Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Alureon.E (virus)trojan

26 Mar 2013   #21
brato92

Windows 7 Home Premium x64
 
 

I ran TDSSKILLER again, and this time it says 'No threats found'. I've attached the log file:
TDSSKiller.2.8.16.0_26.03.2013_16.20.34_log.txt

i also ran ListrParts. Here's the Result file:
Result.txt

P.S. : MSE now detects another threats. Look here:
Alureon.E (virus)trojan-capture11.jpg




My System SpecsSystem Spec
.
26 Mar 2013   #22
cottonball

Windows 7 Home Premium
 
 

Let's take an additional step...


Please download Malwarebytes : Malwarebytes Anti-Rootkit

Save to the Desktop (easy to find)

Right-click the file and select: Extract here...


Run the program and follow ithe Usage instructions on the website from Step 3 to Step 6.
For now, please stop at Step 6.


When the program is done, two reports are created in the mbar folder:
1. system-log.txt
2. mbar-log-2013-02-18 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)


Please provide the mbar-log containing information on what was detected and removed.
My System SpecsSystem Spec
26 Mar 2013   #23
cottonball

Windows 7 Home Premium
 
 

Also, let's see what the following short scan shows...

Please download
Tlcharger RogueKiller (Site Officiel)
•When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

•Click the x64 button to download.
•Save to the Desktop

•Close all windows and browsers
•Right-click and select: Run as Administrator

•Press: SCAN

•A report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
.

26 Mar 2013   #24
brato92

Windows 7 Home Premium x64
 
 

The results after scanning are the following:
Malwarebytes Anti-Rootkit says 'Scan Finished: No malware found!' Report: mbar-log-2013-03-26 (20-06-51).txt

Tlcharger RogueKiller's Report: RKreport[1]_S_03262013_02d2111.txt


My System SpecsSystem Spec
26 Mar 2013   #25
cottonball

Windows 7 Home Premium
 
 

We have a 7 hour time difference!

Please quit all programs...
•Right-click the RogueKiller file and select : Run as Administrator
•Wait until the Prescan finishes
•Click: Delete

Please post the new RKreport (Mode: Delete) in your reply.

~~~~
Now, run MSE once again. Any change?

~~~~
Next, please download: aswMBR
http://public.avast.com/~gmerek/aswMBR.exe
Save it to the Desktop.

>>Make sure your AntiVirus is temporarily disabled!!<<
For information on how to disable protective programs, refer to this Info:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Right-click aswMBR and select: Run as Administrator

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while it is in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.

Please post the new aswMBR log in your reply.

Also, notice that another file is created on the Desktop.
It is named MBR.dat.

Please submit MBR.dat for analysis to VirusTotal:
http://www.virustotal.com/

Online Scanners - Scan Suspicious Files on your PC

If you get a message saying: 'File has already been analyzed', click: Reanalyze file

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.
My System SpecsSystem Spec
26 Mar 2013   #26
brato92

Windows 7 Home Premium x64
 
 

I've just completed the RogueKiller scan. Here's the RKreport after i press 'Delete' button: RKreport[2]_D_03262013_02d2353.txt

I ran MSE, after quick scan it said that 'No threats were detected during this scan', however, i'm still able to see those quarantined Trojans at 'History' pane. Here's a screenshot:
Alureon.E (virus)trojan-pule.jpg

Shoud i proceed the next steps ?

EDIT: I've just restarted Windows, MSE didn't pop up again, but i noticed that my Start Menu has changed a little bit, despide i didn't change nothing before the restart (i have some new options on the right side - Downloads, Games, Recent Items, Run, also have a new application which i never installed - called Br0wwsae2saevEe). Look here:
Alureon.E (virus)trojan-mueeee.jpg


My System SpecsSystem Spec
26 Mar 2013   #27
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I would proceed with the steps Cottonball advised you . To be sure .

The history on the MSE is nothing to worry about it just tells you want it found before .
My System SpecsSystem Spec
26 Mar 2013   #28
brato92

Windows 7 Home Premium x64
 
 

Ok, i've completed the rest of the steps given by cottonball. Here we are:
Avast!'s log: aswMBR.txt

VirusTotal analysis link: https://www.virustotal.com/ro/file/2...is/1364342665/


My System SpecsSystem Spec
26 Mar 2013   #29
cottonball

Windows 7 Home Premium
 
 

brato92,

On the Br0wwsae2saevEe...
Is there an entry for it in Control Panel > Programs and Features?
If so, press on and Uninstall/Remove
Post back on whether it is there or not, and, if there, whether you removed the program.


Next, please do an: AdwCleaner Download
Save to the Desktop

Right-click on adwcleaner.exe and select: Run As Administrator

Click the Search button

When done, a text file opens.

Please post the content of the AdwCleaner[Sn].txt in your reply.
Note: You can also find the reports at C:\AdwCleaner[Sn].txt (S = search, n = order number), or, C:\AdwCleaner[Rn].txt (R = remove, n = order number)


Also do a Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other security applications.
These programs may interfere with the running of JRT.
For information on how to disable protective programs, refer to this info:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Right-click JRT.exe and select: Run as Administrator
The tool opens and starts scanning the system. Please be patient as this can take a while...

When done, a report (JRT.txt) is saved on the Desktop.

Please post the contents of JRT.txt in your reply.


Next, let's go back to FRST64.

Have used this tool since its release in 2010.
In my experience, it has detected malware when other tools have not.

Please follow the instrucions on Post #3, and tap the F8 key until the Advanced Boot Options menu appears.
Use the arrow keys to select the Repair your computer menu item.

See if you can get to the System Recovery Options menu and select the Command Prompt, vs. getting a black screen.

If so, proceed with FRST64.
My System SpecsSystem Spec
26 Mar 2013   #30
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You could remove "Downloads, Games, Recent Items, Run" by

Right click on the button and click on Properties.

Click on the Customize button.

Uncheck Run and choose Don't display this item on the other items
My System SpecsSystem Spec
Reply

 Alureon.E (virus)trojan




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Computer wont start after removing alureon virus with defender offline
I used windows defender offline to remove the Trojan alureon virus and now my computer will not start up. as it is attempting to start, blue screen will flash and the loop will start over.
System Security
Win64/Alureon.gen!A*Virus preventing computer startup
I had been experiencing blue screens for months before I posted on this site to hopefully receive some assistance. After taking the actions suggested by a member of the BSOD forums, I eliminated a lot of possible causes for the BSODs but one in specific has given me some trouble....
System Security
Trojan Alureon.A Detected After Clean Win7 Install
A brief intro: I'm working on a family friend's laptop. It's a Dell Vostro 3550. After doing a factory reset, I was still getting tons of BSODs. You can find info on all that in this thread. I did a Clean Windows 7 install because all signs pointed to hardware issues, but we wanted to be sure. ...
System Security
boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan
Good afternoon/evening, Sevenforums professionals:o My name is kyle and I'm looking for help to remove/cure some issues I'm having with my desktop Gateway PC. This is on a Windows 7 home premium 64bit, i3 processor. Here are the problems detected by Microsoft Security Essentials: ...
System Security
Trojan:DOS/Alureon.A
I've had this incredibly annoying infection for the last few weeks. I've done some searching online and don't get many clear answers about this one. It got to the point that i formatted my hdd, which was due anyway, but after a fresh install of Win 7 i still get prompts from MSE. I've gathered...
System Security
Alureon Bootkit Trojan - Crossing the 64 bit Barrier
UAC is there for a reason!
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:55.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App