Jump to content

Search the Community

Showing results for tags 'alureon.k'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. Hi I got a unwanted guest that will not go away. took over . please i need some help. I tried to do a re-install vista, nothing ran a program like this it show I ran tddkiller, roguekiller, others still there. here is txt. information off the vista. ============= . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/25/2013 9:16:15 PM System Uptime: 12/1/2013 3:26:16 PM (0 hours ago) . Motherboard: ASUSTek Computer INC. | | Acacia Processor: AMD Athlon 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2700/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 412.216 GiB free. D: is FIXED (NTFS) - 9 GiB total, 1.267 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Adobe Flash Player ActiveX Adobe Reader 8.1.0 Cards_Calendar_OrderGift_DoMorePlugout Compatibility Pack for the 2007 Office system CyberLink DVD Suite Deluxe Enhanced Multimedia Keyboard Solution Google Chrome Google Update Helper Hardware Diagnostic Tools Hewlett-Packard Active Check Hewlett-Packard Asset Agent for Health Check Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Experience Enhancements HP Customer Feedback HP Demo HP Easy Setup - Frontend HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.5 HP Picasso Media Center Add-In HP Total Care Advisor HP Update HPPhotoSmartPhotobookWebPack1 Java SE Runtime Environment 6 Update 1 LabelPrint LightScribe System Software 1.10.23.1 LightScribeTemplateLabeler Microsoft .NET Framework 3.5 SP1 Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Works muvee autoProducer 6.1 My HP Games NVIDIA Drivers Power2Go PowerDirector PSSWCORE Python 2.5 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Snapfish Picture Mover Soft Data Fax Modem with SmartCP Toolwiz Care Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VideoToolkit01 WeatherBug Gadget Yahoo! Toolbar . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 7.0.6001.18639 Run by zeeland at 15:27:43 on 2013-12-01 #Option MBR scan is disabled. Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3454.3018 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report =============== . ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [ToolwizCareFree] "c:\program files\toolwizcarefree\ToolwizCares.exe" -autorun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll DPF: {8AD9C840-044E-11D1-B3E9-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 BTOWSVF;BTOWSVF;c:\windows\system32\drivers\BTOWSVF.sys [2013-11-26 45952] R0 KSafeDISK;KSafeDISK;c:\windows\system32\drivers\KSafeDISK.sys [2013-11-26 48640] R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-2-27 464384] S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696] S1 BTOWSFF;BTOWSFF;c:\windows\system32\drivers\BTOWSFF.sys [2013-11-26 27648] S1 MpKsl4057042a;MpKsl4057042a;c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\MpKsl4057042a.sys [2013-12-1 40392] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288] . =============== Created Last 30 ================ . 2013-12-01 20:32:31 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\MpKsl4057042a.sys 2013-12-01 20:12:48 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\offreg.dll 2013-11-30 02:18:30 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7af0674d-3bce-42a8-8af8-cdd11248f09c}\mpengine.dll 2013-11-30 02:17:56 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2013-11-30 02:17:56 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{928b0087-c1fc-4efc-bc57-4784ad9819db}\gapaengine.dll 2013-11-29 22:58:38 -------- d-----w- c:\windows\system32\MRT 2013-11-29 22:57:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2013-11-29 22:57:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2013-11-29 22:57:00 1695744 ----a-w- c:\windows\system32\gameux.dll 2013-11-28 18:07:28 -------- d-----w- C:\TDSSKiller_Quarantine 2013-11-28 17:43:01 7772552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-11-28 17:33:39 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-11-28 17:33:39 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-11-28 17:33:39 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-11-28 17:33:39 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-11-28 17:33:39 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-11-27 20:32:00 -------- d-----w- c:\users\zeeland\appdata\roaming\QuickScan 2013-11-27 20:27:50 -------- d-----w- c:\users\zeeland\appdata\roaming\HpUpdate 2013-11-27 20:27:49 -------- d-----w- c:\windows\Hewlett-Packard 2013-11-27 20:27:34 17920 ----a-w- c:\windows\system32\netevent.dll 2013-11-27 20:27:34 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-11-27 20:27:30 378368 ----a-w- c:\windows\system32\winhttp.dll 2013-11-27 20:25:09 -------- d-----w- c:\users\zeeland\appdata\local\Hewlett-Packard 2013-11-27 15:51:27 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2013-11-27 15:39:56 97800 ----a-w- c:\windows\system32\infocardapi.dll 2013-11-27 15:39:55 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-11-27 15:39:54 622080 ----a-w- c:\windows\system32\icardagt.exe 2013-11-27 15:39:54 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2013-11-27 15:39:54 11264 ----a-w- c:\windows\system32\icardres.dll 2013-11-27 15:39:51 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2013-11-27 15:35:31 158720 ----a-w- c:\windows\system32\mscorier.dll 2013-11-27 15:35:25 83968 ----a-w- c:\windows\system32\mscories.dll 2013-11-27 15:33:37 24064 ----a-w- c:\windows\system32\nshhttp.dll 2013-11-27 15:33:34 411136 ----a-w- c:\windows\system32\drivers\http.sys 2013-11-27 15:33:33 31232 ----a-w- c:\windows\system32\httpapi.dll 2013-11-26 21:46:40 -------- d-----w- c:\program files\Microsoft Security Client 2013-11-26 21:24:54 48640 ----a-w- c:\windows\system32\drivers\KSafeDISK.sys 2013-11-26 21:24:53 45952 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys 2013-11-26 21:24:53 27648 ----a-w- c:\windows\system32\drivers\BTOWSFF.sys 2013-11-26 21:24:53 -------- d--h--w- C:\TOOLWIZ 2013-11-26 21:24:52 -------- d-----w- c:\users\zeeland\appdata\local\ToolwizCareFree 2013-11-26 21:24:50 -------- d-----w- c:\program files\ToolwizCareFree 2013-11-26 21:15:58 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2013-11-26 21:15:56 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2013-11-26 21:15:50 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2013-11-26 21:12:35 -------- d-----w- c:\users\zeeland\appdata\local\Google 2013-11-26 21:12:11 -------- d-----w- c:\users\zeeland\appdata\roaming\Symantec 2013-11-26 18:13:52 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2013-11-26 18:12:59 302592 ----a-w- c:\windows\system32\wlansec.dll 2013-11-26 18:11:59 954288 ----a-w- c:\windows\system32\mfc40u.dll 2013-11-26 18:10:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2013-11-26 18:05:40 276992 ----a-w- c:\windows\system32\schannel.dll 2013-11-26 18:04:51 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2013-11-26 18:04:40 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e5c07f36-803f-42f4-8e05-0a389246cac0}\mpengine.dll 2013-11-26 18:04:37 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-11-26 18:03:27 171520 ----a-w- c:\windows\system32\wintrust.dll 2013-11-26 18:03:09 98304 ----a-w- c:\windows\system32\cabview.dll 2013-11-26 05:21:30 -------- d-sh--we C:\Documents and Settings . ==================== Find3M ==================== . 2013-09-27 17:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 17:53:06 104768 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . ============= FINISH: 15:28:35.54 ===============
  2. I recently received a laptop from a friend who needed some viruses removed, I don't remember all the exact viruses, Moneypak/FBI and rouge Security Software were two major problems that I immediately discovered. After getting a go ahead from said friend I proceeded to do a reformat however I did not use the recovery partition or use any recovery disks. Toshiba Satellite Win 7 Hom Pre 64 bit I reformatted the laptop's C: drive with a (bloatware / shovelware free) .iso copy of Win 7 Hom Pre 64 bit. I installed AVG 2013 and Malwarebytes then ran the scans, with nothing of immediate concern. Then proceeded to update the Win 7, MSERT popped up (and keeps popping up) with a Trojan:DOS/Alureon.K Partially removed scan result. I've since learned that Alureon.K infects the Master Boot Record and/or the other Boot Record. I have four partitions on this hard drive the only one that's labeled is (C:). Two are Primary Partitions but one partition has 0 MB cap / 0 MB free / one partition has 8.95 GB cap / 8.95 GB free. The last partition is a recovery partition 1.46 GB cap / 1.46 GB free. I don't know if Alureon.K would be hiding in one of those other partitions. I've also ran TDSSKiller with and without Loaded Modules, with Loaded Modules I got no problem, without Loaded Modules I got Physical drive: \Device\Hardisk0\DR0 and took no action (skipped). I used my 4 GB USB Flash Drive to run the TDSSK, I did not put it on the desktop however.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.