Alureon and my broken laptop

Sarah, you have fallen into the hands of very knowlegeable and dedicated guys and I admire their efforts. But given the history of your system, it will never be right again even if they manage to get it running.

You can remove a virus pretty easily, but what is really difficult is to fix the damages the virus has done because you really don't know what it is.

At one point you should prepare yourself for a complete reinstallation. What is most important there is that you have your own data properly backed up. In one of your earlier post I read that you are not sure of your backups and if you have done it with Windows backup facilities you have reason not to be sure.

You may want to consider using a live Linux CD for an additional backup. You could also run a WinPE CD. But if you have your data backed up now (after the infection), scan it with a proper scanner (e.g. Superantispyware or the free Kaspersky virus scanner - or online, but that will take time for the uploads) before you put it back on your system. Infected data is not very common but it is better to be safe than sorry.
 

My Computer My Computer

At a glance

Vista, Windows7, Mint Mate, Zorin, Windows 8from 1.6GHz Duo to i7
Computer Manufacturer/Model Number
HP, Dell, Gateway, Toshiba - 4 laptops and 2 desktops
OS
Vista, Windows7, Mint Mate, Zorin, Windows 8
CPU
from 1.6GHz Duo to i7
Monitor(s) Displays
2x HP w2207
Hard Drives
5x HDD, 7x SSD, 12x Externals
Keyboard
with trackball - no mices
Mouse
Trackball mice
Internet Speed
DSL 6000
Fixlog attached
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium 64bit@ 2.40GHzRAM 8.00GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pavillion
OS
Windows 7 Home Premium 64bit
CPU
@ 2.40GHz
Memory
RAM 8.00GB
Antivirus
AVG
Browser
Chrome, Firefox, IE
Sarah did you add the text below to your fix list ?

Code:
TDL4: custom:26000022
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Sorry, had to take care of some urgent matters.

SarahCali,

You have come this far, and Alureon can be removed. However, it is not the type of thing where a scan here and there will take care of.

The option shawn77 is offering to upload is the best. Otherwisw, doubt that FRST is going to recognize a Mac text editor and run the fixlist.txt

If the above does not work, there is also the option to run TDSSKiller from System Recovery Options > Command Prompt. For now, though, let's just stay with FRST64 and see what it brings.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
She already uploaded the fix log

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-29 19:30:41 Run:1
Running from H:\

==============================================

C:\Windows\svchost.exe moved successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
According to fixlog.txt ,fix should have worked.

You should try booting into normal mode now.
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Sarah let us know if you can boot into Windows .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
The fixlog.txt is showing what it should.

Barring any other problems, Windows should be up.

What's up, SarahCali?
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
And yet it's not :( ***** (sorry, sailor mouth on me) - Inam seeing exactlybthevsame screens
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64bit@ 2.40GHzRAM 8.00GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pavillion
OS
Windows 7 Home Premium 64bit
CPU
@ 2.40GHz
Memory
RAM 8.00GB
Antivirus
AVG
Browser
Chrome, Firefox, IE
Cottonball .... I did notice a dnsserver of 8.8.8.8 in the log file when Sarah first ran the FRST . I think will need to reset some stuff .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
OK, scratch that - the first time that's what happened, I f8'd and then told it to start normally.

It is booting - and I have a security warning:

Downloads\avg_remover(numbers).exe

I choose cancel not run? Is this part of the problem? I am 100% paranoid
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64bit@ 2.40GHzRAM 8.00GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pavillion
OS
Windows 7 Home Premium 64bit
CPU
@ 2.40GHz
Memory
RAM 8.00GB
Antivirus
AVG
Browser
Chrome, Firefox, IE
Are you in Windows now ? Can you open up System Configuration window ?

Click on the :orb: Start button in the Search programs and files box type MSCONFIG ( caps didn't matter ) and press enter key. If you get an UAC window click yes to proceed. Once the System Configuration window opens click on the Startup tab and uncheck everything but the as to do with Microsoft. Restart the PC
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
  • Like
Reactions: whs
Crikey. Typing this from laptop ... where all appears to be as it should be. I am thrilled, and still paranoid :)

Yes, I have disabled all other files on startup. I do not understand the AVG_removal file warning (I *did* remove AVG at the start of this mess, so it may be a legit file?) - I should search for it and remove it maybe?

I cannot thank you all enough - I owe you much beer!

What are my next steps, please? Am I no longer infected? Still vulnerable?

What would you recommend for anti-virus protection, stick with MSET? And I messed up and ran the Malware Bytes free trial a while back, so now it says not covered (although in fact still runs?).

I have many questions but don't want to take advantage of your generous time :)
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64bit@ 2.40GHzRAM 8.00GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pavillion
OS
Windows 7 Home Premium 64bit
CPU
@ 2.40GHz
Memory
RAM 8.00GB
Antivirus
AVG
Browser
Chrome, Firefox, IE
Sarah inside windows

Go to Tlcharger RogueKiller (Site Officiel)

Download the RogueKiller x64

:ar: Save to the Desktop

:ar: Close all windows and browsers

:ar: Right-click and select: Run as Administrator

:ar: Press: SCAN

RKreport.txt should be found in the desktop upload the file in your reply
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Will do so now ...
 

My Computer My Computer

At a glance

Windows 7 Home Premium 64bit@ 2.40GHzRAM 8.00GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pavillion
OS
Windows 7 Home Premium 64bit
CPU
@ 2.40GHz
Memory
RAM 8.00GB
Antivirus
AVG
Browser
Chrome, Firefox, IE
I will be here .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
SarahCali,

If the system was infected at some point with Alureon, also do the following...

Download TDSSKiller.zip:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Right-click the program and select: Extract to tdsskiller\


A TDSSKiller folder is found on your Desktop.

Open the folder, and double-click the TDSSKiller application.

When TDSSKiller opens, click on: Change Parameters

Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK


Press: Start Scan


If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)


When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\


Logs have a name like:
C:\TDSSKiller.2.4.7_23.10.2013_15.31.43_log.txt


>>Please post the TDSSKiller log in your reply.<<

We need to take a look at these results to make sure all is well!!
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
It seems to have found 'stuff' - and has created a quarantine folder?

You're so patient :)


Oh, edit, that was to VistaKing - cottonball, saw your reply only on posting, will read now
 

Attachments

My Computer My Computer

At a glance

Windows 7 Home Premium 64bit@ 2.40GHzRAM 8.00GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP Pavillion
OS
Windows 7 Home Premium 64bit
CPU
@ 2.40GHz
Memory
RAM 8.00GB
Antivirus
AVG
Browser
Chrome, Firefox, IE
Thank you Cottonball you beat me to it .

This is what I call team work :thumbsup:
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
The RogueKiller report does not show anything to be worried about.

The TDSSKiller report is the one we need to see.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
  • Like
Reactions: whs
Back
Top