast was 2 days ago.

Thanks again for your help.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: win32: Alureon-FZ
« Reply #34 on: April 26, 2011, 10:31:11 PM »
I never saw that thread - As, if the hardware checks out OK then I would always check for an infection just to rule it out if nothing else

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #35 on: April 26, 2011, 10:32:44 PM »
I supsected a virus from the beginning and that is why I made that post.  I checked multiple times for nearly 2 months with nothing and then all of a sudden..............

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: win32: Alureon-FZ
« Reply #36 on: April 26, 2011, 10:35:12 PM »
Should have PM'd me to take a look see  ;D

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #37 on: April 26, 2011, 10:40:12 PM »
You bet I will next time.  You are the man.

I am using regularly scheduled scans with Avast (quick scans daily and full-system scans weekly).  Also run CCleaner and Advanced System Care almost daily.  Is there anything else I need to be doing?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36624
Re: win32: Alureon-FZ
« Reply #38 on: April 26, 2011, 10:47:01 PM »
Quote
.....Advanced System Care .....
advanced sytem care info  http://forum.avast.com/index.php?topic=77045.msg638176#msg638176

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: win32: Alureon-FZ
« Reply #39 on: April 26, 2011, 10:48:54 PM »
To be honest the number of scans is a bit of an overkill - I have my system set to screensaver scan - and once a month (if I remember, I have a boot scan)

I Have IE9 set to clear all temp internet files when closed and I use TFC once a month to get the last bits out.  I never touch my registry as it is pointless.  A fully clean and optimised registry will gain you  0.1 of a mini micro millisecond or thereabouts.  It is better to empty the temps and do a weekly defrag ;D

Other security - well I have AIS and Malwarebytes (again when I remember to run it )

Total infections to date Zero - and I do visit some bad sites to get some samples (Using my VM of course)

As for utilities - well I use BlackVipers site to set my services and then just let windows run


Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #40 on: April 26, 2011, 10:50:42 PM »
Quote
.....Advanced System Care .....
advanced sytem care info  http://forum.avast.com/index.php?topic=77045.msg638176#msg638176

Thanks Pondus.

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #41 on: April 26, 2011, 10:51:10 PM »
essex,

So what should be running for the next 24 hours?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: win32: Alureon-FZ
« Reply #42 on: April 26, 2011, 10:53:38 PM »
Just run your system normally and let me know if anything untoward happens - if not then we tidy you up

Offline homedog

  • Jr. Member
  • **
  • Posts: 40
Re: win32: Alureon-FZ
« Reply #43 on: April 26, 2011, 10:57:21 PM »
Will do.  Will check results of Avast scan at about 5a CST in the morning.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: win32: Alureon-FZ
« Reply #44 on: April 26, 2011, 11:06:51 PM »
K