Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 won't boot after removal of Alureon

05 Jun 2013   #1
RustyBrotherton

Windows 7 Home Premium x64
 
 
Windows 7 won't boot after removal of Alureon

I removed the Alureon Virus following some steps that were given to me via MS Security Essentials. Now I am getting a BSOD and cant get into anything except repair your system.

I have ran frst64.exe because of some other threads that I read. I am not sure what to do now. I am attaching the log from running frst64.exe.

Thanks for any help.




Attached Files
File Type: txt FRST.txt (36.4 KB, 6 views)
My System SpecsSystem Spec
.
05 Jun 2013   #2
cottonball

Windows 7 Home Premium
 
 

RustyBrotherton,

Please do the following:

Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the quote box below (Do not copy the word 'Quote');
Save it on the pendrive that has FRST64 and name it: fixlist.txt

Quote:
start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess
AppInit_DLLs: [0 ] ()
C:\Users\Amy\Application Data\eufihagb
C:\Users\Amy\AppData\Roaming\eufihagb
TDL4: custom:26000022 <===== ATTENTION!
end
WARNING: This script is written specifically for RustyBrotherton, and, for use on this computer.
Running this on another computer may cause damage to the Operating System!!

Now, please enter System Recovery Options and select the Command Prompt as done before.
Run FRST64, and press the Fix button, just once, and wait.

FRST reboots the computer.

When done, the tool creates a report on the pendrive called: Fixlog.txt
Please post Fixlog.txt in your reply.

Post back on whether you can boot normally to Windows.
My System SpecsSystem Spec
05 Jun 2013   #3
RustyBrotherton

Windows 7 Home Premium x64
 
 

I just booted into Windows normally!!!

Here is the log.

You guys are seriously amazing!!


Attached Files
File Type: txt Fixlog.txt (696 Bytes, 3 views)
My System SpecsSystem Spec
.

05 Jun 2013   #4
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

RustyBrotherton

Once you're up and running . I recommend removing McAfee

McAfee Removal Tool MCPR.exe

Drag the MCPR.exe file from your Downloads folder to your Desktop folder

Right-click MCPR.exe, and select Run as administrator.

If you get a User Access Control window click on the Yes button

At the End User License Agreement (EULA) dialog box, click Next button to accept the agreement.
My System SpecsSystem Spec
05 Jun 2013   #5
cottonball

Windows 7 Home Premium
 
 

Please hold off on McAfee until we get done removing the malware.

Will be back shortly...
My System SpecsSystem Spec
05 Jun 2013   #6
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Yes cottonball that is why I said once you're up in running . Meaning when the virus is removed .
My System SpecsSystem Spec
05 Jun 2013   #7
RustyBrotherton

Windows 7 Home Premium x64
 
 

I just ran tdsskiller.exe and it said no threats found. Additionally I loaded MS Security Essentials and it found no threats as well.

I might have been to quick but I had already ran the MCPR.exe
My System SpecsSystem Spec
05 Jun 2013   #8
cottonball

Windows 7 Home Premium
 
 

We are switching to the Desktop...no pendrive.
Also, TDSSKiller produced a report. Please post it in your reply.


Please go to the: Farbar Recovery Scan Tool Download
Select the 64-bit version.
Save it to your Desktop.
You will use it shortly.


Open Notepad (Start > All Programs > Accessories > Notepad)
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the Desktop as: fixlist.txt
Quote:
start
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
end
Run FRST64 again (from the Desktop), but this time press the Fix button just once, and wait.
When done, the tool makes a log on the Desktop.
Please post Fixlog.txt in your reply.


Since the following steps involve editing the Registry, please create new restore point before proceeding.
System Restore Point - Create
Select: Option Two


Now, please download the ESET ServiceRepair:
http://kb.eset.com/library/ESET/KB%2...icesRepair.exe
Save to the Desktop.
Double-click and run the downloaded file.

When the program runs, a prompt appears asking if you want to proceed.
Click: Yes
When the Services routine is Completed, you are asked to Reboot.
Click Yes to allow the reboot.

The tool creates a folder named CC Support on the Desktop.
Please provide the CC Support\Logs\SvcRepair.txt in your reply.


Last, please take action Downloading Farbar Service Scanner
Save to the Desktop
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender

Press: Scan

FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.


Need for you to attach 4 reports:
TDSSKiller
Fixlog.txt from FRST64
SvcRepair.txt
FSS.txt
My System SpecsSystem Spec
06 Jun 2013   #9
RustyBrotherton

Windows 7 Home Premium x64
 
 



My System SpecsSystem Spec
06 Jun 2013   #10
cottonball

Windows 7 Home Premium
 
 

RustyBrotherton,

There is still some more work to do, but the mean malwre is out of the picture.

VistaKing, in California, will run you through the routine of geting rid of McAfee.


In Illinois, it is 12:45AM, past my night-night time.

Will se ya later, probably in the afternoon!
My System SpecsSystem Spec
Reply

 Windows 7 won't boot after removal of Alureon




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
.Alureon.A reported by ISP on boot. Computer runs fine.
I've been chasing this thing for weeks. All tests report computer is fine and it is running great. .Alureon.A must be runnig in the MBR. I am tripple booting with EasyBCD into C:win7PRO 64Bit, D:Linux, and E:Win7PRO 32bit. I guess I need help getting .Alureon.A out of MBR without loosing...
System Security
boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan
Good afternoon/evening, Sevenforums professionals:o My name is kyle and I'm looking for help to remove/cure some issues I'm having with my desktop Gateway PC. This is on a Windows 7 home premium 64bit, i3 processor. Here are the problems detected by Microsoft Security Essentials: ...
System Security
Windows 7 and Vista Dual Boot Removal
I have an Acer Aspire 5349 Laptop. It came preloaded with Win7 Home Premium x64. I got adventurous and dual-booted with a Vista Ultimate x64 installation on the same hard drive, with 2 partitions. It all works flawlessly, but my experimenting is over, i'm bored, and need my hard drive space back,...
Installation & Setup
[Q] Alureon.A: Causes and removal
Recently I exchanged some data with my friend via his pendrive. A day after transferring the data, Microsoft Security Essentials caught a trojan named Alureon.A. Though MSE detected the trojan, neither could it remove it nor quarantine it. Worse was that my laptop was couldn't even stay on for even...
System Security
Ubuntu still in Windows boot loader after removal
Hi I have just removed Ubuntu 10.10 from my computer by deleting partition that it was on. It was set up by Easybcd so that the option to boot into Ubuntu was through the windows boot loader, and windows seven was the default os. Choosing the Ubuntu option would take you to the Grub menu (it...
Installation & Setup
Removal of XP System boot partition from a W7 Dual boot
With an XP Pro/W7 Pro Dual boot configuration, is it possible to do the following (see screen shot or DiskMgmt info of current config below): 1. Move boot data from XP partition to the W7 (extended) partition 2. Make W7 partition the Primary System partition 3. Format the XP partition 4....
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App