emachine trojan:dos/alureon.j

Hi, My Name is Alice.

My sister in law called and complained slow computer, redirecting and intermitten internet access. I tried to restore her Emachine ET1331G runing windows home premium 64bit, using the Emachine console, but got " Hard Drive configuration not set to factory " So Ordered the disc's from Acer.

Once I got the discs, I did a complete install back to factory setting. All went well till I added Microsoft Security Essentials. On first run it came back with: Trojanos/Alureon.J at Boot:\\.\physicaldrive0\partition0 (type 27)

So, becasue I could not get to safe mode or use any of the tools provided by Emachine. I did a "dban Nuke and destroy" then I installed windows 7 back onto the computer. For a long time this computer could not get onto the internet, so I ran Windows Defender offline x64bit and I also ran Kaspersky's tdskiller offline. Defender found nothing but tdskiller found 13 files that it put in quarantine. Well, because I could not access internet still, once these files were in there, I did another reinstall. Ran Defender and nothing was found. Installed Security Essentials and once again it was found. (but at least I am on the internet)

Believe I read everything you requested, and believe I did everything you wanted me to in the order you requested. No Antivirus is installed a this point, as it was blocking some of the programs you needed me to run. First Forum ever, hope I attached the items you needed!!

Computer: Emachine ET1331G Windows 7 home Premium 64 bit version AMD Athlon(tm) II x2 250U Processor 1.60 GHz 4.00 GB (3.75 GB usable) ram. Trojan is Trojanos/Alureon.J at Boot:\\.\physicaldrive0\partition0 (type 27)

 

Sorry about that, thought that I just had to list them, didn't see the upload button. Hope this is better.

 

Hi there, ran the scan as requested and the system restore is still off. Now if I can load the file correctly.. lol.. and by the way.. thanks a bunch for the help.. I am truly at a lose here..

 

Internet explorer would not let me download it. Is something we changed to work on the computer blocking it?

Anyways, used my thumb drive and installed it and the internet allowed updates. and I watched as the scan was working.

And yes it showed up again. And the log thing that is under the scanner that shows the files that are being scanned, said \\.\physicaldrive0 something-or-other... was moving to fast while I was trying to read... lol

Attaching a screenshot

 

chaslang,

Not sure if this is important or not... but I did 2 full system scans with microsoft security essentials .. before she told me she had the computer 6 years.. anyways the scans did not show up anything. I did the restore because she had the computer so long, and because she was having problems.

This problem didn't show up until after I used the disc's bought from acer.. this will show you how little I know.. but could this trojan be written in the disc's I received? Would they show up on all the tests you had me run? Curious minds...want to know..

 

Because She cannot use the partitioned section of the disc for a system restore,( Harddrive configuration not set to factory ) is what I get when trying to use it.... Is there a way to just delete all the partitions and reformat the entire drive? Would that get rid of the false negative?

I will try a different antivirus, but I was shutting it off for the night... so right now the computer is doing 103 updates.. lol... may take awhile before I can use the computer again.

 

Good Morning once again,

Did not realize that I had one more symptom.. but when I was installing Acer disk, kept getting an error when inserting language disk.

Anyways, used a disk partitioning program and deleted the boot and resource partitions.. the program allowed me to rebuild boot with their records within the program.

So... many thanks to you for donating your Memorial Day weekend to helping!!

We are fixed!! The error while loading language disk is now gone.. and also the trojan warning.. The computer is running Great. Microsoft Security Essentials is back on and finds nothing wrong in the drive.

Again, Thank you for all your help!! You are a Saint in my book!! :major