Win64/Alureon.gen!A*Virus preventing computer startup

kyle7282 · 11 Sep 2013

I had been experiencing blue screens for months before I posted on this site to hopefully receive some assistance. After taking the actions suggested by a member of the BSOD forums, I eliminated a lot of possible causes for the BSODs but one in specific has given me some trouble. Win64/Alureon.gen!A was discovered by Windows Security Essentials and I attempted to download Windows Defender Offline to get rid of it but after successfully downloading and implementing the program my computer has been unable to start up and recieves an error regardless of if I do System Restore or Startup Repair. Assistance with this issue would be greatly appreciated, thank you.

For more information check out this thread: BSOD for the past several months, Error 0x0000001E

cottonball · 11 Sep 2013

kyle7282,

Do you have an installation CD/DVD for Windows 7?

If not, or, when you start the computer, tap the F8 key until the Advanced Boot Options menu appears.
Do you have access to the Repair your computer menu item?

Also, do you have a USB pen drive?

We need to run a tool from outside of Windows, but, need to know the above.

cottonball · 12 Sep 2013

Another option:

Do you have access to a computer with Windows 7 64-bit system, to create a System Repair Disk:

Instructions:
System Repair Disc - Create

kyle7282 · 12 Sep 2013

Thank you for taking interest in my issue. :) I don't think I have an installation CD for Windows 7. And I don't see that option in the menu, unfortunately. However, I do have a USB flash drive if that's what you mean. I hope this information helps somewhat, let me know if you need anymore. I do have access to another Windows 7 computer, I believe. I shall try creating a repair disc and I'll update you on the results.

kyle7282 · 13 Sep 2013

I was able to successfully create a repair disc but it appears to have had no effect because I am still encountering the same problem.

UsernameIssues · 13 Sep 2013

kyle7282 said:

......I don't think I have an installation CD for Windows 7.....

See step one in this tutorial for instructions on downloading a W7 DVD:
Clean Reinstall - Factory OEM Windows 7

Borg 386 · 13 Sep 2013

kyle7282 said:

I attempted to download Windows Defender Offline to get rid of it but after successfully downloading and implementing the program my computer has been unable to start up and recieves an error regardless of if I do

Did you actually remove Alureon? WDO is good for detecting it, but doesn't always remove it. For that you need a rootkit tool like TDSSKiller. It would be a good idea to make sure it's gone before implementing repairs.

Alureon creates a cloaked boot partition which generally does not show up on Windows Disk Management & can be hard to get rid of. If that is still present, Alureon will always boot up before Windows does.

If you want to be sure it's gone, you can d/l a boot partition manager called GParted. Alureon shows up at the end of the drive as a hidden boot partition, between 1 - 10 MB

Note from the MS Site:

Alureon may modify some driver files so they become corrupted and unusable. These corrupted files won't be restored by detecting and removing this threat. The corrupted file must be restored from backup to restore functionality to the computer. We recommend you boot into a recovery environment and manually replace the file with a clean copy.

Depending on the damage it did, some of your files may be irrevocably damaged. If after confirming Alureon is gone & the system repair disk does not help, you may be able to do a repair install.

Repair Install

Meanwhile, it might be prudent to migrate as many of your personal files to another storage medium just in case.

kyle7282 · 13 Sep 2013

Windows Defender Offline said it was successfully cleaned and removed but it's hard to tell without being able to check since my laptop refuses to continue beyond the start up screen before it BSODs and restarts only to repeatedly do the same thing. Are there any methods that use the Setup utility that I could use to hopefully help?

cottonball · 14 Sep 2013

kyle7282,

The number of borked systems found because Windows Defender Offline was used to remove Alureon is more than what can be counted. WDO and Alureon do not seem to get along!!

There is a tool, Farbar Recovery Scan Tool that is used successfully to bring the system 'back to life', after the above described event.

However, the question at this point is, using the Windows 7 System Repair Disc you just created, can you boot to the System Recovery Options (Option Two), as per the following Instructions:
System Recovery Options

Can you select: Command Prompt?

If so, we are in business.

cottonball · 14 Sep 2013

To get the Windows 7 System Repair Disc to work, you need to boot the computer from the CD created:

1. Restart or turn on the infected computer with the disc in the CD/DVD drive
2. Go to the boot menu of the computer.

To access the boot menu, you need to press a specific key while the computer starts up.
Different computers have different ways of accessing the boot menu.
Some of the boot menu keys are listed below.
◦Dell: F12
◦HP: ESC (boot device options)
◦Other: F12

Note:
◦You must press a key like the ones described above before Windows begins to load.
◦Next, change the boot order in the BIOS.

3. Once you see a boot menu, you can look for the following option:
CD/DVD Drive (or something similar)

Use the arrow keys to select the appropriate option and then press the Enter key.