Infected with Win32/Alureon.K virus?!

[aanav12]

Hi, my computer is infected with win32/alureon.k according to microsofts security essentials. I have tried running malwarebytes but it does not find anything infected. However i did run Microsoft security essentials again and it indeed found the virus again. What should i do? should i post the log from MBAM on here? Any help would be appreciated please, thank you!

- Andres

[Kenny94]

Hi Andres and Welcome to Malwarebytes!

We need to look at some information about what is going on in your computer:

Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explanation about the tool.

  [*]When done, DDS will open two (2) logs

  1. DDS.txt

  2. Attach.txt

  [*] Save both reports to your desktop.

  [*] The instructions here ask you to attach the Attach.txt.

  

  [*]Instead of attaching, please copy/past both logs into your Thread

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

[aanav12]

I downloaded DDS and let it run, however the scan did not finish even after 30 minutes (says it should take no longer than 3 minutes to scan). so i restarted my computer because DDS froze on me. attempted to run the scan again and ended up with the same freezing problem. What should i do?

[Kenny94]

Run DDS in safe mode:

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Log into an account with administrative priviliges.
  

Please copy and paste both logs.

[aanav12]

tried to run DDS in safe mode, however nothing happened and it froze after it started scanning. I try and x out and it just freezes. Any other suggestions? As I would really like to know how badly my computer is infected. Microsoft Security Essentials is the only program that has scanned my comp. and detected this particular trojan.

[Kenny94]

You may have corrupted files on your disk. Please try running the following.

First close ALL Applications as this routine will automatically restart your computer.

Click on START - RUN and copy / paste the following entry into the box and click OK

CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30

Next

• Please run the BitDefender QuickScan Beta
  
• You can use either Internet Explorer or Mozilla FireFox and Google Chrome for this scan.
  
• Accept the plug-in installation by clicking the bar above.
  
• From the contextual menu please choose 'Install ActiveX" control and you will be prompted to install the application.
  
• Once done, press the View Report link. Post that log in your next reply.
  

Next

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
  
• Doubleclick on the HJTInstall.exe icon on your desktop.
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed, it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
  
• Click "Open Uninstall Manager"
  
• Click "Save List" (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

* HijackThis Uninstall List

* HijackThis log and BitDefender report

[aanav12]

(when i did the HijackThis scan, it said that the system did not allow it to access host files, however it still scanned)

...here are the logs you asked for:

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Sat Jun 11 16:43:35 2011

Machine ID: BA3D826C

No infection found.

-------------------

Processes

---------

Google Chrome 2788 C:\Users\Andres Navas\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 3320 C:\Users\Andres Navas\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 3464 C:\Users\Andres Navas\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 3868 C:\Users\Andres Navas\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 3976 C:\Users\Andres Navas\AppData\Local\Google\Chrome\Application\chrome.exe

Google Chrome 4056 C:\Users\Andres Navas\AppData\Local\Google\Chrome\Application\chrome.exe

Intel® Common User Interface 468 C:\Windows\System32\hkcmd.exe

Intel® Common User Interface 412 C:\Windows\System32\igfxpers.exe

Intel® Common User Interface 1352 C:\Windows\System32\igfxsrvc.exe

Intel® Common User Interface 344 C:\Windows\System32\igfxtray.exe

Java Platform SE Auto Updater 2 0 1008 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Microsoft Security Client 308 C:\Program Files\Microsoft Security Client\msseces.exe

Microsoft

[Kenny94]

1. Download ComboFix from below:
   Combofix download
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   The Recovery Console was successfully installed.
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply.
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   ---------------------------------------------------------------------------------------------
   

[aanav12]

I saved combofix and ran it straight from my desktop and it started to scan, however it stalled on me and i even waited for the scan for 25 minutes...it says that the scan should only take about 10 minutes. what are my options from here?

[Kenny94]

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

[aanav12]

tried entering what you told me in the run command..it made combo fix run and scan, yet again it failed to scan fully and froze up.

[Kenny94]

Please copy and paste this post to a new text document or print it for reference later.

Drag combofix icon into the recycle bin. Download a updated copy.

1. Download ComboFix from below:
   Combofix download
   * IMPORTANT !!! Place combofix.exe on your Desktop
   

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select Safe Mode with Networking and press Enter.
  
• ILogin as the same user you were previously logged in at.
  
• 
  

Then run combofix.exe in Safe Mode with Networking. Post that log (C:\ComboFix.txt) in your next reply.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!