DOS/Alureon.E WIN XP 32 bit

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tmloehr, Mar 17, 2012.

  1. tmloehr

    tmloehr Private E-2

    I am looking for some help in removing a virus/malware. I read and tried to follow your Malware removal guidelines but I can not remove Alureon.e from computer. MSE is able to find DOS/Alureon.E but is unable to remove.

    Upon start up in normal windows get following error message:

    Windows No Disk Exception processing message C0000013 Parameter 75b6bf7c 4 75b6bf7c 75b6bf7c

    Downloaded and ran SAS, Malwarebytes, Combofix, Rootrepeal and MGtools.

    Ran SAS, Malwarebytes and Rootrepeal from Windows Safe Mode. Could not get Combofix to complete scan. Would hang up at screen where scanning for files. Would not progress to show "Completed stage 1, stage 2 etc". Tried running in Safe Mode and in Windows normal mode. (let scan for more than 40 minutes with no apparent progress....HD was not being accessed.

    Attached are lot files for SAS, Malwarebytes, Rootrepeal and MGtool zip file.

    Thanks!
     

    Attached Files:

    tmloehr, Mar 17, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Go to the below link and follow the instructions for running TDSSKiller from Kaspersky

    Be sure to attach your log from TDSSKiller

    Please also download MBRCheck to your desktop.

    See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
    TimW, Mar 17, 2012
    #2
  3. tmloehr

    tmloehr Private E-2

    Ran TDSSKiller and MBRCheck. It did not appear TDSSKiller found anything but MBRCheck did find a non-standard or infected MBR. Attached are the log files.

    Tmloehr
     

    Attached Files:

    tmloehr, Mar 17, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Preferably from a clean computer, I need you to download: gparted-live-0.11.0-7.iso (114 MB)
    Create a bootable CD for GParted. You can use ImgBurn to accomplish this.
    If you need help on how to use ImgBurn, please view this guide by dr.m -- Using ImageBurn to Burn an ISO image

    Now boot off of the newly created GParted CD.
    http://img717.imageshack.us/img717/6546/gpartedsplash01107.th.png
    You should be here...
    Press ENTER
    http://img819.imageshack.us/img819/7286/gpartedkeymaps.th.png
    By default, do not touch keymap is highlighted. Leave this setting alone and just press ENTER.
    http://img404.imageshack.us/img404/9840/gpartedlanguage.th.png
    Choose your language and press ENTER. English is default [33]
    http://img140.imageshack.us/img140/7958/gpartedgui.th.png
    Once again, at this prompt, press ENTER
    You will now be taken to the main GUI screen below
    http://img32.imageshack.us/img32/1122/gpartedo.th.png
    According to your logs, the partition that you want to delete is 10MB (10MB)
    Click the trash can icon to delete and then click Apply.
    You should now be here confirming your actions:
    http://img233.imageshack.us/img233/1533/gpartedsteps.th.png
    Now you should be here:
    http://img696.imageshack.us/img696/8471/gpartedsuccessclose.th.png
    Is boot next to your OS drive? According to your logs, your OS drive is the 180.22 GB sized partition.
    http://img194.imageshack.us/img194/7753/gpartedboot.th.png
    If boot is not next to your OS drive under Flags, right-mouse click the OS drive while in Gparted and select Manage Flags

    In the menu that pops up, place a checkmark in boot like the picture below:
    http://img196.imageshack.us/img196/3483/gpartedmanageflagsboot.th.png
    Now press the Close button to save these changes.
    Now double-click the http://img822.imageshack.us/img822/641/gpartedexit.png button.
    You should receive a small pop up like this:
    http://img88.imageshack.us/img88/8986/gpartedexitreboot.png
    Choose reboot and then press OK.


    Now reboot from the Windows XP Recovery Console CD and execute the following commands pressing ENTER after each:

    • fixmbr
    • fixboot
    • exit
    Once back in Windows...
    http://img707.imageshack.us/img707/6703/generalxpicon.gif Re-run another scan with MBRCheckand attach its latest log. (How to attach)
     
    TimW, Mar 18, 2012
    #4
  5. tmloehr

    tmloehr Private E-2

    Completed actions and MSE has not found Alureon.E. Attached is new MBRCheck Log.

    tmloehr..
     

    Attached Files:

    tmloehr, Mar 18, 2012
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks good. Are you having any other issues?
     
    TimW, Mar 18, 2012
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds