Solved Trojan Alureon.A Detected After Clean Win7 Install

sharona,

When Malwarebytes Anti-Malware is done removing what it finds, a report opens in Notepad.

The log is also automatically saved and viewed by clicking the program's Logs tab.

Please provide the entire contents of the MBAM report in your reply.

From there, we can determine what else needs done. If you will, please hold off on MSE.
If you are dealing with Alureon, you need more than MBAM and MSE.

Thanks.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
I've gotten the clean install of Win7 of the problem laptop going. I just redownloaded the WiFi driver and have burned it to a CD. My plan was to install the driver on the laptop so that I could download and install MSE and do an initial scan. Does that sound good?

As for scanning of the external HD, MABW ran for over 3 hours, freezing on and off. It found 13 objects, but one time it froze and just wouldn't start working again. Unfortunately, because the scan messed up, there's no log file for it. :(

I'm going to put it running again before going to bed. Hopefully, it finishes the scan.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
I'd hold off the MSE download and installation . For now .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Okay, I'll hold off on MSE. Should I also wait to install the driver and connect the laptop to the internet for updates?

I'm going to try rescanning the external hd with MBAM on my laptop now.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
Before we get the laptop connected to the Internet lets go ahead and see if the virus has been removed .

On a clean PC download MBAR .

Download :ar:
Download




Drag zipped mbar folder from the Downloads folder to your Desktop

Right click on the Mbar.zip file and choose Extract all. Where it says " Files will be extracted to this folder " make sure it says " C:\Users\{Your Account Name}\Desktop\MBAR "
Make sure you place a check on
30bfln4.png
and click on Extract button

Place the new mbar folder inside a flash drive . Plug the flash drive into the laptop with the infection. drag the MBAR folder to the desktop of the infected laptop . Inside the new MBAR folder ( without the zipper ) right click on MBAR.exe and choose Run as administrator
Click on the Next> button make sure it Updates then Let it scan by clicking on the Next> button

If it locates anything click on the Cleanup button

Once the program is done scanning it will create two files inside the MBAR folder

Files : system-log.txt and mbar-log
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
I left MBAM running last night like I said I would. When I woke up, the computer had shut itself off. I started up Windows, opened MBAM, and no new log. So, that leads me to believe MBAM froze again and didn't complete the scan. Is there something I can do to stop it from freezing? I've tried running in both normal and safe modes. Or is there a different program I could use less prone to freezing?

As for running MBAR:


  • Quick Note: My personal laptop is Win7, Prem Home 32-bit -- dual-booted with Ubuntu
  • I ran scans before I connected the external HD to scan, and got the all-clear
  • During scans of the external HD in MBAM, MSE kept popping up with things that were caught and quarantined
  • Did not see Alureon in the list, though, that I can remember (will try and get a screencap of detected items for you guys if you want)
  • In order to download and burn MBAR to a CD (I'll be buying a thumb drive on the way home from work), I booted into Ubuntu because I was worried about those things MSE caught
  • Transferred MBAR files from CD to the laptop I'm working on, ran as administrator, it didn't find anything.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
Is your laptop over heating ? For it to turn itself off .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
VistaKing, I've never had issues with my laptop overheating before. It was working extra-hard yesterday, though, so that might have caused it.

Re: the other one, is it now okay to get the WiFi working and start updating it since MBAR gave it the all-clear? I won't be putting the backed-up files on it until we get the external hd seen to. But I was hoping to still get it going in the meantime to see if I run into any snags.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
Go ahead.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Don't want to overstep Vistaking, but I had a similar problem about a year ago, your problem is most likely in the MBR. In order to make sure whatever it is, is to do a reformat of the hard drive and reinstall Windows, this will ensure the MBR gets re written. By just doing a restore or clean install your MBR is staying intact which is why the problem is persisting after a just a restore.
 

My Computer My Computer

At a glance

Windows 8 Pro / Windows 7 Home Premium x64 du...6 gigsNvidia GEForce 9400 GT
Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP
OS
Windows 8 Pro / Windows 7 Home Premium x64 dual boot
Memory
6 gigs
Graphics Card(s)
Nvidia GEForce 9400 GT
Screen Resolution
1600 x 900
Hard Drives
Internal - Western Digital 600 gb HDD
Internal - Western Digital 250 gb HDD
External - Western Digital 1 TB HDD
Antivirus
Avast!
Browser
Pale Moon
Actually, edee, I did a complete hdd wipe now, so it should be good.

I've gotten wifi on the laptop with the fresh install. Downloaded MSE and MBAM, all clear! I've been following the SF OEM Clean Install tutorial. (Haven't installed any not found drivers yet because I'm also dealing with a laptop that was full of BSOD. So, I'm treading slowly to see if it's a hardware problem. )

Of course, the real challenge might be getting the backed up files back onto the laptop. I'm still having trouble scanning the external HD I mentioned with MBAM. I was able to individually scan some folders without MBAM freezing. However, the bigger ones kept freezing the program mid-scan. Still. (Note, I've gotten no threats from the ones I was able to scan, but like I said yesterday, MBAM was showing at least 13 detected objects before it would freeze and become unresponsive.)

I've got SuperAntiSpyware scanning it now, to see if that can complete a scan.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
sharona

See if you could download the Hirens bootcd

:ar: Hiren's BootCD 15.2 - All in one Bootable CD » www.hiren.info

Burn the ISO to a disc by right-clicking on the ISO file and choose but image to disc . Boot to the disc and run malwarebytes from there . Update the definitions first .

   Note
Its a live CD
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
sharona,

Before you engage in anything else, please do the following:

Go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.


When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK


Press: Start Scan



•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)


When done, the tool creates a log on the disk with the Windows Operating System, normally C:\


Logs have a name like:
C:\TDSSKiller.X.X.X_1.05.2013_15.31.43_log.txt


Please attach the TDSSKiller log in your reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
VistaKing, I couldn't find a target link for .iso download at the site. I found this after googling, though. Is it legit?

Cottonball, do you want me to run TDSSKiller on just the other person's laptop or also on mine?
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
Looks legit . I believe cottonball wants you to run the TSSKiller on the laptop with the issue .
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Did you select Detect TDLFS File System ?

If you did . And your laptop freezes when you scan the external drive the issue could be with the drive itself . Did you have that plugged in when you ran TSSKiller ?
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32-Bit & Windows 7 Ultimat...Intel Core i7 CPU 950 @ 3.07GHzOCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 160...ATI Radeon HD 5700 Series
Computer Manufacturer/Model Number
Custom Built
OS
Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
CPU
Intel Core i7 CPU 950 @ 3.07GHz
Motherboard
ASUS P6T DELUXE V2
Memory
OCZ 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1600 OCZ3X1600R2
Graphics Card(s)
ATI Radeon HD 5700 Series
Sound Card
OnBoard
Hard Drives
WD6400AACS-00M3B0 (640GB SATA )
PSU
CORSAIR 850w
Case
NZXT LEXA
Cooling
Intel Stock Heatsink Fan
Keyboard
Microsoft Wireless Laser Keyboard 7000
Mouse
Microsoft Wireless Laser Mouse 7000
Sorry, it's been a long day, and I think I'm starting to confuse myself. The log I posted was from the laptop I wiped and did a clean install on. Attaching the one for my personal one which does have the HD plugged in. I did check that detect option while the external drive was plugged in. Still, no issues.

ETA: (I don't know if this forum allows double-posting or not, so I'm editing this post to add something.)

Re: MBAM issues: I did run SuperAntiSpyware on the external hard drive, and it found only 1 thing, the Trojan.Agent/Gen, and the file was removed. I wasn't able to run MBAM on the external hard drive from the bootCD, unfortunately. (I didn't see the option to scan the drive with MBAM when right-click, nor did I see the option in MBAM to select the drive.)

I noticed that Windows wants to "Fix File System Errors" on the hard drive, possibly after a force shut down it wasn't disconnected correctly. I haven't done this in forever, so please forgive the possibly silly question. But, if I allow it to automatically fix system errors on the external drive, do I risk it deleting anything/everything? I thought maybe the system errors could be what's freezing MBAM.
 

Attachments

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
Sorry for the double post, I just wanted to upload this MBAM log. I was finally able to get it to work from the bootcd. I've attached it. (I noticed there were a few things found on the "X:\" drive, but the X drive apparently referred to the mini Win XP environment the CD booted into -- or that's how I understood it.) I had the things detected removed.

Also, quick question, hope it's okay to ask. The documents I need to put back on the other person's laptop don't seem to be infected. Would I be able to maybe upload them to a cloud site and then download them to the laptop I need to put them on without transferring a virus/malware -- since I'm not plugging the infected external HD directly to the machine?

Thanks in advance!
 

Attachments

My Computer My Computer

At a glance

Windows 7 Professional SP1 64 bit
Computer type
Laptop
OS
Windows 7 Professional SP1 64 bit
Our apology, sharona, but, Malwarebytes Anti-Malware needs to be installed and run from the Operating System, and not a Hiren's Boot CD. Running it from this kind of CD is not proper (End-User License Agreement), and is subject to a high rate of false positives.

Please refresh my memory, which laptop is the one with the problem, the one with ComputerName: AMERICANMARBLE, or, ComputerName: NAOKO?
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Back
Top