MRB: \\.\PHYSICALDRIVE0\Partition3 / MBR:Alureon-K Please Help!

[essexboy]

Aye the site has gone down... However, I do have a copy on my skydrive 

If you could click the Globe under my Avatar that will take you there, then locate and download WiNTBootic and proceed as directed

As it stands none of the tools are detecting this in normal mode - so we will see if wiorking outside of windows will reveal it

[ThatHaydenGuy]

I followed your instructions until I reached this point:

"In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

"

I typed in the FRST64.exe path and everything, but instead of a tool running or a disclaimer, my notepad just filled up with a massive amount of code.
Please advise on how to proceed.

[essexboy]

The use of notepad is just to  tell you where FRST is

Change directory  to the drive that has FRST and run from there by typing FRST64.exe

[ThatHaydenGuy]

Ah. I see. I can't believe I didn't think of that.

Everything ran smoothly, log is attached.

[essexboy]

Here is the culprit

Disk: 0
Partition 3
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

What we need to do now is set the proper partition to active

Another disc to make I am afraid

Download and burn to disc
gparted-live-0.11.0-7.iso (115.1 MB)

Create a bootable CD, for Gparted ISO image.  You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.
 

You should be here...
Press ENTER
 

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.
 

Choose your language and press ENTER. English is default [33]
 

Once again, at this prompt, press ENTER
 
You will now be taken to the main GUI screen below

According to your logs, the partition that you want to delete is 1Mb
Click the trash can icon to delete and then click Apply.
 
You should now be here confirming your actions:

 
Now you should be here:

 

Is "boot" next to your 100Mb system drive?
 
If "boot" is not next to your system drive under "Flags", right-mouse click the system drive while in Gparted and select Manage Flags
 
In the menu that pops up, place a checkmark in boot like the picture below:

 
Now double-click the button.
 
You should receive a small pop up like this:

Choose reboot and then press OK.
 
If the system should fail to boot then run the windows recovery console USB  and execute the following commands:
 
bootrec /FixMbr
bootrec /FixBoot
exit
 
Once back in Windows.
 
Retry aswMBR

[ThatHaydenGuy]

I don't have any space CD's lying around.

Instead of using a CD, could I somehow use my trusty USB (15Gb)?

[essexboy]

Yes if you could go to my site (Link is the Globe under my Avatar )

Download WiNTBootic.exe




Drag and drop the GParted ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done

Then boot from the USB and follow the destructions as previous 

[ThatHaydenGuy]

Followed your instructions, it seems to have worked. This is my first reboot after removing the bad partition, and so far no sign of infection.

I'm going to run another full-system Avast! scan to see if it's all gone.

[ThatHaydenGuy]

Detected three MBR: Alureon type viruses. The kind that were in my first post that I could easily remove. (This kind has a specified file name in an easy to access place)

Am I free to move them to the chest?

Also. Is there anything else you want me to do?

[essexboy]

Yes could you do one further aswMBR run please followed a an OTL quick scan

[ThatHaydenGuy]

I did the aswMBR scan. The program worked this time, so I'm going to take that as a good sign. Anyway, it's 2:45 AM here. I'm going to bed. I'll do the OTL tomorrow.

Log attached if you want to see it.

[essexboy]

That looks good - sleep tight 

[ThatHaydenGuy]

And here's the OTL log.

Anything else you want me to do, or am I free and clean?

[essexboy]

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

 Upgrading Java:

• Go to this site  and click Do I have Java
  
• It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
 

• Go to Control Panel and select System
  
• Select System
  
• On the left select System Protection and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
• Select Create
  

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
  
• Right click Disc cleanup and select run as administrator
  
• Select Your main drive and accept the warning if you get one
  
• For a few moments the system will make some calculations
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.  Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?

Keep safe  :wave: