Author Topic: MBR Alureon  (Read 1142 times)

0 Members and 1 Guest are viewing this topic.

Offline wunderlong88

  • Newbie
  • *
  • Posts: 3
MBR Alureon
« on: March 08, 2012, 04:53:41 PM »
Yesterday I got MBR Alureon on my computer. After trying various things to remove it I gave up and booted up on my recovery disc and reformatted and reinstalled from from an image I had on my external drive.  The external drive was plugged in the computer when I discovered I had MBR Alureon.  One of the effects of Alureon was that all of my directories on my harddrive and on my external drive showed to be empty.  I unplugged the external drive, plugged into my son's laptop and it still showed empty.  Panic!  But then I discovered they were really there but I just couldn't see them.

The computer reformatted and restored the image and now all seems to be well and oddly even the external drive is showing all the files now.  I am a bit concerned.  I don't know if the external drive had some of the infection and could reinfect me when I used it to reinstall the backup image.  Also, I don't know if the MBR is clean or repaired when you reformat and reinstall.

Also, I don't understand anything about MBR. I do have a partition drive and Windows 7, 64 bit.

How do I know this thing is really gone? I did an avast full system scan which was clean. I have no pop ups or anything suspicious at this point.

I did not log into any websites while infected but I am still concerned that sensitive info. such as passwords were compromised but I am afraid to log in to sites or change passwords if I might still be infected.

Can someone tell me how to know for certain I am ok now or if you think I am? I don't understand what was happening with my external drive. Why did it not show directories when plugged into my son's laptop unless something is infected on it too?

Soon as I feel my computer is clean I will create a new backup but if I am just taking this infection with me that is a waste of time.

I just downloaded and ran a scan from aswMBR.  HEre is the log.

aswMBR version Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 09:26:10
09:26:10.377    OS Version: Windows x64 6.1.7601 Service Pack 1
09:26:10.377    Number of processors: 4 586 0x170A
09:26:10.378    ComputerName: LINDA-PC  UserName: Linda
09:26:11.324    Initialize success
09:26:11.535    AVAST engine defs: 12030800
09:26:31.741    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:26:31.753    Disk 0 Vendor: ST3750528AS HP34 Size: 715404MB BusType: 3
09:26:31.767    Disk 0 MBR read successfully
09:26:31.772    Disk 0 MBR scan
09:26:31.778    Disk 0 Windows 7 default MBR code
09:26:31.786    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS           90 MB offset 2048
09:26:31.792    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       702216 MB offset 192780
09:26:31.825    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13089 MB offset 1438332928
09:26:31.864    Disk 0 scanning C:\Windows\system32\drivers
09:26:39.146    Service scanning
09:26:50.401    Modules scanning
09:26:50.414    Disk 0 trace - called modules:
09:26:50.425    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
09:26:50.806    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aa0060]
09:26:50.820    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8006990cf0]
09:26:50.833    5 ACPI.sys[fffff88000f0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80073ad060]
09:26:51.479    AVAST engine scan C:\Windows
09:26:53.402    AVAST engine scan C:\Windows\system32
09:28:31.391    AVAST engine scan C:\Windows\system32\drivers
09:28:40.214    AVAST engine scan C:\Users\Linda
09:32:00.709    Disk 0 MBR has been saved successfully to "C:\Users\Linda\Downloads\MBR.dat"
09:32:00.729    The log file has been saved successfully to "C:\Users\Linda\Downloads\aswMBR.txt"

Offline Pondus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 34533
Re: MBR Alureon
« Reply #1 on: March 08, 2012, 05:03:20 PM »
Follow this guide and also attach Malwarebytes and OTL logs

Then one of the malware removers will check it when they arrive
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.