Alureon.E (virus)trojan

brato92 · 24 Mar 2013

Hello everyone, i'm Brato and i need help with this virus - Alureon.E. My laptop (VAIO - W7 Home Premium x64) has been infected with it a couple of months ago, i've searched the internet but didn't find a solution. My MSE antivirus keeps telling me the system is infected with this particullary kind of virus, and it finds the virus at this location:
boot:\Device\HarddiskVolume4\
boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)

Unfortunatly, MSE cannot delete the virus. I found out on this forum that someone who has the exactly problem as me managed to get rid of this virus, with the help of Hiren's BootCD. I've downloaded Hiren's BootCD but the problem is that i don't know what program i have to use for deleting that particular partition (1MB memory) that contains the virus. Could someone tell me all steps (for deleting the partition with Hiren's BootCD), please ? I would appreciate it very much. Thanks !

PS: I found here the guy with the same problem as me: boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan

cottonball · 24 Mar 2013

brato92,

Let’s take a look before Windows starts…

Need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option, do you have your Windows installation CD/DVD available?

And last, do you have a USB pendrive available, and access to another computer that is not infected?

cottonball · 24 Mar 2013

If you do have the Repair your Computer option...

You may want to print these instructions so you can have access to follow them. Also, you may want to read them once befor you apply them.

Please plug a USB pendrive into a clean computer.

Go to Start > Computer
Double-click Computer, and select the pendrive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.

Next, download Farbar Recovery Scan Tool (64-bit version):
Farbar Recovery Scan Tool Download
Select the 64-bit download.
Save the program to the >> USB pendrive.

Also download List Parts 64-bit and save it to the USB pendrive.
http://www.bleepingcomputer.com/down...stparts/dl/78/

Next, plug the pendrive into the infected computer.

>>>Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Use the arrow keys to select the Repair your computer menu item.

Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt

Select Command Prompt

In the Command window, at the bliking cursor type notepad and press: Enter
In Notepad, under the File menu select: Open
Double-click Computer, find the pendrive letter, remember what letter it is, click on it, and press: Open
Close out of Notepad.
Click the Command window
Type g:\frst64.exe, and press: Enter
Note: Replace the drive letter g with the drive letter of your pendrive!
The tool starts and prepares to run. Follow the prompts.
Click Yes to the Disclaimer.
Press: Scan

The program saves the FRST.txt report, on the pendrive.

Back at the Command Prompt, type e:\listparts64.exe and press: Enter
Note: Replace the drive letter e with the drive letter of your pendrive!

When ListParts starts to run. Check: List BCD
Click: Scan
When finished scanning ListParts also makes a Result.txt on the pendrive.

Back at the System Recovery Options, press: ShutDown

Please provide the FRST.txt, and the Results.text (for ListParts) in your reply.
Both reports are located in the USB pendrive.

cottonball · 24 Mar 2013

brato92,

Please note Post #3 is edited to add ListParts.

brato92 · 25 Mar 2013

Hy cottonball ! I'll try these steps right now. Keep in touch.

Borg 386 · 25 Mar 2013

Alureon.E operates by writing a cloaked partition which boots before the main system does. It generally does not show up under disk management. Since it is already running & in use, MSE cannot delete it.

The tool you are looking to use is GParted, a boot partition tool. This will confirm if you have a hidden partition. The partition is usually at the end of the drive & is between 1 - 10 MB. You can manually delete this partition, but you will have to re-establish the correct partition to be the boot sector.

Running TDSSKiller would be a good idea as it automates this process, & resets the boot sector back to it's rightful place.

brato92 · 25 Mar 2013

@cottonball: i have the 'Repair your computer option' under 'Advanced Boot Options' menu, i also have a USB flash (stick). Right now i'm performing your steps. I'll post the results.

brato92 · 25 Mar 2013

Cottonball i have a problem: after i press Enter on 'Repair your computer' option under 'Boot Advanced Settings' (with USB stick inserted) nothing happens: the screen becomes black and that's all. After 3-4 minutes i have to reset the laptop because i think it is stuck. I've tried it for 2 times and nothing comes out.

I don't have an original Windows 7 DVD, because when i bought this laptop it came with Windows 7 installed. I found out (on Laptop's manual) that Windows Installation Kit (original) is on a hidden partition that i can't acces normally, but it can be accesed when i need to reinstall or repair the system.

I'm waiting for your advice.

Jacee · 25 Mar 2013

Try this ... How to Restore Sony Vaio System Files From a Hidden Partition | eHow.com

VistaKing · 25 Mar 2013

I don't think you should of said you have a " pirated " Windows 7 cd .