Jump to content

svchost.exe and Torgan:DOS/Alureon.A Viruses

Recommended Posts


svchost.exe and Trojan.DOS/Alureon.A were found on my PC by Malewarebytes (svchost.exe) and Windows Security Essentials (Alureon.A). Neither was able to remove their respective viruses, however, after running Superantispyware and TDSSKiller both viruses appear to be gone. Can someone please check the attached log files to make sure and also check to see if anything else is lurking about within my PC.

Thanks advance for your help. I really appreciate it.




Link to post
Share on other sites

Hello jc4276 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Gosh...this all sounds horrible. To be safe it looks like I have no other option other than to "nuke and repave." Before I do, I have a few questions:

1. Will a complete rebuild completely eliminate all potential backdoors on my system?

2. How can I ensure that my backed-up files are completely clean before I put them back on my rebuilt system? I will be backing up everything on an external hard drive,

Thank you for you help and advice thus far.



Link to post
Share on other sites

1. Will a complete rebuild completely eliminate all potential backdoors on my system?

Yes, absolutely.

2. How can I ensure that my backed-up files are completely clean before I put them back on my rebuilt system? I will be backing up everything on an external hard drive,

There are certain files that are dangerous, in particular that are: .html, .exe and .dll . You could scan them in www.virustotal.com and others too.

Link to post
Share on other sites


I have decided to do a format and reinstall and have run into a small snag. During the set-up process I am asked "Where do you want to install Window?" Two partitions are listed:

1. Disk 0 Partition 1: System Reserved 100MB/69MN Free

2. Disk 0 Partition 2 698.5MB/580.7MB Free

I know Partition 2 is my C;/ drive and where I will re-install Windows 7. What is System Reserved and should I just delete it?



Link to post
Share on other sites

A couple of other question for you...

Do I need to be connected to the internet during the reinstallation process (I'm guessing no)?

I use Microsoft Security Essentials and Malwarebytes as my anti-virus programs. I know I should not connect to the internet until a anti-virus program is in place, however, these free programs must be downloaded from the internet. Do you suggest I buy another anti-virus program and install that before connecting?

Thanks again for the support. You guys are terrific.


Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.