Trojan:DOS/Alureon.A - reboot loop

Looks like I was hit by the TrojanOS/Alureon.A. Last week my Dell Inspiron Laptop (Windows 7 64) shut itself and when I try to start again it went into a indefinite reboot loop. When it boots it receives a startup error and wants to launch startup repair until the message told me that it could not repair automatically.

I read "READ ME FIRST INFO" but I cannot perform any steps as I cannot get it to boot normally. I looked at other forums on my other computer, where I was able to download the Farbar Recovery Scan Tool x64 on my USB drive and run the program. Attached is the FRST.txt log, as requested to another user. Also, I tried to download TDSS Killer from your site on my USB drive but received the following error in command prompt: the subsystem needed to support the image type is not present.

Please help.

Lawrence

 

I was able to do a dell datasafe restore before I ran the Farbar recovery tool.

 

I have attached the fixlog after running the farbar using given fixlist.txt

I also found the file C:\Windows\System32\LPK.dll in my X (dell recovery) drive and copied it to the C drive before I ran the farbar fix. I did not find the other C:\Windows\SysWOW64\LPK.dll file.

After I rebooted my machine it still went into the Startup repair mode and running for the last 40 minutes. I will post the result after it is completed.

Thank you chaslang for responding quickly to my post.

 

I ran the farbar using the given fixlist.txt and I have attached the fixlog.txt.

Before running the fix I was able to find the
C:\Windows\System32\LPK.dll file in my X drive (dell recovery drive) and copied it to the c drive.
I could not find the file C:\Windows\SysWOW64\LPK.dll in the system.

After I rebooted my machine it is got into the startup repair mode. It is running for the last 40 minutes. I will post the results once it completes.

Thank you chaslang for responding to my post.

 

Startup repair completed after 2 hours

It is complaining about MissingOSLoader

I am not sure what to do next.

All your help is appreciated.

I attached the fixlog.txt file earlier and got a message stating that the admin has to approve the message. I am not sure if you have received the log file

 

I am copying my current bcdedit /enum all /v output. Let me know if you need any other information.


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=E:
path \bootmgr
description Windows Boot Manager
locale en-us
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {1560fc7a-13d9-11e2-87fe-b718e169732c}
resumeobject {515932a3-8971-11df-b34e-e6d2a90d9561}
displayorder {1560fc7a-13d9-11e2-87fe-b718e169732c}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {1560fc7a-13d9-11e2-87fe-b718e169732c}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 7 Home Premium
locale en-US
recoverysequence {515932a5-8971-11df-b34e-e6d2a90d9561}
recoveryenabled Yes
osdevice partition=C:
systemroot \WINDOWS

Windows Boot Loader
-------------------
identifier {515932a5-8971-11df-b34e-e6d2a90d9561}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{515932a6-8971-11df-b34e-e6d2a90d9561}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{515932a6-8971-11df-b34e-e6d2a90d9561}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {515932a6-8971-11df-b34e-e6d2a90d9561}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi