.Alureon.A reported by ISP on boot. Computer runs fine.

Page 2 of 2 FirstFirst 12

  1. Posts : 8
    Windows7 Pro 64bit, widows7 Pro 32bit, Linux
    Thread Starter
       #11

    http://we.tl/L0yAiuoyc0
    Link to frst.txt
      My Computer


  2. Posts : 8
    Windows7 Pro 64bit, widows7 Pro 32bit, Linux
    Thread Starter
       #12

    frst.txt attached
    .Alureon.A reported by ISP on boot.  Computer runs fine. Attached Files
      My Computer


  3. Posts : 2,470
    Windows 7 Home Premium
       #13

    Dusty45,

    The FRST report is run on a 64-bit system [C:win7PRO 64Bit].
    Have not seen Alureon there.
    Was there an Addition.txt produced?

    If so, please post.



    Also, please boot to the 32-bit system [E:Win7PRO 32bit].

    Download the 32-bit FRST, run it, and post its results.
      My Computer


  4. Posts : 8
    Windows7 Pro 64bit, widows7 Pro 32bit, Linux
    Thread Starter
       #14

    Sorry deleted it.

    On 32 bit drive FRST shows nothing BUT,

    ADWCleaner found a trojan on that drive. ESET found four paths and deleted them all. That didn't solve the problem though. Booted back into 64 bit drive and ISP still reported a problem.

    Ran Hitman Pro and it found two malware links and removed them. Log below:

    Code:
    HitmanPro 3.7.8.207
    www.hitmanpro.com
       Computer name . . . . : CJAM3X4-PC
       Windows . . . . . . . : 6.1.1.7601.X64/4
       User name . . . . . . : cjAM3x4-PC\caroljim
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
       Scan date . . . . . . : 2013-10-29 15:05:04
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 3m 35s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 2
       Traces  . . . . . . . : 7
       Objects scanned . . . : 1,571,333
       Files scanned . . . . : 33,173
       Remnants scanned  . . : 388,434 files / 1,149,726 keys
    Malware _____________________________________________________________________
       C:\Games\EasyUO Script\EasyUO\EUOX.exe
          Size . . . . . . . : 1,112,064 bytes
          Age  . . . . . . . : 318.1 days (2012-12-15 11:47:48)
          Entropy  . . . . . : 6.7
          SHA-256  . . . . . : 704712023147CF72236BD23A27CC34DCCC6346FB8B5643DFB43D2D9D36844B32
        > Ikarus . . . . . . : Trojan.Win32.VB!IK
          Fuzzy  . . . . . . : 106.0
          References
             C:\Users\caroljim\Desktop\EUOX.lnk
             HKU\S-1-5-21-2066651824-2471372917-1354444347-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Games\EasyUO Script\EasyUO\EUOX.exe
       C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\106MFXVI\D2M-Precheck[1].exe
          Size . . . . . . . : 508,928 bytes
          Age  . . . . . . . : 4.6 days (2013-10-25 01:31:48)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : C15CF5553D2B48EF501AB7D2972BAF2D5825218BBA292938E3B8556E7C5C095E
          Product  . . . . . : D2M-Precheck
          Publisher  . . . . : Appcaster
          Description  . . . : D2M-Precheck
          Version  . . . . . : 1.0.0.0
          Copyright  . . . . : Copyright © Appcaster 2013
          Source URL . . . . : hxxp://ddnw0hpcyyfnj.cloudfront.net/D2M-Precheck.exe
        > Ikarus . . . . . . : Trojan.SuspectCRC!IK
          Fuzzy  . . . . . . : 110.0
          Forensic Cluster
             -0.8s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\win98_top_min[1].jpg
             -0.7s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S45S397Z\win98_left[1].jpg
             -0.7s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\106MFXVI\win98_bottom[1].jpg
             -0.6s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\win98_accept_button[1].jpg
             -0.6s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE0Q74DV\win98_decline_button[1].jpg
             -0.6s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S45S397Z\win98_cancel_button[1].jpg
             -0.5s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\106MFXVI\win98_skip_button[1].jpg
             -0.5s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\welcome_generic[1].jpg
             -0.4s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE0Q74DV\header_premiuminstaller[1].jpg
             -0.3s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S45S397Z\bundled_whitesmokej[1].jpg
              0.0s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\106MFXVI\D2M-Precheck[1].exe
              6.4s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\muted_greatarcade_eula[1].jpg
              6.5s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE0Q74DV\greatarcade_eula[1].htm
              6.6s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S45S397Z\muted_optimizerpro_eula[1].jpg
              6.8s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\106MFXVI\optimizerpro_eula[1].htm
              6.8s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\muted_scorpionsaver_eula[1].jpg
              6.9s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE0Q74DV\scorpionsaver_eula[1].htm
              7.0s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S45S397Z\muted_defaulttab_clean[1].jpg
              7.1s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\106MFXVI\defaulttab_terms[1].htm
              8.0s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\cloud_progress_screen[1].jpg
              8.0s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6YUTHQ2\cloud_progress_screen[1].jpg
              8.3s C:\Users\caroljim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GE0Q74DV\amazon_finished[1].jpg
    
    Cookies _____________________________________________________________________
       C:\Users\caroljim\AppData\Roaming\Microsoft\Windows\Cookies\GSOLGU53.txt
       C:\Users\caroljim\AppData\Roaming\Microsoft\Windows\Cookies\OFP3XX5F.txt
       C:\Users\caroljim\AppData\Roaming\Microsoft\Windows\Cookies\TIGKXCHC.txt
      My Computer


  5. Posts : 8
    Windows7 Pro 64bit, widows7 Pro 32bit, Linux
    Thread Starter
       #15

    Ran Hitman again on win 7 64 drive and got:

    Code:
    HitmanPro 3.7.8.207
    www.hitmanpro.com
       Computer name . . . . : CJAM3X4-PC
       Windows . . . . . . . : 6.1.1.7601.X64/4
       User name . . . . . . : cjAM3x4-PC\caroljim
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
       Scan date . . . . . . : 2013-10-29 21:56:07
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 3m 23s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 0
       Objects scanned . . . : 1,579,229
       Files scanned . . . . : 35,272
       Remnants scanned  . . : 393,984 files / 1,149,973 keys

    Rebooted
    No warning from ISP! As yet
      My Computer


  6. Posts : 2,470
    Windows 7 Home Premium
       #16

    Try it for a day or two, and see how it goes.
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:10.
Find Us