Alureon and my broken laptop

SarahCali · 29 Mar 2013

OK, it ran, found issues of course (attention! stuff in the text file) - attached as instructed :)

VistaKing · 29 Mar 2013

I will need some assistance with the log . Let me get Cottonball

SarahCali · 29 Mar 2013

Gotcha - thanks guys :)

Whilst fixing it is of course what matters, I'm reall keen to understand what and how has happened. Somehow I was infected with this infamous Alureon (AVG no good, or does this one really get through many anti-virus progs?) - has it been there since Google Redirect 2 months ago (TDSS said it cleared me), or a coincidence? And damn, if so, piss poor anti-virus attempt by me. I thought I was doing the right thing.

It caused the BSOD, and then when I tried to remove it it attempted to destroy my computer, is that right?! Will I be left with security issues (passwords, banking?), and how the heck do I never, ever face this awful nightmare again?

Just thinking out loud, if anyone fancies educating me :) I have some very bad feelings toward virus creators right now ...

VistaKing · 29 Mar 2013

Looking at the log ( text file ) you downloaded avg remover software . I do see a root kit on the drive that is why you aren't able to boot to windows . I need Cottonball to create a fix list for you to run and its step 2 to clear your issue . I'd stay away from avg . Get a much better program . It will cost money but at least you are good . Just a reminder just cause you have an antivirus program doesn't mean you will not get a virus . You have locks on your doors ? Do you think it stops someone from breaking in ? Same goes for firewalls and antivirus programs .

shawn77 · 29 Mar 2013

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.You will see the desktop

.Wait for more instructions from vistaking or cottonball.

SarahCali · 29 Mar 2013

I uninstalled AVG when told to use MSET instead, in the BSOD thread? I was only running AVG because I was told it was good

Not a cheapskate, honest! Actually, until recently I had their paid version, until it expired.

MSET not a good option? Is there simply no way to avoid viruses if online? Is it only ever by downloading things? I can't help but wonder how/when this happened.

VistaKing · 29 Mar 2013

Thank you Shawn for the fix list

SarahCali · 29 Mar 2013

shawn77 said:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.You will see the desktop

.Wait for more instructions from vistaking or cottonball.

I'm sorry, I'm lost. Do the first part on the Mac (clearly you don't mean broken laptop.m), but these are Win instructions? I'm not Mac savvy ...

VistaKing · 29 Mar 2013

Remove the flash drive from the infected PC . Plug back into the Mac . Inside the Mac open a program called text editor should be inside Applications folder . Once the text editor program opens input the following

Code:

start
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Save the file as fixlist.txt and place it to your flash drive . Unplug the flash drive back and plug into the infected PC and do the same as before in the FRST program click on fix .

Note

BEFORE YOU SAFE on the Mac … Go to TextEdit preferences and set the Format to Plain Text instead of Rich Text. Also check the boxes for "Ignore Rich Text Commands....

shawn77 · 29 Mar 2013

Do you have a windows system that you could use temporarily?

or

I can upload the fixlist text file.Download it on your MAC.Copy it to a flash drive.Boot into recovery console of broken computer,perform the steps and you should be able to boot the PC into normal mode.