Removing Trojan:DOS/Alureon.E from Win 7

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by johnbigbootie, Dec 2, 2011.

  1. johnbigbootie

    johnbigbootie Private E-2

    I have Windows 7 32-bit Professional on a Inspiron 1501 laptop. Microsoft Security Essentials has alerted me that I have Removing TrojanOS/Alureon.E. It is located on:
    boot:\Device\HarddiskVolume4

    This was after I formatted the drive due to infections.

    MSE fails to remove it because:
    Error code 0x8000704ec. This program is blocked by group policy. For more information contact your system administrator.

    I have booted to my Win 7 disc and have run bootrec.exe /fixmbr & bootrec.exe /fixboot & bootrec.exe /rebuildbcd without any success in removing the MSE warning.

    What can I do remove the notice of infection?

    Thank you for looking.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    Goto the below link and follow the instructions for running TDSSKiller from Kaspersky


    Now please also download MBRCheck to your desktop.


    See the download links under this icon [​IMG]
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
    After attaching the above two logs, immediately continue on with the below.


    Now follow the instruction in the below for running MGtools and attach the C:\MGlogs.zip file that is requested.

    Using MGtools
     
  3. johnbigbootie

    johnbigbootie Private E-2

    Thank you for your help.

    Any suggestions would be highly appreciated.
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to rerun TDSSkiller and cure the TDSS items it found and leave the other items alone. That is, fiix the below items only:

    09:57:11.0601 1104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    09:57:11.0601 1104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


    Also you need to attach the logs from MGtools that I asked for.
     
  5. johnbigbootie

    johnbigbootie Private E-2

    Thank you Chaslang. For your excellent help.

    I decided to put another hard drive in since I had an extra lying around.

    Cheers!
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    This probably was not necessary as we may have been able to fix the problem. In addition the hard disk is still infected and inaddition, it you installed the new hard disk while the old hard disk was still in the PC, you may have spread the infection to the new hard disk.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds