Trouble with alureon.e hid my e drive

Welcome to Major Geeks!


Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

• Be sure to attach your log from TDSSKiller

Now please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

OKay MBRcheck shows the below

Code:

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  [URL="file://\\.\PhysicalDrive0"]\\.\PhysicalDrive0[/URL]   Unknown MBR code
            SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF

While this does not always mean there is an infection, it could be part of a hidden infection in your case since you are complaining of alureon.e. We need to get more info from more detail scan obtained from our full cleaning procedure.


Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions

 

You did not allow MGtools to finish running before trying to attach the log. The ZIP file is extremely incomplete. Please run the below to get a new log.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

Okay MGlogs.zip shows that an infected partition has been added to your hard disk as show in the below list. The one highlighted in RED is the problem

Code:

Partition Disk #0, Partition #0 
Partition Size 456.21 GB (489,848,292,864 bytes) 
Partition Starting Offset 32,256 bytes 
Partition Disk #0, Partition #1 
Partition Size 9.55 GB (10,256,924,160 bytes) 
Partition Starting Offset 489,848,325,120 bytes 
[COLOR=red][B]Partition Disk #0, Partition #2 
Partition Size 2.48 MB (2,604,544 bytes) 
Partition Starting Offset 500,105,249,280 bytes[/B][/COLOR] 

Do you have your Vista bootable DVD?

 

Okay then see if you can do the below. Note this is a test to see if you can follow these instructions in preparation for latter fixes. It is only a test and not a fix.


Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

After getting into the System Recovery Options menu you will see the following options:

Select Command Prompt

• One you have successfully gotten to the command prompt, just type exit and hit enter which will reboot your PC.
• Allow it to boot back into normal Windows and let me know if you could do all of this. We will have another set of instructions for you to follow which include creating a bootable CD to use in deleting the infected partition.

 

Worry about the baby and your wife. This can wait.

Congrats to you and your wife.