Jump to content

I was infected by alureon.E.vbr rootkit. Couple questions..


Recommended Posts

Hi

So my old computer was infected with the above mentioned rootkit. I just had a few questions..

 

1. It says the Alureon family "Gathers URLs from your browser history". Anybody know what browsers it gathers from? Or if this specific Alureon rootkit does that?

 

2. I have a bunch of infected files with things like (Fake.TrojanAlert, Backdoor.0access, rogue security defender etc etc. How can I determine if they are all pat of this rootkit, or if they are from a different attack? If anybody thinks they'd be able to tell just from looking at the logs, let me know and I will post them.

Link to post
Share on other sites

  • Root Admin

Hello @kurt2121

Not too many sites are probably going to have the resources or time to try and do that type of forensic analysis. Most simply clean it up as those are very old infections now and spending time analyzing old data doesn't really buy anyone much. Cannot say for sure but perhaps someone at this forum might be able to assist you.

kernelmode.info

We can help you to clean up the computer but we won't spend the time to categorize infections, that simply takes too much time and again, has no real value.

Thanks

 

Link to post
Share on other sites

On 7/9/2016 at 5:08 AM, AdvancedSetup said:

Hello @kurt2121

Not too many sites are probably going to have the resources or time to try and do that type of forensic analysis. Most simply clean it up as those are very old infections now and spending time analyzing old data doesn't really buy anyone much. Cannot say for sure but perhaps someone at this forum might be able to assist you.

kernelmode.info

We can help you to clean up the computer but we won't spend the time to categorize infections, that simply takes too much time and again, has no real value.

Thanks

I see.

A description on the Microsoft database of this trojan says it gathers URLS from browsing history.

When you delete history from Internet Explorer, it leaves them in index.dat files. Do you think this virus stole all of that as well?

On 7/9/2016 at 5:08 AM, AdvancedSetup said:

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.