Windows 7 with Alureon Wont Boot -FRST64 attached - please help

This is my first post and I have read other posts regarding this issue and was extremely pleased with the assistance given. I followed the steps for windows 7 x64 version to gain the FRST log file and unfortunately was not able to post it in the same thread i was reading or I would have. I would be extremely appreciative if the user (or other also) could assist me in fixing this issue.

I ran the Windows Defender Offline tool originally after MSE told me i needed to to get rid of Alureon, and while the offline tool successfully removed it as it said, i then would only boot to a blue screen of death.

Let me know if there is anything else you need to know. The other user that assisted in the other thread replied to have a file that was specific for my problem to be booted with and it fixed it.

Thanks again.

 

Welcome to Major Geeks, Werdrath

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

 

Hello..
I put the fixlist.txt file you posted on my flash drive..
the tool ran fine, and said the fix was complete...i rebooted normally and still got the blue screen of death at the same place.

any further steps you recommend?

the fixlog it created is attached.

Thank you!

 

Hi,

No parts of the fix were executed which is odd. I want you to try again with this fixlist.txt I have attached.

Make sure the fixlist.txt that you transferred to the flash is not empty. Sometimes when you transfer to USB too quickly; the file is there, but the data inside is missing.

 

Thank you for your prompt reply. I also noticed nothing was listed in the log file.

AND ----
WALA!! you are a freakin god send man! thank you so much.

Is there anything you recommend me doing from this point forward?
I am definitely moving everything off of the computer to back it up.

however, do you think I need to format and reinstall? or system restore from point of purchase?

any other tips is great..

i have attached the log it created.

thank you so much!

 

You're welcome

Good idea. Afterwards, I recommend going through this guide: How to Remove TrojanOS/Alureon.A

I do not think you need to. However, if you do not mind reinstalling programs that you need again and have your data (docs, pics, music, movies, etc) backed up, then this would be the fastest and easiest route, IMO.

 

Thank you again for all your help. The computer has been running great,
but i also just finished your recommendation of the removal processes to ensure i was clean. It ran smoothley and i only saw one thing removed. I have attached the log files as it requeted (i think i attached all of them).
I did not run the root app as i have Windows 7.

Let me know if there is anything else I should do.

agian, Thanks for rockin it!

 

My pleasure

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 26 (outdated)

http://img195.imageshack.us/img195/9049/javaz.gif Now download install the current version of Sun Java from here

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

http://img205.imageshack.us/img205/4783/regeditb.gif Attached is fixme.zip

• Inside of this archive is fixme.reg
• Extract fixme.reg to your desktop and double-click it
• Allow it to merge into the registry
• Let me know if the merge was successful or not

 

I have completed your requests as noted.

uninstalled the java update, and installed the current.
rand TDSS, added successfully the fixme registry file.
and i have attached all log files.

thanka!

 

http://img196.imageshack.us/img196/3557/tdsskiller.gif Re-scan with TDSSKiller with the parameters you used before.
This time if TDSS File System appears, delete it!

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. You can delete C:\FRST if it present.
9. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

once again..good work and i thank you..

I have completed your recent steps.

Is it ok to delete the TDSS Quarantine folder in C: or should I leave it?

and you mentioned the info about purchasing the antispyware apps i was told to run. were you saying that unless you pay for it, it doesnt have REALTIME protection. as in, you have to scan with it for it to do anything?

or did you say paying for it is the only way it will help at all?

thanks

 

You can delete it. MGclean.bat will also delete it.

Correct. MBAM offers a free trial (30 days) of their "Real-time protection".

You're welcome.