Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Alureon.E (virus)trojan

24 Mar 2013   #1

Windows 7 Home Premium x64
Alureon.E (virus)trojan

Hello everyone, i'm Brato and i need help with this virus - Alureon.E. My laptop (VAIO - W7 Home Premium x64) has been infected with it a couple of months ago, i've searched the internet but didn't find a solution. My MSE antivirus keeps telling me the system is infected with this particullary kind of virus, and it finds the virus at this location:
boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)

Unfortunatly, MSE cannot delete the virus. I found out on this forum that someone who has the exactly problem as me managed to get rid of this virus, with the help of Hiren's BootCD. I've downloaded Hiren's BootCD but the problem is that i don't know what program i have to use for deleting that particular partition (1MB memory) that contains the virus. Could someone tell me all steps (for deleting the partition with Hiren's BootCD), please ? I would appreciate it very much. Thanks !

PS: I found here the guy with the same problem as me: boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan

My System SpecsSystem Spec
24 Mar 2013   #2

Windows 7 Home Premium


Let’s take a look before Windows starts…

Need some info from you:
Do you have the Repair your computer option in the Advanced Boot Options menu?

To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option, do you have your Windows installation CD/DVD available?

And last, do you have a USB pendrive available, and access to another computer that is not infected?
My System SpecsSystem Spec
24 Mar 2013   #3

Windows 7 Home Premium

If you do have the Repair your Computer option...

You may want to print these instructions so you can have access to follow them. Also, you may want to read them once befor you apply them.

Please plug a USB pendrive into a clean computer.

Go to Start > Computer
Double-click Computer, and select the pendrive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.

Next, download Farbar Recovery Scan Tool (64-bit version):
Farbar Recovery Scan Tool Download
Select the 64-bit download.
Save the program to the >> USB pendrive.

Also download List Parts 64-bit and save it to the USB pendrive.

Next, plug the pendrive into the infected computer.

>>>Restart the computer.

  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)
On the System Recovery Options menu you get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Scan your computer's memory for errors.
  • Command Prompt
Select Command Prompt
  • In the Command window, at the bliking cursor type notepad and press: Enter
  • In Notepad, under the File menu select: Open
  • Double-click Computer, find the pendrive letter, remember what letter it is, click on it, and press: Open
  • Close out of Notepad.
  • Click the Command window
  • Type g:\frst64.exe, and press: Enter
    Note: Replace the drive letter g with the drive letter of your pendrive!
  • The tool starts and prepares to run. Follow the prompts.
  • Click Yes to the Disclaimer.
  • Press: Scan
The program saves the FRST.txt report, on the pendrive.

Back at the Command Prompt, type e:\listparts64.exe and press: Enter
Note: Replace the drive letter e with the drive letter of your pendrive!

When ListParts starts to run. Check: List BCD
Click: Scan
When finished scanning ListParts also makes a Result.txt on the pendrive.

Back at the System Recovery Options, press: ShutDown

Please provide the FRST.txt, and the Results.text (for ListParts) in your reply.
Both reports are located in the USB pendrive.
My System SpecsSystem Spec

24 Mar 2013   #4

Windows 7 Home Premium


Please note Post #3 is edited to add ListParts.
My System SpecsSystem Spec
25 Mar 2013   #5

Windows 7 Home Premium x64

Hy cottonball ! I'll try these steps right now. Keep in touch.
My System SpecsSystem Spec
25 Mar 2013   #6
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10

Alureon.E operates by writing a cloaked partition which boots before the main system does. It generally does not show up under disk management. Since it is already running & in use, MSE cannot delete it.

The tool you are looking to use is GParted, a boot partition tool. This will confirm if you have a hidden partition. The partition is usually at the end of the drive & is between 1 - 10 MB. You can manually delete this partition, but you will have to re-establish the correct partition to be the boot sector.

Running TDSSKiller would be a good idea as it automates this process, & resets the boot sector back to it's rightful place.
My System SpecsSystem Spec
25 Mar 2013   #7

Windows 7 Home Premium x64

@cottonball: i have the 'Repair your computer option' under 'Advanced Boot Options' menu, i also have a USB flash (stick). Right now i'm performing your steps. I'll post the results.
My System SpecsSystem Spec
25 Mar 2013   #8

Windows 7 Home Premium x64

Cottonball i have a problem: after i press Enter on 'Repair your computer' option under 'Boot Advanced Settings' (with USB stick inserted) nothing happens: the screen becomes black and that's all. After 3-4 minutes i have to reset the laptop because i think it is stuck. I've tried it for 2 times and nothing comes out.

I don't have an original Windows 7 DVD, because when i bought this laptop it came with Windows 7 installed. I found out (on Laptop's manual) that Windows Installation Kit (original) is on a hidden partition that i can't acces normally, but it can be accesed when i need to reinstall or repair the system.

I'm waiting for your advice.
My System SpecsSystem Spec
25 Mar 2013   #9
Microsoft MVP

Windows 7 Ultimate 32bit SP1

My System SpecsSystem Spec
25 Mar 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit

I don't think you should of said you have a " pirated " Windows 7 cd .
My System SpecsSystem Spec

 Alureon.E (virus)trojan

Thread Tools

Similar help and support threads
Thread Forum
Solution (Given) to removing Alureon !gen A trojan
Hey Everybody, I joined this forum last night to seek help resolving a terrible crash of my Windows 7 Home Edition home desktop that resulted after Microsoft Security Essentials (MSE) detected, and then failed to remove the Alureon gen!A Trojan many times. For about a month or two, MSE,...
System Security
Trojan Alureon.A Detected After Clean Win7 Install
A brief intro: I'm working on a family friend's laptop. It's a Dell Vostro 3550. After doing a factory reset, I was still getting tons of BSODs. You can find info on all that in this thread. I did a Clean Windows 7 install because all signs pointed to hardware issues, but we wanted to be sure. ...
System Security
boot:\physicaldrive0\partition3 (type 17) Alureon.E (virus)trojan
Good afternoon/evening, Sevenforums professionals:o My name is kyle and I'm looking for help to remove/cure some issues I'm having with my desktop Gateway PC. This is on a Windows 7 home premium 64bit, i3 processor. Here are the problems detected by Microsoft Security Essentials: ...
System Security
I've had this incredibly annoying infection for the last few weeks. I've done some searching online and don't get many clear answers about this one. It got to the point that i formatted my hdd, which was due anyway, but after a fresh install of Win 7 i still get prompts from MSE. I've gathered...
System Security
Alureon Bootkit Trojan - Crossing the 64 bit Barrier
UAC is there for a reason!
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:51.
Twitter Facebook Google+