Please help me to remove trojan/Alureon A, reports included.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by out2getrich, Dec 6, 2012.

  1. out2getrich

    out2getrich Private E-2

    Thank you in advance for helping me with removing these viruses.I have read the "Read me first" thread and followed the instructions on downloading the anti-malware programs. I have attached those reports to this thread.

    I first noticed pop ups on the bottom and right side of my screen while on Facebook and had thought it was due to their recent privatization, then I saw the same adds while not logged onto F.B. and noticed my computer shutting off and restarting on it's own so I ran scans and found Trojan:dos/Alureon.A uncovered by Malwarebytes. It was running even
    though the trial had expired. However the virus was still found after attempts at removal. Microsoft security essentials directed me to download "widows defender offline tool" to a disk and run it on start up.I did that and it found nothing. New scans still turned up the same results some times with multiple listings.

    A friend from work suggested Spybot search and destroy, It found and claimed to have removed the virus, this was not true. I had also used Iobit Advanced system care which found and was unable to remove the virus on multiple attempts. I even found a referal for tdsskiller and downloaded it. It claimed to have quarantined it. That's when I found this forum and read the 'read me first", thread. I hope that my attempts to remedy this situation on my own have not compounded the problem and i hope that you can help me with this.

    Once again, thank you for your help.

    o2gr
     

    Attached Files:

    out2getrich, Dec 6, 2012
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We require the requested MGlogs.zip file from MGtools.exe before we can continue.
     
    chaslang, Dec 7, 2012
    #2
  3. out2getrich

    out2getrich Private E-2

    Here you go. Thanks.
     

    Attached Files:

    out2getrich, Dec 7, 2012
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Please download OTM by Old Timer and save it to your Desktop.
    • Right-click OTM.exe and select Run as administrator to run it.
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\$recycle.bin\S-1-5-18\$a0d87e61a25da6414817199f0b1a8574\@
C:\$recycle.bin\S-1-5-18\$a0d87e61a25da6414817199f0b1a8574\U
C:\$recycle.bin\S-1-5-18\$a0d87e61a25da6414817199f0b1a8574\L
C:\$recycle.bin\S-1-5-18\$a0d87e61a25da6414817199f0b1a8574
C:\$recycle.bin\S-1-5-21-1852320340-3763420829-3560972882-1000\$a0d87e61a25da6414817199f0b1a8574\U
C:\$recycle.bin\S-1-5-21-1852320340-3763420829-3560972882-1000\$a0d87e61a25da6414817199f0b1a8574\L
C:\$recycle.bin\S-1-5-21-1852320340-3763420829-3560972882-1000\$a0d87e61a25da6414817199f0b1a8574
C:\Users\richard\AppData\Local\Temp\{A6694113-5CFE-4FD4-8A80-8CC7F009C164}
C:\$Recycle.Bin\S-1-5-21-1852320340-3763420829-3560972882-1000\$IFAO9BV.exe
 
:Commands
[purity]
[EmptyTemp]
[start explorer]

[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Dec 8, 2012
    #4
  5. out2getrich

    out2getrich Private E-2

    I ran Malwarebytes full scan last night when I went to bed and the report this morning showed the Trojan still in the tdsskiller quarantine file, Should I delete this file? Would deleting the file be like tearing down the jail from around the prisoner?

    The pop up adds have slowed significantly but have not completely vanished. I have attached a copy of the Malwarebytes report as well, I would send a copy of the quarantine report but I'm not sure if that would be the equivalent of sending you the virus so I won't unless you ask.

    What is my next move?

    Thank you,
    o2gr
     

    Attached Files:

    out2getrich, Dec 9, 2012
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Not a problem since it was already quarantined and final cleanup would have delete this TDSSKiller folder.

    With which browser.
     
    chaslang, Dec 10, 2012
    #6
  7. out2getrich

    out2getrich Private E-2

    Mozilla Firefox
     
    out2getrich, Dec 10, 2012
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 12, 2012
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds