Need help removing Trojan dos/alureon.E

I have tried removing this virus for a while. I've been through the directions "READ ME FIRST" and still haven't had any success. I have also found similar threads but still no luck. I'm running windows 7 64 bit. My wife used my computer once and this happened. I've triend a full wipe but still no luck. Other than Microsoft security essentials no other software has even recognized the virus. I have a decent amount of computer skills but nothing too advanced. Please help! I've attached the logs requested.

 

Hi and welcome to Major Geeks, cineman17!

Code:

Partition	Disk #0, [B][COLOR="Red"]Partition #3[/COLOR][/B]	
Partition Size	[COLOR="Red"][B]1,016.00 KB[/B][/COLOR] (1,040,384 bytes)	
Partition Starting Offset	320,071,884,800 bytes	

FALSE     Disk #0, [COLOR="Red"][B]Partition #3[/B][/COLOR]  [B][COLOR="Red"]1040384 [/COLOR][/B]      Unknown   

We need to delete the above partition as it was created by a TDL4 rootkit.

Preferably from a clean computer, I need you to download: gparted-live-0.11.0-7.iso (119.8 MB)

Create a bootable CD using this .iso file. You can use ImgBurn for instructions on how to create this CD.

Now boot off of the newly created Gparted CD.


You should be here...
Press ENTER

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Choose your language and press ENTER. English is default [33]

Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below

According to your logs, the partition that you want to delete is 0.99 MiB (0.99 MB)
Click the trash can icon to delete and then click Apply.
You should now be here confirming your actions:

Now you should be here:


Is "boot" next to your OS drive?
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags
In the menu that pops up, place a checkmark in boot like the picture below:

Now click Close to save these changes.
Now double-click the button.
You should receive a small pop up like this:

Choose reboot and then press OK.

Now reboot from the Windows 7 DVD and enter the Recovery Environment.
Once you get to the Command Prompt (the black box), type in the following commands, pressing ENTER after each one:

• bootrec /fixmbr
• bootrec /fixboot
• exit

Now reboot your PC.

Once back in Windows.

Please download MBRCheck by clicking here and save it to your desktop.

• Double-click on the file to run it. (Vista/7 right-click and select Run as Administrator)
• A window will open on your desktop.
• If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter.
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
• Attach this file to your next message. (How to attach)

 

It looks like I've got it cleared! I've attached the log as instructed. I did accidentally deleted a 12gig partition that is now unaccounted for... its apparently the ACER recovery partition and now I can't do a factory reset. I messed this up. What do I do about it?
Thanks!

 

Good news and bad news :-D

I think you may be able to use the Acer eRecovery Management software in Programs and Features to assist with this.

Read the following .PDF for more details: ftp://ftp.acer-euro.com/notebook/em...s guide/Acer eRecovery Management English.pdf

 

I was hoping it would be that easy... but I'm not that lucky. The message I recieve is "hard drive configuration is not set to the factory default. restore aborted." I'm not sure what to do now... suggestions?
Thanks!

 

This is something better suited for the Software forum. I would recommend creating a topic there and describe your symptoms, even link back to this thread if you'd like.

Ultimately you may find the following software of value: TestDisk

TestDisk & PhotoRec documentation can be found online:
- http://www.cgsecurity.org/wiki/TestDisk
Documentation can be downloaded from
- http://www.cgsecurity.org/wiki/TestDisk_Download

Are you having any other malware problems?