Solution (Given) to removing Alureon !gen A trojan


  1. Posts : 2
    Windows 7 Home Premium 64 bit
       #1

    Solution (Given) to removing Alureon !gen A trojan


    Hey Everybody,
    I joined this forum last night to seek help resolving a terrible crash of my Windows 7 Home Edition home desktop that resulted after Microsoft Security Essentials (MSE) detected, and then failed to remove the Alureon gen!A Trojan many times.


    For about a month or two, MSE, which was set up to run a daily full scan, excluding no folders, programs, or external drives, and to automatically remove all threats, was telling me about 10 times a day that it detected threats (only one, Alureon gen!A), and removed them, and that I had to restart my computer. I did this several times, with no luck. I spent some time online and followed instructions to remove this Trojan (removing its keys from the registry, emptying the temp files, running the Windows Malicious Software Removal Tool), with no luck. Finally, last night, I went out and bought some DVDs and wrote a Windows Offline Defender boot disk.


    I restarted my computer, ran a full scan with Windows Offline Defender, and Alureon gen !A was the only threat detected, just like MSE. I removed it. It said the removal was successful, and asked me to restart the machine. I restarted the machine, removed the boot disk, and started windows normally. The "Starting Windows" black screen with the flags showed up, but immediately afterwards, a blue screen of death showed for a fraction of a second and my system restarted.


    I tried safe mode boot, startup repair, system restore, startup repair from an install disk, and disabling "automatically restart after system fails to boot." This last thing caught my attention, since it only worked after the first restart after disabling it, and I could see the blue screen of death for a longer time.


    I did some searches on my tablet, and found that if I pressed F10 during boot and removed "/MININT" from the line reading /NOEXECUTE=OPTION /MININT, and pressed enter, my computer booted just fine, and the Trojan was no longer detected by MSE.


    I hope someone finds this helpful (I spent 6 hours trying to fix this problem with a 5 second fix).
      My Computer


  2. Posts : 2
    Windows 7 Home Premium 64 bit
    Thread Starter
       #2

    I'd like to add a bit more information. I restarted my computer shortly after making this post. It turns out the issue wasn't entirely resolved, and that I'd have to hit F10 on every boot and remove "/MININT" and correct "OPTIN" to "OPTION" on every boot. I followed the following steps to resolve the issue (hopefully) for good:

    "PinellasComputers replied on
    September 17, 2011



    SOLVED!

    After 3 hours of troubleshooting, I have found the solution to this problem!
    It is caused by a corrupt or damaged boot option in the MBR.
    It is especially common on hard drives that contain multiple partitions (ie. almost all OEM installs).
    Sometimes the MBR just becomes damaged, other times a boot virus is the cause.

    In any case, heres what fixes it:
    Boot into recovery manager via a Win7 DVD or via the built in system repair option.
    If you use the Win7DVD, click next and then choose the option to Repair your computer.
    If you use the built in system repair option, cancel any automatic repairs that may start.
    Choose the advanced recovery options, and then choose the command prompt.
    Enter the following command: bcdedit /enum

    This is the tricky part. Your boot manager may be different depending on the OEM or installer.
    Identify all the installation references. There should be more than one. Mine had 2.
    One of these is a valid record, the other is corrupt/invalid. We need to delete the invalid record and then rewrite it.
    My 2 records were {bootmgr} and {default}
    I'm not sure about this, but I believe it will always be the {default} record that is corrupt. (It was for me)
    So, let's assume I'm correct and the {bootmgr} record is always generic and the {default} value tends to be corrupted.

    Enter the following command: bcdedit /delete {default}
    The command should complete successfully.

    Now that we've deleted the corrupted record, we need to allow windows to identify and rebuild the correct one.
    Enter the following command: bootrec.exe /scanos
    Windows should scan for any Windows installations on all drives, and it should indentify at least 1.
    Choose y to add it to the boot manager.
    The command should complete successfully.

    Now lets clean up and make sure Windows has some defualt boot settings.
    Enter the following command: bootrec.exe /fixboot
    The command should complete successfully.
    Enter the following command: bootrec.exe /fixmbr
    The command should complete successfully.

    Restart. Done! Let me know if it worked for you!

    Ryan Malize
    Pinellas Computers, LLC."
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:19.
Find Us