New
#11
I thought the Alureon was a dns style infection?
I thought the Alureon was a dns style infection?
It redirects you do to the DNS
But take a look at this
Taken from the link belowCode:Installation Virus:Win32/Alureon.I is the detection for "volsnap.sys", a system driver that has been infected by members of the Win32/Alureon family.
Link Encyclopedia entry: Virus:Win32/Alureon.I - Learn more about malware - Microsoft Malware Protection Center
Your right, I did not see that. so I should also be prepared for a bigger infection correct?
mohavepc
With cottonball's help you will be cured . He has worked on a lot of Alureon trojans on people's PCs
I appreciate it VistaKing and I will await Cottonball's return.
My apology for the delay. Do not like to do things in a hurry...
Will be back @ 4:30PM CST and we will proceed.
Thanks for your patience.
mohavepc,
Please copy/paste the text inside the quote box to Notepad (Do not copy the word 'Quote')
In Notepad, click File (at the top), and select: Save As...Replace: C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys C:\Windows\System32\drivers\volsnap.sys
In the Save As... prompt, name the file fixlist.txt, and save it to the USB pendrive <<--- Important!!
NOTE. It is important that FRST and the fixlist.txt are in the same location (USB pendrive) or this will not work.
Run FRST64 as you did previously, press the Fix button, just once, and wait.
When done, the tool makes a log on the Desktop: Fixlog.txt
Please post Fixlog.txt in your reply.
Last edited by cottonball; 24 May 2013 at 17:20.
FRST is going to be able to copy a system file in a "running" windows environment?
Ran from desktop of corrupted machine
here is the log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-05-2013
Ran by Holly at 2013-05-24 15:03:45 Run:1
Running from C:\Users\Holly\Desktop
Boot Mode: Normal
==============================================
C:\Windows\System32\drivers\volsnap.sys => Could not move.
Could not replace C:\Windows\System32\drivers\volsnap.sys
==== End of Fixlog ====
Would it be easier if I booted into Linux and copied the file? I have several live disks at my disposal.
Last edited by mohavepc; 24 May 2013 at 17:14. Reason: clarification
mohavepc,
I think I lost it!!
Trying to do too many things at once. My apology...
Modified the previous instructions. Please try them again.
L O L .... I was wondering there for a few. ok here is the new log
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-05-2013
Ran by SYSTEM at 2013-05-24 15:23:31 Run:2
Running from F:\
Boot Mode: Recovery
==============================================
C:\Windows\System32\drivers\volsnap.sys => Moved successfully.
C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys copied successfully to C:\Windows\System32\drivers\volsnap.sys
==== End of Fixlog ====