Windows 7: boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan

Good afternoon/evening, Sevenforums professionals


My name is kyle and I'm looking for help to remove/cure some issues I'm having with my desktop Gateway PC. This is on a Windows 7 home premium 64bit, i3 processor.

Here are the problems detected by Microsoft Security Essentials:

boot:\device\hardiskVolume4
boot:\device\harddiskVolume4\
boot:\physicaldrive0\partition3 (type 17)

I've tried over and over to remove this trojan virus Microsoft Security Essential will not remove it...However it will detect it once the computer has been started and then every 3 minutes the notification pops up via MSE saying pc at risk threats detected. Then its lists what I've typed in RED fonts above.

I've taken one screen shot of the of MBRcheck.exe scan and I will attach it. Also I've taken one data log of aswMBR.log scan and will attach that as well.

Any help on this will be greatly appreciated, thanks in advance for you're expertise and precision.



warmest regards,

kyle miller

Hello kyle and welcome to Seven Forums.

If you're dealing with the Alureon Trojan you might want to look through this Forum thread for suggestions. In particular, read what Borg 386 has to say about this (post # 8.)

MSE Trojan Cleanup Prompt

Good afternoon, Marsmimar


Thanks for the suggestion and I will definitely go have and read that entire thread.

Once again thanks for having me as a newcomer to SevenForums.

best regards,

kyle miller

Marsmimar,

I finished reading the thread you suggested, I can say unequivocally..... that "MalwareBytes does not work on this Alureon.E virus/trojan as I've tried it at least 40+ times. "The backdoor.Tidserv removal Tool" by symantec Locates the virus/trojan on my computer. And it runs and attempts to remove the Alureon.E virus and then my computer reboots and fails to starts the windows logo on process. I've tried this 3 times already. So then I have to Reboot the computer in Safe Mode and then restore the computer to point that working prior to running "The backdoor.Tiderv Removal Tool". This Does not work for my computer Windows 7 home prem....only makes the computer NOT boot. This virus is very very NASTY.

TDSSkiller finds the virus also and then.... cures it and reboots the pc..... and the computer boots fine into the desktop. All is well for 45 seconds..... However... Microsoft Essentials Security then alerts of me Detected threats and of course its the Alureon.E virus again ..... with the details saying...

boot:\device\hardiskVolume4
boot:\device\harddiskVolume4\
boot:\physicaldrive0\partition3 (type 17).

I understand the clean install maybe a factor I have to perform... Only as can we exhaust all other options first. What are you thoughts or suggestions I am open to all ideas and task..I am very capable and have no problem following instructions...

Anyone that can help or provide further insight or feedback to a possible cure... I am yours


Sincerely,

Kyle Miller

Here is a link to Hiren's BootCD. Borg has already posted instructions but to repeat, you need to delete the small partition that was created by Alureon. If you see more than one partition that you don't know what they are, you can post a list of the different partitions and we will help you identify which one it is.

http://www.hirensbootcd.org/download/

Thanks Petey!!!

I'm in the process of booting the infected computer now....

Will post shortly.

One moment

Good afternoon Petey,

Listed below is exactly what I see after running the( HirenBootCD ) on my desktop.. I attached the information After putting it into Excel and screen capturing it. So that it is organized. This the information displays on screen of the partitions on my Gateway PC. I'm playing it safe and do not want to delete any partitions myself.. for obvious ramifications will result. Have a look at the the information below and advise me what to do next once you get a chance and what to keep and want to delete.

Thanks for your expertise in these matters,

Kyle Miller.

The partition that says (Hidden) is the partition that contains the virus. Delete the partition using Hiren's BootCD. Download and burn Windows Defender Offline (WDO) to a CD. Immediately after deleteing the partition, boot-up WDO and run it. It should completely remove the virus. After booting into Windows, go ahead and run a virus scan with your regular AV just to be sure.

http://windows.microsoft.com/en-US/w...fender-offline <-- WDO

Petey you are the SEALS TEAM 6 of the PC world !!! YOU F8CKING ROCK!!!

I DELETED THE partition you directed me to and rebooted as asked then ran the WDO and you are 100% correct sir it did remove the virus, No let me call it what it really is... ALUREON.E is the HIV of the PC world. I been up 38 hours no sleep looking for a cure and you had the answer.

And I did run MALWAREbytes and Microsoft Essentials, TDSSkiller as well, NOT all at the same time of course. Just to make sure I ran MBRcheck and aswMBR... Nothing detected!!!

You sir are a GENIUS!!! If I wasn't a man I would kiss you!! But obviously I can't because real men don't do those things. However I am forever grateful to you and I will make a donation!

Sincerely Grateful Hopeful wishing you all the best in the world PETEY,

Kyle Miller