MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 04-07-12, 23:56
1yousefi 1yousefi is offline
Private E-2
 
Join Date: Apr 2012
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Default Help with removal of trojan:DOS\Alureon.e virus

Hello, I was having a lot of error messages on my computer and it became very apparent that it was infected with a virus. So I used the built in partition to do a factory reset, after I ran windows update all the way and installed microsoft security essentials, it said it found Alureon.E on there again.

This confuses me, because I haven't used the computer for anything after doing a factory recovery from partition. I have read the FAQ and followed all the instructions.

Combofix crashes every time I try to use it, I can't get any error messages or logs out of it, and rootrepealer also crashes too, either way, I have attached the corresponding logs here for everything.

Any help would be greatly appreciated,

Thanks in advance.
Attached Files
File Type: txt mbam-log-2012-04-07 (17-10-23).txt (1.9 KB, 2 views)
File Type: txt MBRCheck_04.07.12_16.37.23.txt (10.6 KB, 1 views)
File Type: zip MGlogs.zip (200.3 KB, 3 views)
File Type: txt RootRepeal_crash_040812.003445.txt (189 Bytes, 0 views)
Reply With Quote
Sponsored links
  #2  
Old 04-07-12, 23:59
1yousefi 1yousefi is offline
Private E-2
 
Join Date: Apr 2012
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Help with removal of trojan:DOS\Alureon.e virus

Here are the rest of the logs.

A bit more information:

These are work computers, running windows vista Business, the machines are Acer Veriton L460, and the hardware has not been modified.

I called Acer to purchase recovery CDs but apparently they don't sell them for my specific machine. I have another computer just like this one that a co-worker uses, and I used that machine to build a set of recovery CDs, but I'm afraid if I do the recovery again it would just be a waste of time? There appears to be 4 partitions in the hard disk and I'm not exactly sure why.

Anyway, that's my rant! Hopefully someone can help! :D
Reply With Quote
  #3  
Old 04-08-12, 12:16
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: Help with removal of trojan:DOS\Alureon.e virus

Hi and welcome to Major Geeks, 1yousefi!

Quote:
Originally Posted by 1yousefi View Post
There appears to be 4 partitions in the hard disk and I'm not exactly sure why.
One of them needs to be deleted as it is the bulk of the infection.
Code:
Partition	Disk #0, Partition #3	
Partition Size	1.83 MB (1,916,928 bytes)	
Partition Starting Offset	160,039,960,576 bytes
__

Preferably from a clean computer, I need you to download: gparted-live-0.11.0-10.iso (121.1 MB)
Create a bootable CD for GParted. You can use ImgBurn to accomplish this.
If you need help on how to use ImgBurn, please view this guide by dr.m -- Using ImageBurn to Burn an ISO image

Now boot off of the newly created GParted CD.

You should be here...
Press ENTER

By default, do not touch keymap is highlighted. Leave this setting alone and just press ENTER.

Choose your language and press ENTER. English is default [33]

Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below

According to your logs, the partition that you want to delete is 1.83 MiB (1.83 MB)
Click the trash can icon to delete and then click Apply.
You should now be here confirming your actions:

Now you should be here:

Is boot next to your OS drive? According to your logs, your OS drive is the 69.77 GiB sized partition.

If boot is not next to your OS drive under Flags, right-mouse click the OS drive while in Gparted and select Manage Flags


In the menu that pops up, place a checkmark in boot like the picture below:

Now press the Close button to save these changes.
Now double-click the button.
You should receive a small pop up like this:

Choose reboot and then press OK.

__

Once you are back in Windows...

Re-scan with TDSSKiller with the parameters you used before.
This time if TDSS File System appears, delete it!
Then attach the latest TDSSKiller log. (How to attach)

__

Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
The Following User Says Thank You to thisisu For This Useful Post:
1yousefi (04-08-12)
  #4  
Old 04-08-12, 13:28
1yousefi 1yousefi is offline
Private E-2
 
Join Date: Apr 2012
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Help with removal of trojan:DOS\Alureon.e virus

Thanks for the rapid response!

I deleted the 1.83 mb partition, ran TDSskiller (which didn't find anything other than "suspicious" files, no frank malware or rootkits found. I also ran the mgtool and attached the log.
Attached Files
File Type: txt TDSSKiller.2.7.26.0_08.04.2012_14.00.08_log.txt (107.8 KB, 1 views)
File Type: zip MGlogs.zip (199.6 KB, 2 views)
Reply With Quote
  #5  
Old 04-08-12, 13:49
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: Help with removal of trojan:DOS\Alureon.e virus

MSE is no longer reporting DOS\Alureon.e either right?
Your latest logs look fine.

__

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis if it present
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work through the below link:
Be safe
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
The Following User Says Thank You to thisisu For This Useful Post:
1yousefi (04-08-12)
Sponsored links
  #6  
Old 04-08-12, 14:06
1yousefi 1yousefi is offline
Private E-2
 
Join Date: Apr 2012
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: Help with removal of trojan:DOS\Alureon.e virus

I hadn't enable it again, wasn't sure if I was supposed to, but I did now, and it seems everything is cleaned up!

Thank you so much for the help!
Reply With Quote
  #7  
Old 04-08-12, 22:54
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: Help with removal of trojan:DOS\Alureon.e virus

You're welcome. Be safe
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan:DOS/Alureon.A virus (rootkit) Moe145 Malware Removal 1 04-27-11 13:55
win32/olmarik.ajl trojan and trojan:dos/alureon a ktaz Malware Removal 5 03-21-11 16:46
Virus, Trojan Removal? tomsmg Malware Removal 9 01-29-10 22:31
Trojan?Win32/Alureon!ing and Alureon.gen!j tynie Malware Removal 1 06-02-09 14:50
Trojan/virus Removal Help??? hibsy33 Malware Removal 3 03-04-05 21:51


All times are GMT -5. The time now is 12:11.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger