Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Alureon.E (virus)trojan


24 Mar 2013   #1

Windows 7 Home Premium x64
 
 
Alureon.E (virus)trojan

Hello everyone, i'm Brato and i need help with this virus - Alureon.E. My laptop (VAIO - Windows 7 Home Premium x64) has been infected with it a couple of months ago, i've searched the internet but didn't find a solution. My MSE antivirus keeps telling me the system is infected with this particullary kind of virus, and it finds the virus at this location:
boot:\Device\HarddiskVolume4\
boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)

Unfortunatly, MSE cannot delete the virus. I found out on this forum that someone who has the exactly problem as me managed to get rid of this virus, with the help of Hiren's BootCD. I've downloaded Hiren's BootCD but the problem is that i don't know what program i have to use for deleting that particular partition (1MB memory) that contains the virus. Could someone tell me all steps (for deleting the partition with Hiren's BootCD), please ? I would appreciate it very much. Thanks !

PS: I found here the guy with the same problem as me: boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan

My System SpecsSystem Spec
.

24 Mar 2013   #2

Windows 7 Home Premium
 
 

brato92,

Let’s take a look before Windows starts…

Need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option, do you have your Windows installation CD/DVD available?

And last, do you have a USB pendrive available, and access to another computer that is not infected?
My System SpecsSystem Spec
24 Mar 2013   #3

Windows 7 Home Premium
 
 

If you do have the Repair your Computer option...

You may want to print these instructions so you can have access to follow them. Also, you may want to read them once befor you apply them.

Please plug a USB pendrive into a clean computer.

Go to Start > Computer
Double-click Computer, and select the pendrive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.


Next, download Farbar Recovery Scan Tool (64-bit version):
Farbar Recovery Scan Tool Download
Select the 64-bit download.
Save the program to the >> USB pendrive.

Also download List Parts 64-bit and save it to the USB pendrive.
http://www.bleepingcomputer.com/down...stparts/dl/78/


Next, plug the pendrive into the infected computer.




>>>Restart the computer.

  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)
On the System Recovery Options menu you get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Scan your computer's memory for errors.
  • Command Prompt
Select Command Prompt
  • In the Command window, at the bliking cursor type notepad and press: Enter
  • In Notepad, under the File menu select: Open
  • Double-click Computer, find the pendrive letter, remember what letter it is, click on it, and press: Open
  • Close out of Notepad.
  • Click the Command window
  • Type g:\frst64.exe, and press: Enter
    Note: Replace the drive letter g with the drive letter of your pendrive!
  • The tool starts and prepares to run. Follow the prompts.
  • Click Yes to the Disclaimer.
  • Press: Scan
The program saves the FRST.txt report, on the pendrive.

Back at the Command Prompt, type e:\listparts64.exe and press: Enter
Note: Replace the drive letter e with the drive letter of your pendrive!

When ListParts starts to run. Check: List BCD
Click: Scan
When finished scanning ListParts also makes a Result.txt on the pendrive.

Back at the System Recovery Options, press: ShutDown

Please provide the FRST.txt, and the Results.text (for ListParts) in your reply.
Both reports are located in the USB pendrive.
My System SpecsSystem Spec
.


24 Mar 2013   #4

Windows 7 Home Premium
 
 

brato92,

Please note Post #3 is edited to add ListParts.
My System SpecsSystem Spec
25 Mar 2013   #5

Windows 7 Home Premium x64
 
 

Hy cottonball ! I'll try these steps right now. Keep in touch.
My System SpecsSystem Spec
25 Mar 2013   #6

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Alureon.E operates by writing a cloaked partition which boots before the main system does. It generally does not show up under disk management. Since it is already running & in use, MSE cannot delete it.

The tool you are looking to use is GParted, a boot partition tool. This will confirm if you have a hidden partition. The partition is usually at the end of the drive & is between 1 - 10 MB. You can manually delete this partition, but you will have to re-establish the correct partition to be the boot sector.

Running TDSSKiller would be a good idea as it automates this process, & resets the boot sector back to it's rightful place.
My System SpecsSystem Spec
25 Mar 2013   #7

Windows 7 Home Premium x64
 
 

@cottonball: i have the 'Repair your computer option' under 'Advanced Boot Options' menu, i also have a USB flash (stick). Right now i'm performing your steps. I'll post the results.
My System SpecsSystem Spec
25 Mar 2013   #8

Windows 7 Home Premium x64
 
 

Cottonball i have a problem: after i press Enter on 'Repair your computer' option under 'Boot Advanced Settings' (with USB stick inserted) nothing happens: the screen becomes black and that's all. After 3-4 minutes i have to reset the laptop because i think it is stuck. I've tried it for 2 times and nothing comes out.

I don't have an original Windows 7 DVD, because when i bought this laptop it came with Windows 7 installed. I found out (on Laptop's manual) that Windows Installation Kit (original) is on a hidden partition that i can't acces normally, but it can be accesed when i need to reinstall or repair the system.

I'm waiting for your advice.
My System SpecsSystem Spec
25 Mar 2013   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
25 Mar 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I don't think you should of said you have a " pirated " Windows 7 cd .
My System SpecsSystem Spec
Reply

 Alureon.E (virus)trojan




Thread Tools



Similar help and support threads for2: Alureon.E (virus)trojan
Thread Forum
Solved Trojan Alureon.A Detected After Clean Win7 Install System Security
Solved boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan System Security
Want are the best afforable anti-virus for a trojan virus System Security
Solved Trojan:DOS/Alureon.A System Security
Alureon Bootkit Trojan - Crossing the 64 bit Barrier System Security
Help with trojan virus System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:57 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33