Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD after removing Alureon.a


19 Apr 2013   #11

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Looking at the logs you do indeed have a rootkit . Lets wait for Cottonball's further assistance .


You still have Norton installed along with Norton360


My System SpecsSystem Spec
.

19 Apr 2013   #12

Windows 7 home premium x64
 
 

I know, before I told you about the blue screen, I tried to do a system return to yesterday when I knew everything worked. Brought back norton with it.
My System SpecsSystem Spec
19 Apr 2013   #13

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

thenecessity

We could uninstall the programs from the command prompts but lets go with removing the rootkit first . Don't want to step on anyone's toes .
My System SpecsSystem Spec
.


19 Apr 2013   #14

Windows 7 home premium x64
 
 

Yeh, no worries about when its done. Guessing though its the alureon one so windows defender offline couldn't actually remove it? It said it did though.
My System SpecsSystem Spec
19 Apr 2013   #15

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

WDO … Doesn't remove Rootkits. I don't find that tool to be helpful .
My System SpecsSystem Spec
19 Apr 2013   #16

Windows 7 Home Premium
 
 

thenecessity,

My apology for the delay, crowded restaurant...

Please do the following:
Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the quote box below (Do not copy the word 'Quote');
Save it on the flash drive that has FRST64 and name it: fixlist.txt

Quote:
start
C:\Windows\svchost.exe
TDL4: custom:26000022 <===== ATTENTION!
end
Now, enter System Recovery Options and select the Command Prompt as done before.
Run FRST64, and press the Fix button, just once, and wait.

The tool creates a report on the flash drive called: Fixlog.txt
Please post the Fixlog.txt in your reply.

Restart the computer.


Now, go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.

When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK

Press: Start Scan

•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)

When done, the tool creates a log on the disk with the Windows Operating System, normally C:\

Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt

Also post or attach the TDSSKiller log in your reply.
My System SpecsSystem Spec
19 Apr 2013   #17

Windows 7 home premium x64
 
 

Alright, quick update, it worked and I am on the infected computer right now. Here is the fixlog. And a question then with it, is that the same thing as the alureon?

Nothing malicious found, only suspicious


Attached Files
File Type: txt Fixlog.txt (369 Bytes, 7 views)
File Type: txt TDSSKiller.2.8.16.0_19.04.2013_22.45.24_log.txt (262.6 KB, 7 views)
My System SpecsSystem Spec
19 Apr 2013   #18

Windows 7 Home Premium
 
 

TDL4 is known as TDSS or Alureon

FRST:
C:\Windows\svchost.exe ATTENTION ====> Check for partition/boot infection.
svchost.exe: injected component which implements the main payload.

TDL4: custom:26000022 <===== ATTENTION!

TDSSKiller:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Let's press on...

Please run TDSSKiller once again, and this time, when presented with the TDSS File System entry in Threats Detected, select: Delete

When done, attach the new TDSSKiller log in your reply.

Please provide an update on how the computer is working. Any BSODs, are programs running OK?
My System SpecsSystem Spec
19 Apr 2013   #19

Windows 7 home premium x64
 
 

Here ya go


Attached Files
File Type: txt TDSSKiller.2.8.16.0_19.04.2013_23.13.38_log.txt (135.5 KB, 4 views)
My System SpecsSystem Spec
19 Apr 2013   #20

Windows 7 Home Premium
 
 



Please provide an update on how the computer is working. Any BSODs, are programs running OK?
My System SpecsSystem Spec
Reply

 BSOD after removing Alureon.a




Thread Tools



Similar help and support threads for2: BSOD after removing Alureon.a
Thread Forum
Alureon and my broken laptop System Security
Solved Alureon.E (virus)trojan System Security
[Q] Alureon.A: Causes and removal System Security
Solved Trojan:DOS/Alureon.A System Security
Looks familiar? Yes! From Alureon! Security News
April Threat Reports & Alureon. Security News
Alureon.gen!U System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 04:35 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33