Author Topic: Infected with Trojan:DOS/Alureon.E , how to remove? (Read 12894 times)

cherwith · « **on:** February 19, 2012, 06:02:04 PM »

I'm using Windows 7and recently reformatted when it was alerted that I was infected with Trojan DOS ALueron E. But despite reformatting the virus is still in existence. Microsoft Safety Scanner only partially removed the virus.
I performed answMBR version0.9.9.168 20ll Avast Software and it detected Disk 0 partition 4 was infected MBR-Alureon-K [rtk]
Service MpNWMon C:\Windows\System32\Drivers\MpNWMon.sys locked 32

Only option here is to fix MBR which Im afraid will compremise my system..so what should I do then?
Unable to run Avast full scan on safe mode (which Im currently on)

DavidR · « **Reply #1 on:** February 19, 2012, 06:10:48 PM »

This is a new variant of Alureon and one that created its own small partition in order to place the MBR rootkit.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and attach the logs here, not in the LOGS topic.

cherwith · « **Reply #2 on:** February 19, 2012, 06:28:04 PM »

Hi thanks for the fast reply..this is the Malwarebytes Anti Malware...report

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
cherwith :: CHERWITH-PC [administrator]

Protection: Enabled

19/2/2012 1:26:06 AM
mbam-log-2012-02-19 (01-26-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180016
Time elapsed: 15 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

essexboy · « **Reply #3 on:** February 19, 2012, 06:34:53 PM »

Monitoring

cherwith · « **Reply #4 on:** February 19, 2012, 06:46:48 PM »

Sorry did not save it in the right format.re attaching.

cherwith · « **Reply #5 on:** February 19, 2012, 06:52:19 PM »

Ok attaching the aswMBR log file. What's next?

cherwith · « **Reply #6 on:** February 19, 2012, 07:22:39 PM »

I hope all the files attached can be opened. Do I need to run any other test? As I do not think I have a hard drive infection..but I'm not too tech savvy...so I could be wrong...but my files and folders are alright at present. and i only reformatted yesterday so..hardly have any files...on my laptop.

cherwith · « **Reply #7 on:** February 19, 2012, 07:57:24 PM »

Its..3 am will check back tomorrow.....thank u

Pondus · « **Reply #8 on:** February 19, 2012, 08:04:38 PM »

It seems you are running avast and McAfee ?

never install multiple AV as this can/will create all kind if windows errors and false positive detections

it is recomended to run a removal tool so any leftover files are gone

run and reboot - Uninstallers – Security Software
http://singularlabs.com/uninstallers/security-software/

essexboy · « **Reply #9 on:** February 19, 2012, 08:09:15 PM »

Ta Pondus saves me saying that

Quote

01:47:03.151 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 4 MB offset 976764928
01:47:03.151 Disk 0 Partition 4 **INFECTED** MBR:Alureon-K [Rtk]

Go Start > Run
Type in compmgmt.msc
Select Storage
Select Disc Management
Locate the 4 Mb partion (4)
Right click and select delete
Rerun aswMBR and post the log please

cherwith · « **Reply #10 on:** February 19, 2012, 08:31:22 PM »

Thanks, have removed one of the anti-virus... and re-run the aswMBR

file is attached.

essexboy · « **Reply #11 on:** February 19, 2012, 09:36:17 PM »

OK gone

Do you have any other problems ?

cherwith · « **Reply #12 on:** February 19, 2012, 10:13:37 PM »

At present everything seems to be working fine, I'm going to sleep now its 5 am plus. Will check back tomorrow if there are any issues. Thanks so much truly appreciate you taking the time to help, it is most appreciated, sorry for all the silly questions n installing 2 anti virus in one..op system..good night..i mean good morning.!

dminor7495 · « **Reply #13 on:** March 09, 2012, 09:34:37 PM »

OH my gosh...I've been working on this Trojan:DOS/Alureon.E virus for DAYS! I've tried every thing I've found on many forums and the instruction to go into the disk management and delete the partition finally worked. In my case, it was a 1MB partition. Thank you!

essexboy · « **Reply #14 on:** March 09, 2012, 09:40:44 PM »

@dminor7495 You need to be careful when you delete the partition as when it is active. that is the boot partition

Author Topic: Infected with Trojan:DOS/Alureon.E , how to remove? (Read 12894 times)

cherwith

Infected with Trojan:DOS/Alureon.E , how to remove?

DavidR

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

essexboy

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

Pondus

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

essexboy

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

essexboy

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

cherwith

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

dminor7495

Re: Infected with Trojan:DOS/Alureon.E , how to remove?

essexboy

Re: Infected with Trojan:DOS/Alureon.E , how to remove?