Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Alureon.E (virus)trojan

24 Mar 2013   #1
brato92

Windows 7 Home Premium x64
 
 
Alureon.E (virus)trojan

Hello everyone, i'm Brato and i need help with this virus - Alureon.E. My laptop (VAIO - W7 Home Premium x64) has been infected with it a couple of months ago, i've searched the internet but didn't find a solution. My MSE antivirus keeps telling me the system is infected with this particullary kind of virus, and it finds the virus at this location:
boot:\Device\HarddiskVolume4\
boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)

Unfortunatly, MSE cannot delete the virus. I found out on this forum that someone who has the exactly problem as me managed to get rid of this virus, with the help of Hiren's BootCD. I've downloaded Hiren's BootCD but the problem is that i don't know what program i have to use for deleting that particular partition (1MB memory) that contains the virus. Could someone tell me all steps (for deleting the partition with Hiren's BootCD), please ? I would appreciate it very much. Thanks !

PS: I found here the guy with the same problem as me: boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan


My System SpecsSystem Spec
.
24 Mar 2013   #2
cottonball

Windows 7 Home Premium
 
 

brato92,

Let’s take a look before Windows starts…

Need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option, do you have your Windows installation CD/DVD available?

And last, do you have a USB pendrive available, and access to another computer that is not infected?
My System SpecsSystem Spec
24 Mar 2013   #3
cottonball

Windows 7 Home Premium
 
 

If you do have the Repair your Computer option...

You may want to print these instructions so you can have access to follow them. Also, you may want to read them once befor you apply them.

Please plug a USB pendrive into a clean computer.

Go to Start > Computer
Double-click Computer, and select the pendrive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.


Next, download Farbar Recovery Scan Tool (64-bit version):
Farbar Recovery Scan Tool Download
Select the 64-bit download.
Save the program to the >> USB pendrive.

Also download List Parts 64-bit and save it to the USB pendrive.
http://www.bleepingcomputer.com/down...stparts/dl/78/


Next, plug the pendrive into the infected computer.




>>>Restart the computer.

  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)
On the System Recovery Options menu you get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Scan your computer's memory for errors.
  • Command Prompt
Select Command Prompt
  • In the Command window, at the bliking cursor type notepad and press: Enter
  • In Notepad, under the File menu select: Open
  • Double-click Computer, find the pendrive letter, remember what letter it is, click on it, and press: Open
  • Close out of Notepad.
  • Click the Command window
  • Type g:\frst64.exe, and press: Enter
    Note: Replace the drive letter g with the drive letter of your pendrive!
  • The tool starts and prepares to run. Follow the prompts.
  • Click Yes to the Disclaimer.
  • Press: Scan
The program saves the FRST.txt report, on the pendrive.

Back at the Command Prompt, type e:\listparts64.exe and press: Enter
Note: Replace the drive letter e with the drive letter of your pendrive!

When ListParts starts to run. Check: List BCD
Click: Scan
When finished scanning ListParts also makes a Result.txt on the pendrive.

Back at the System Recovery Options, press: ShutDown

Please provide the FRST.txt, and the Results.text (for ListParts) in your reply.
Both reports are located in the USB pendrive.
My System SpecsSystem Spec
.

24 Mar 2013   #4
cottonball

Windows 7 Home Premium
 
 

brato92,

Please note Post #3 is edited to add ListParts.
My System SpecsSystem Spec
25 Mar 2013   #5
brato92

Windows 7 Home Premium x64
 
 

Hy cottonball ! I'll try these steps right now. Keep in touch.
My System SpecsSystem Spec
25 Mar 2013   #6
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Alureon.E operates by writing a cloaked partition which boots before the main system does. It generally does not show up under disk management. Since it is already running & in use, MSE cannot delete it.

The tool you are looking to use is GParted, a boot partition tool. This will confirm if you have a hidden partition. The partition is usually at the end of the drive & is between 1 - 10 MB. You can manually delete this partition, but you will have to re-establish the correct partition to be the boot sector.

Running TDSSKiller would be a good idea as it automates this process, & resets the boot sector back to it's rightful place.
My System SpecsSystem Spec
25 Mar 2013   #7
brato92

Windows 7 Home Premium x64
 
 

@cottonball: i have the 'Repair your computer option' under 'Advanced Boot Options' menu, i also have a USB flash (stick). Right now i'm performing your steps. I'll post the results.
My System SpecsSystem Spec
25 Mar 2013   #8
brato92

Windows 7 Home Premium x64
 
 

Cottonball i have a problem: after i press Enter on 'Repair your computer' option under 'Boot Advanced Settings' (with USB stick inserted) nothing happens: the screen becomes black and that's all. After 3-4 minutes i have to reset the laptop because i think it is stuck. I've tried it for 2 times and nothing comes out.

I don't have an original Windows 7 DVD, because when i bought this laptop it came with Windows 7 installed. I found out (on Laptop's manual) that Windows Installation Kit (original) is on a hidden partition that i can't acces normally, but it can be accesed when i need to reinstall or repair the system.

I'm waiting for your advice.
My System SpecsSystem Spec
25 Mar 2013   #9
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
25 Mar 2013   #10
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I don't think you should of said you have a " pirated " Windows 7 cd .
My System SpecsSystem Spec
Reply

 Alureon.E (virus)trojan




Thread Tools




Similar help and support threads
Thread Forum
Computer wont start after removing alureon virus with defender offline
I used windows defender offline to remove the Trojan alureon virus and now my computer will not start up. as it is attempting to start, blue screen will flash and the loop will start over.
System Security
Win64/Alureon.gen!A*Virus preventing computer startup
I had been experiencing blue screens for months before I posted on this site to hopefully receive some assistance. After taking the actions suggested by a member of the BSOD forums, I eliminated a lot of possible causes for the BSODs but one in specific has given me some trouble....
System Security
Trojan Alureon.A Detected After Clean Win7 Install
A brief intro: I'm working on a family friend's laptop. It's a Dell Vostro 3550. After doing a factory reset, I was still getting tons of BSODs. You can find info on all that in this thread. I did a Clean Windows 7 install because all signs pointed to hardware issues, but we wanted to be sure. ...
System Security
boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan
Good afternoon/evening, Sevenforums professionals:o My name is kyle and I'm looking for help to remove/cure some issues I'm having with my desktop Gateway PC. This is on a Windows 7 home premium 64bit, i3 processor. Here are the problems detected by Microsoft Security Essentials: ...
System Security
Trojan:DOS/Alureon.A
I've had this incredibly annoying infection for the last few weeks. I've done some searching online and don't get many clear answers about this one. It got to the point that i formatted my hdd, which was due anyway, but after a fresh install of Win 7 i still get prompts from MSE. I've gathered...
System Security
Alureon Bootkit Trojan - Crossing the 64 bit Barrier
UAC is there for a reason!
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 20:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App