Alureon.e - Please help!

Hello,

Thank you for all of the information that I've found on here. Your website has helped me tremendously already. Unfortunately, this Alureon.e isn't going away. I have read all of the alureon threads, but it seems that each case is slightly different. So I ran all of the tools mentioned in your read me first thread and attached them.

Combofix didn't work. It just ended up freezing my computer for hours on end.

Thank you for any help that you provide. Happy New Year!

 

Code:

Partition	Disk #0, Partition #3	
Partition Size	8.64 MB ([COLOR="Red"][B]9,056,768[/B][/COLOR] bytes)	
Partition Starting Offset	249,990,935,040 bytes	

Bootable  Name                   Size          Type                     
          Disk #0, Partition #0  41094144      Unknown                  
TRUE      Disk #0, Partition #1  244965288960  Installable File System  
          Disk #0, Partition #2  4984519680    Unknown                  
          Disk #0, Partition [B][COLOR="Red"]#3  9056768 [/COLOR][/B]      Unknown   

@Tim

Hidden partition infection / Alureon / TDL4

 

Hi, Thank you so much for your replies.

I apologize for not writing HOW I came across this. I have Microsoft Security Essentials and it reported that I have Alureon.e. MSE quarantined it and said to restart the computer to clean it. When I did so, MSE again reported the worm-quarantine-restart. MSE says the worm is located in: boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17).

Also a side question, would it have been safe to just delete Partition 3 if I knew that to be the worm?

 

Thank you Tim. I just did G-parted and deleted the 8.64 partition like you said. Then, I tried to do the window recovery console cd. I pressed R to get to the command prompt and entered 3 commands.

When I did the fixmbr \Device...one, it said the Old Master Boot could not be read.

So I did the fixboot c: and it asked if I wanted to create something - some kind of bootable drive or something. I said no. But then I went through the whole process below again, and pressed yes the second time. I know, I probably messed the whole thing up.

Then it took me back to the Console with the 3 options - windows XP setup was one of them. I exited and tried to boot the computer back up But it won't boot now because it said XP is not loaded on the computer. So I went back to the windows recovery console and tried to install XP. An error came up that says "Setup cannot find the End User Licensing Agreement (EULA)" and setup cannot continue.

I know I probably did a bunch of things wrong but I have no idea what that is.

 

Yes I did. It was already there when I did it.

 

Hello rebbarr,

Please explain in detail what actions you took here.

 

Nevermind, if you were using the Recovery Console CD for that then you wouldn't have been able to install XP. Which explains what you got that EULA notice.

 

Boot back into the recovery console and type the following command:

• bootcfg /list

Note: There is only a SPACE between 'bootcfg' and '/'

Let me know what text appears after you have entered that command and pressed ENTER.