Alureon and my broken laptop

[SarahCali]

Sarah here is the link that Cottonball has mentioned Farbar Recovery Scan Tool

http://download.bleepingcomputer.co...ies/f/farbar-recovery-scan-tool/64/FRST64.exe

I'm sorry, I was too slow - this link has expired?

 

[VistaKing]

Did you locate the drive letter of the USB flash drive ?

In command prompt type in the command below

format /FS:FAT32 X:

   Note

X: is the drive letter of the flash drive

Run the Diskpart commands that I posted above to get the flash drive letter .

Added:

Once you format the USB flash drive go to the link below ( on the Mac ) and choose Download now x64 bit version

Link : http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

[SarahCali]

OK, sorry - I am very confused now as to which files, and where! I have TDSS, but not now using that - right?

You want me to format a flash drive and then copy the other file to it (link has expired), I format it on my laptop,using line above? Afraid I do not understand Q about drive letter

 

[SarahCali]

Sarah here is the link that Cottonball has mentioned Farbar Recovery Scan Tool

http://download.bleepingcomputer.co...ies/f/farbar-recovery-scan-tool/64/FRST64.exe

We don't need to restart the PC . Plug the USB drive in the PC and in the command prompt type the commands and press enter after each command

Diskpart

press ENTER

 list volume

press enter

   Note

take note of the letter for your USB flash drive

then type

 exit

and press Enter . It should say Leaving DiskPart… then type in the driver letter of the USB flash drive with a back slash " \ " and the name of the .exe file .

OK, sorry, got it. There are 5, mine is in H:

Noted!

 

[SarahCali]

Formatting now, and have downloaded file to Mac.

So, file onto stick, and then bring back to laptop, right?

 

[VistaKing]

If you're sure your flash drive is H then run the command

[DEL]format /FS:FAT32 H: quick [/DEL]
[/[DEL]code][/DEL]

Yes once you have the file onto the flash drive remove the drive and plug it back into the infected laptop . Inside the command prompt type in 

H:\ and press enter . You should now be in H:\ _ type in frst64.exe

ADDED : from Cottonball prior post on page 4 or 5 

Type [B]h:\frst64.exe[/B], and press: Enter 


The tool starts and prepares to run. Follow the prompts.
Click Yes to the disclaimer.

Press: Scan

When done, the program saves the FRST.txt report, on the flash drive.
Click the Command Prompt window, and type exit, and press: Enter

Back at the System Recovery Options, press: Restart

When the computer boots back into Windows, please provide the FRST.txt in your reply.

 

[SarahCali]

File safely on stick. So plug into laptop, and ... Run? Wait? Pour a stiff drink ...

 

[SarahCali]

I should always read back ...

So, type H:\FIRST64.exe

Hit enter. Right?

What should I expect?!

 

[SarahCali]

It's doing what you said, scanning now

 

[VistaKing]

Yes plug the USB flash drive into the infected drive . Open up a new command prompt window . By closing the current command window and it should bring you back to System Recovery Options: window and choose Command prompt . It should open to x:\windows\system32 . Type in " h:\frst64.exe " without the quotes


Added : once the its done scanning you should see FRST.txt in your flash drive upload that file to your post .

 

[SarahCali]

OK, it ran, found issues of course (attention! stuff in the text file) - attached as instructed

 

[VistaKing]

I will need some assistance with the log . Let me get Cottonball

 

[SarahCali]

Gotcha - thanks guys

Whilst fixing it is of course what matters, I'm reall keen to understand what and how has happened. Somehow I was infected with this infamous Alureon (AVG no good, or does this one really get through many anti-virus progs?) - has it been there since Google Redirect 2 months ago (TDSS said it cleared me), or a coincidence? And damn, if so, piss poor anti-virus attempt by me. I thought I was doing the right thing.

It caused the BSOD, and then when I tried to remove it it attempted to destroy my computer, is that right?! Will I be left with security issues (passwords, banking?), and how the heck do I never, ever face this awful nightmare again?

Just thinking out loud, if anyone fancies educating me I have some very bad feelings toward virus creators right now ...

 

[VistaKing]

Looking at the log ( text file ) you downloaded avg remover software . I do see a root kit on the drive that is why you aren't able to boot to windows . I need Cottonball to create a fix list for you to run and its step 2 to clear your issue . I'd stay away from avg . Get a much better program . It will cost money but at least you are good . Just a reminder just cause you have an antivirus program doesn't mean you will not get a virus . You have locks on your doors ? Do you think it stops someone from breaking in ? Same goes for firewalls and antivirus programs .

 

[shawn77]

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.You will see the desktop .Wait for more instructions from vistaking or cottonball.

 

[SarahCali]

I uninstalled AVG when told to use MSET instead, in the BSOD thread? I was only running AVG because I was told it was good Not a cheapskate, honest! Actually, until recently I had their paid version, until it expired.

MSET not a good option? Is there simply no way to avoid viruses if online? Is it only ever by downloading things? I can't help but wonder how/when this happened.

 

[VistaKing]

Thank you Shawn for the fix list

 

[SarahCali]

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.You will see the desktop .Wait for more instructions from vistaking or cottonball.

I'm sorry, I'm lost. Do the first part on the Mac (clearly you don't mean broken laptop.m), but these are Win instructions? I'm not Mac savvy ...

 

[VistaKing]

Remove the flash drive from the infected PC . Plug back into the Mac . Inside the Mac open a program called text editor should be inside Applications folder . Once the text editor program opens input the following

start
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Save the file as fixlist.txt and place it to your flash drive . Unplug the flash drive back and plug into the infected PC and do the same as before in the FRST program click on fix .

   Note

BEFORE YOU SAFE on the Mac … Go to TextEdit preferences and set the Format to Plain Text instead of Rich Text. Also check the boxes for "Ignore Rich Text Commands....

 

[shawn77]

Do you have a windows system that you could use temporarily?

or

I can upload the fixlist text file.Download it on your MAC.Copy it to a flash drive.Boot into recovery console of broken computer,perform the steps and you should be able to boot the PC into normal mode.