So a google search tells me that this seems to happen pretty often. Microsoft Malicious Software Removal Tool detected Alereon (sp?), directed me to use Windows Defender Offline. I did and now I can't boot up.
I have followed the directions given here to prior victims and have attached the FRST scan log. Thank you for any help you can give.
Hello and welcome bsever mate try one of these I would try the Kaspersky one first.
5 Bootable AntiVirus Rescue CD for Windows: Free Download
ICit2lol gave you a starting point - Kaspersky is very good.
Follow one path at a time, take ICit2lol 's suggestion.
If your machine is still infected after running that, you can wait for someone more experience than I have to drop in.
This is a tough bug to squash, but members on the Security team have successfully tackled other cases.
I read through a few and the FRST report you posted jogeed something in my memory.
TDL4: custom:26000022 <===== ATTENTION!
There's a procedure to deal with the above. I believe it was one of the last things done to prevent reappearance. I just don't recall the details.
Hang in there, I'm sure one of the team will drop in to help.
Good Luck.
I dont think running another bootable rescue disk will help....he has already run WDO in an attempt to clean up the rootkit. Sounds like MBR is buggered as a consequence of that?
In this case, OP might consider clean install. Often a safe option with rootkits.
Ok I only suggested cos the OP cannot boot at all so thought at least it was an option.
If the data needs saving then maybe using the Ubuntu to boot and retrieve that data might be worth a try before the clean install if he has stuff he needs to keep.
I know there is a tutorial on this but this is what I have used in the past
BOOTABLEUBUNTU
Make a bootable Ubuntu disk http://www.ubuntu.com/download
Set the BIOS to boot from theoptical when the machine boots it will show you a screen with TRY or INSTALL> select TRY
When it is finished - it takes verylittle time you will get a screen like in the pic .
Open the drive you want > Userand dig down until you get to the data / settings you may be able to copy /paste the material you want to an external source or other installed drive doingthis.
I am not sure if it will but I haverecovered tons of data etc using this method both on "dead" or justplain drives that you cannot get data from using Windows.
Thanks for the suggestions! I don't want to have to try the ubuntu recovery or the clean install, but thank you for pointing me in that direction so I know what my options are. I have seen some folks here get some help after having WDO leave their machines un-bootable and it seems to be a happy ever-after story for some, so I guess I'm looking for a miracle too. A fellow can dream.
Well mate you still have that rescue disk option it isn't going to cost you anything and what have you got to lose??
If you have all your data backed up then if it is store bought machine you have the option of factory defaulting it.
I just Googled the problem a while ago and there are a ton of refs there most mentioning that Aleuron problem.
Thanks ICit2lol, I appreciate the reply. I was hoping for some guidance in the same vein as in this thread:
Computer wont start after removing alureon virus with defender offline
But in the meantime, I will try to hunt down a writeable disc to pursue the Ubuntu suggestion to see what data I can back up. Thanks again!
I'm going to disagree that WDO cleaned up the malware. (Part of my Dale Carnegie training)
edit: I going to agree that the OP consider a clean install. Malware is getting "smarter" and it's possible that this bug knows about WDO and as a self defense mechanism, messes up the boot. Not sure at this point.
I'm also going to recommend the Kaspersky Rescue Disk that ICIT2lol started with.
- I'm not certain it has the TDSSkiller incorporated on the disk, but it's a good place to start.
Just be sure to write the disc on a clean machine
There are always different options, but the path taken is your choice, bsever.Kaspersky said:
The Rescue disc won't hurt and it might give you a head start when a member of the Security Team stops by.
Your thread, your machine, your choice.
When someone does stop by you will more than likely get your miracle and step by step help. You've seen some of those threads, it takes a while.
Wait or Kasperky - you know what I think :)
Good luck getting rid of that miserable bug.
Edit: Just saw Kaspersky USB drive option when I was closing down open browser windows.
Also make sure the machine you create this on is free of malware
http://support.kaspersky.com/8092
Last edited by Slartybart; 21 Jan 2014 at 18:38. Reason: clarify - disagree with WDO cleaned malware, agree Clean install should be considered.
Just a thought.
After WDO was the boot order set back to proper drive?
I will go back to watching.
Quote