Trojan Alureon.A Detected After Clean Win7 Install

sharona · 17 May 2013

A brief intro: I'm working on a family friend's laptop. It's a Dell Vostro 3550. After doing a factory reset, I was still getting tons of BSODs. You can find info on all that in this thread. I did a Clean Windows 7 install because all signs pointed to hardware issues, but we wanted to be sure.

The only things I put on the laptop were a WiFi driver, Windows Updates, and MSE. MSE immediately detected Trojan Alureon.A. I had it do what it could, then it suggested using Window Defender to finish up removal. Before I did that, I did some googling. I installed MalwareBytes Anti-Malware, which detected nothing. I then got Kapersky's TDSSKiller.exe, which detected the rootkit and seems to have successfully removed it. I rescanned with all tools after reboot. MSE showed that it had detected, but successfully quarantined tons of variants containing "Trojan Alureon" in their name, but different letters at the end. I had it remove them, which it did. I've rebooted several times, run scans with all programs multiple times, and all seems clear. I wanted to make sure I was out of the woods before I continued gradually installing drivers and programs. Someone in my thread told me to come and post here.

Borg 386 · 17 May 2013

Did you format the HD before you installed Windows?

Since Alureon writes it's own cloaked boot partition, it's possible it survived the re-install if you didn't wipe the disk.

If you didn't wipe the disk & you haven't put too much into the current installation, it might be worth it to use DBan to make sure everything is erased.

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

It's also possible one of your source disks may have the infection. If you backed up your drivers & such while the PC was infected, then it could have transferred to the backup media.

sharona · 17 May 2013

Thanks so much for replying, Borg!

If the virus did hitch on to something, it was probably the HD. I downloaded the installer for Win7 from my personal laptop, as well as the WiFi driver I mentioned. I have not returned the documents/files to the laptop, yet. When I was reinstalling, I noticed there were 3 partitions: Boot, Recovery, and OS. Will the HD wipe format/clean all three? I know that's probably a stupid question, but I wanted to make sure I completely understood everything.

VistaKing · 17 May 2013

sharona

Yes that will wipe the entire Hard Drive including the 3 partitions. We will have Cottonball take a look at this tread.

sharona · 17 May 2013

Okay, thanks! I am running the autonuke options per the directions.

VistaKing · 17 May 2013

AutoNuke will format your hard drive . Is that what you want to do ?

sharona · 17 May 2013

Yes, from what I understand that's the best way to make sure the virus isn't hiding somewhere on the HD. I will just need to do another clean install afterwards. Is that correct?

VistaKing · 17 May 2013

Yes but if you're getting the Alueron from a clean installation . I believe that could be coming from your Flash Drive. Try to do a scan on your flash drive.

We could also format the flash drive if you don't have anything important in there.

sharona · 17 May 2013

Flash drive, like the usb drive? I have a 1 TB external hard drive, which I back stuff up on. I used a DVD to reinstall Windows 7. But, I did download the wifi driver via my own laptop and put it on the usb drive to transfer to the problem laptop. I'll scan it for viruses/malware to double-check.

VistaKing · 17 May 2013

Can you show a scrnshot of your Disk Management ?

Disk Management - Post a Screen Capture Image