Having fun with the (in)famous Alureon-K (ARGH!!)

[Orkkongen]

Hi (trying again)...

I've had my fun today, starting of with a go on the Smart HDD, and now when it's gone I'm enjoying the Alureon-K, that I can't get rid of...
Some time ago I could see an extra partition of my HD, but now it seems gone...
So now for the results of the danish votes (of MBAM, OTL, FSS and discmgmt (or whatever it was called))...
Hopefully you can help me get rid of Alureon-K...

I can't get the aswMBR running... When I start it (as admin) it starts up a process, and teminates right after...

[Orkkongen]

Not enough room for the discmgmt (or whatever)... So here it comes...

[Orkkongen]

Still trying to find solutions (apart from throwing the computer out the window!)...
So now I have som RogueKiller-Reports...

I've noticed, that I do get som strange pages (when clicking) when I seach the internet... Hopefully it goes away with the RogueKiller...

(And now my post is back at the top... Maybe getting some nice assistance... )

[Pondus]

Essexboy is on UK time....and in bed now.....
so unless jeffce or Oldman should arrive, you have to wait untill tomorrow night   

[Orkkongen]

Actually this is DK-time, and we're one hour ahead of UK... :p
Maybe I should go to bed as well... Stupid computer...
BTW, I've found the missing partition (again), but it will not let me remove it (so new picture with partition... somthing with an I/O-error... Wish I could get the aswMBR running... Any ideas... I've got Win7...

[Pondus]

Actually this is DK-time, and we're one hour ahead of UK..

Vel..... Essexboy liker og legge seg rund midnatt.....mannen kan ikke være her 24 timer i døgnet. 

[Orkkongen]

Well the problem with internet-misdirections solved temporary by re-installing google-search-engine, but its back again... Can still se the extra partition, but can not do anything about it, and aswMBR is still not working... It would be nice to make computer safe before going on small trip, leaving computer to girlfriend...

[jeffce]

Hi,
Please download TDSSKiller.zip

• Extract it to your desktop
• Double click TDSSKiller.exe
  
• when the window opens, click on Change Parameters
  
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  
• click OK
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
    
• Copy and paste the log in your next reply
• A copy of the log will be saved automatically to the root of the drive (typically C:\)
  

----------

[Orkkongen]

Good to see you around in my topic...

I've done as told, giving this info... Though I have a feeling, that I should have closed my virus-program when running the TDS-thingy... It pop-up with 10 warnings (and blocks) when it was finished... Should I have a re-run?`

The log-info is attached, because I'm not allowed to send so many chars.

[jeffce]

Hi,

I meant for you to attach the logs.  Please attach all logs that way you don't have to worry about the number of characters.

Run TDSSKiller again and delete the following:

\Device\Harddisk0\DR0 ( TDSS File System )

Attach the new log to your next reply. 
----------

[Orkkongen]

Sorry, I've been on a short "vacation", but I'm back now... Let's get this thing done with...

I've run the TDSSKiller again and attached the log. But I have no idea about the:

and delete the following:

\Device\Harddisk0\DR0 ( TDSS File System )

Where? How? What do you mean?

PS: Thank you so much for taking time to help me out here...

[jeffce]

Hi,

Download Combofix from either of the links below, and save it to your desktop. 
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you. 

• Please attach the C:\ComboFix.txt for further review.

----------

[Orkkongen]

I'm back, with the file ComboFix made for me... but...
I'm now on another computer, since I can't start any programs (at least the browsers I tried). Everytime I try start something, it says something (in danish) about illegal action on a registration key, that are marked for deleting...? (Not very comforting...)

[essexboy]

Please reboot to release the registry keys

Hi Jeff 

[Orkkongen]

Ahh... much better! 
How much can I use my computer now... is it still infected?