Trojan:DOS/Alureon.e and svchost viruses

Welcome to Major Geeks!

Based on logs from MGtools, it looks like you have an infected partition on your hard disk which has made itself the active partition.

Code:

FALSE     Disk #0, Partition #0  250048479744   Installable File System  
[B][COLOR=red]TRUE      Disk #0, Partition #1  10829824       Unknown[/COLOR][/B]                  

Do you have your Win 7 Boot DVD?

We will need to remove this infected partition.


[EDIT] After further review, I see this drive ( Disk # 0 ) is not your Windows 7 boot drive. What is it used for and was there an older version of Windows on it? It says old master drive for a volume label.

 

Can you unplug this drive for now and then tell me how things are working? Like is the infection still being detected when this drive is disconnected.

Also get a new log from MGtools while this drive is disconnected and attach this log.

 

Okay then you will need to keep it unplugged for now. You will have to fix it later after making it the only drive in the system and you will need your Windows XP boot CD since it is a Win XP config.

Some folders and files in Win 7 are not supposed to be accessible. Like Documents and Settings and the System Volume Information folder. This normal. But not everything you listed should be inaccessible.

Are you now noticing that things are missing from your Start Menu.

Let's see if we can repair some networking issues.

Open Device Manager and in your Network Adapters aread of Device Manager, select your network adapter and right click on it and select Uninstall ( but do not delete the drivers/software ) and then reboot your PC. Upon reboot, it should re-detect the hardware and reinstall. Let me know how this goes. If you don't know how to open Device Manager, hold down the WIndows logo key and at the same time press the Pause/Break key. Then in the popup window select Device Manager.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\MGlogs.zip

 

You're welcome.

Excellent. So now you know where you problem was.

Formatting it will not remove the infection. You have to delete the infected partition.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Good job!

You're welcome. Surf safely!