Trojan:Win32/NTAlureon.C cant clear off computer. Usb's not working.

have not been able to find anyone with this trojan on any of these sites, really need help, use malwarebytes, spybot, avg 8.5, Windows malicious software removal, and deep scan from windows, but the only program that picks up on the trojan is the WMSR (windows one). It will say "found and removed" but if I run the program straight away again it says the same thing. I have a Windows professional xp, have updated everything, ran secunia, everything seems fine there. Cant use usb's, keep getting redirected to random google sites, have had all my system restore points disappear, also had a problem with "%fystemRoot% but managed to find a way to repair it to "%systemRoot%" before repair I also couldnt update or system restore, but fixing the "f" to an "s" seemed to fix this.

Have had this problem posted at other site but no-one seems to know anything or be able to help. Maybe this doesnt seem like a big problem to anyone, but this is huge to me. For business and home use, and banking, ebay and paypal. Very concerened my details are out there don't know if this computer is safe anymore. PLEASE some expert advice. I am in over my head.:cry

 

Hi, thankyou so much for getting back to me! After not hearing something for a while I went searching (for hours!) again on google and this forum and did complete the "Read and run me first" section. This did find things and clear things up - well it seems to have anyway. USB's are working again, Trojan is all gone, although my screen did go funny this morning, the start bar went to the top of the screen, and kept kind of jumping, the screen was mostly white but the icons kept skipping to different places on the screen so I couldnt safely shut down and ended up having to push the off button on my tower. This happened to my last computer in the weeks leading up to it crashing, don't know if this is just the monitor and a weird coincidence, or if this is a sign that my new computer (this one) is going to die also.

Anyway, have included the logs you reqested, these are the ones that I got a couple of days ago when I completed them from the read and run me first thread.

 

Hi again, am having some minor issues with my computer still, and have tried to run through the 'Read and run me first' things again, but, after double clicking on Combofix it goes to the run page and I click run and then I get the blue screen and flashing cursor, but nothing else happens. It just stays like that. I might add that Super anti spyware, malwarebytes, spybot, AVG and Malicious software removal all show no threats. But I still occasionally get redirected (jump) to pages from google, and my screen goes weird about once a day (goes mostly white, icons dissapear or move to different spot, start bar goes to top of page, therefore cannot safely restart computer because I cant see what Im clicking, also my computer is only 3-4 weeks old and changing monitors does not fix it) so I end up having to push the restart button. And as of today when I open an application it sometimes freezes when I try to minimise it, and the icons on desktop wont work, and if I open any more pages they just open and then freeze on top of the other frozen page. So I can be left with 5 or so pages frozen and unable to minimise/close any of them, but can still restart computer from start bar. Have got all my photos off onto a usb just in case pc is going to crash, please let me know if you think this is a computer issue (it is under warrenty for 3 years) or a virus?

 

OK, I downloaded the latest internet explorer not long after getting the new computer (about 2 weeks ago). The problems with my computer redirecting, weird screen etc.. was around about a day or two after doing the whole "read and run me first" thing.

But my old computer also used to get the weird screen issue, it started about a month or two before it died. this is why I was concerned that it was a virus as my old computer did the same thing then crashed. but i definately didnt have the latest internet explorer on the old one. It will be a couple of days to see if the screen issue is resolved as it happens every one or two days. So I will just have to wait and see for that one.

As for attatching the logs, I did everything you said, including saying yes to rebooting after the "avenger" program, but I cannot find the log for it. I even searched for it in the search section, but with no luck. I do have the logs for MGtools attatched though. Not sure what went wrong with the avenger ones? Didnt want to run it again till I'd heard from you.

 

Still having screen issues, went to click on email and screen went weird again, after moving the mouse randomly around the mostly white screen, I saw a flickering message that when I put the mouse on one certain area of the screen, I managed to get it to stay and it was something like "MSOE couldnt open, maybe it isnt installed" but obviously it is installed. Also, today I got a new trojan, which I found by running malwarebytes because I got an email from apparently my phone/internet company that looked suspicious and told me that I had registered with a password and user name for internet bills which I hadnt actually done. So I rang my company and they said some information at their end suggested something dodgy was going on and that the email wasnt from them but their records said something about a registration on my account. This was for direct debit from my bank account, so I was very lucky to catch on quickly and not forward my details to the email. Also someone tried to register me to Jamstar yesterday, and I had to ring Jamstar to let them know that it wasnt me that registered and they told me that a registration had been done via internet the same day. So now I am very concerened because someone obviously has my details including the correct spelling of my name (it is unusual) my mobile number, my email address and some of my account details for my internet/phone company. I had already changed my passwords for banking, ebay, paypal etc.. from a different, clean computer, but someone knows my stuff and is actively trying to mess with me. The new trojan was "Trogan.Agent". This must have been from that email as I have not downloaded anything nor received any other weird email, and there was no trojan on here yesterday.

I do not use a firewall other that windows at the moment because I don't know which one is the best to use. I did try to download one from here that was recommended but during installation my computer said that there was a massive error and force shut itself down to protect itself. So bit scared about doing it again. It said something like fatal error.

Arrrrrrgggghhhhh!!!!! HELP!