Alureon - Yet again - Important questions

Discussion in 'Malware Help (A Specialist Will Reply)' started by kaamos, Dec 26, 2010.

  1. kaamos

    kaamos Private E-2

    First of all, hello to all of you fine individuals eager to help out a "newb".

    The problem is as follows: tonight I have been infected with a variant of Alureon. I don't know which.

    I noticed almost immediately that I was infected due to the fact that my laptop suddenly crashed after I got popped by a HDD software (Scanner) saying that I had bad sectors on my HDD.

    After that, I pulled out my internet cable (didn't typed in anything as in passwords, accounts etc.)

    I also noticed that it made a new Mozilla profile.

    Now the questions:

    1. Does it infect all the partitions? I have only one hdd with 2 partitions: the system and the rest.

    2. Does it steal information from Mozilla/IE/Chrome as in passwords if they were stored? Again, I didn't access any of my accounts after I knew I was infected.

    Can it steal information from the database of my browser? Can it steal the encrypted information?

    I fought with it in Safe Mode (Avast+RootkitBuster, SuperAntiSpyware etc.) but it got the better of me.

    It edited my hosts, adding about 10 or 11 internet addresses.

    The night ended in me getting my C all screwed up and now I want to format it.

    Will I have to format the entire drive?

    I already made a cd with all the necessary software, the TDDS killer from Kasp being on it.

    Thank you for taking your time.
     
    kaamos, Dec 26, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    The below Summary from Microsoft may answer some of your questions
    As far as partitions being infected. You could have more than one infected or it could be only one.


    Download TDSSKiller from Kaspersky to your directly onto your Desktop
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

    If the above TDSSkiller scan does not help, move on to the below:

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Dec 26, 2010
    #2
  3. kaamos

    kaamos Private E-2

    Thank you for your quick answer.

    I am currently on a low-level format of my drive.

    I guess I wasn't explicit enough regarding the hijacking of information.

    I didn't use any accounts after I noticed I was infected.

    From Microsoft's summary I can't understand if it steals already stored information within the browsers (passwords,accounts). Is that information encrypted (at least the passwords?)?
     
    kaamos, Dec 26, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is more of a stealer of information flowing in the packets from/to your PC. However that does not mean that it could not steal information stored locally too. It does infect drivers on the PC and sometimes the MBR which means it could do quite alot and could also survive just a standard format. A low level format, repartitioning, formatting, and reinstall should remove it.
     
    chaslang, Dec 26, 2010
    #4
  5. kaamos

    kaamos Private E-2

    Is there a free anti-virus software for making a bootable usb drive for free dos scanning?

    I would like to find out if the rest of my partitions are infected. I have precious information on those.

    Thank you. To explain again: I would like to make a bootable usb drive to scan the HDD before reinstalling Windows 7. I only did a format on my C:.
     
    kaamos, Dec 27, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Then you probably did not do a low level format.

    See the tools at the end of the below link.

    Alternative Scans

    Some of these companies also make USB versions ( at least one USB version is already in the list ). However I will warn you that many scanners do not find low level infections in the MBR. However we still don't even know it you had an infection in your MBR to begin with since no scans were performed.
     
    chaslang, Dec 27, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds