BleepingComputer.com: Infected with Alureon

I looked for the file, it's not there, and I assume that it didn't need to be.

Have run the tool, results are attached.

Your JAVA is out of date.

Upgrading Java :

• Download the latest version of Java SE Runtime Environment (JRE)JRE 7 Update 2 .
  
• Click the "Download JRE" button to the right.
  
• Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  
• Click on Continue.
  
• Click on the link to download Windows Offline Installation ( jre-7u2-windows-x64.exee) and save it to your desktop. Do NOT use the Sun Download Manager..
  
• Close any programs you may have running - especially your web browser. (I would disconnect from the internet during this process)
  
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-7u2-windows-x64.exe and select "Run as an Administrator.")

Go to Windows Updates and download all available updates.

Once done, let me know if that makes a difference.

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.

Okay, I've run the newest version of the tool, the log is attached.

The MBR.dat file was submitted succesfully.

This post has been edited by JibberWacky: 05 January 2012 - 04:31 PM

All clear.

Any problems upgrading JAVA or Windows updates?

No problems updating, but I do have one question still: I noticed that on my start menu my Command Prompt icon the Window's shield shaped icon over it. I wasn't going to use cmd for anything, the only reason I clicked on it was because when the virus I had was in my computer my normally safe shortcut and start menu icons (like Windows Media Player) would show the same shield, I'd click on it, and get a dialog saying the file no longer existed, so I'd delete the shortcut that way.

However with the cmd icon, a dialog comes up saying that an unknown program wants access to my computer. I'm worried because of course cmd.exe is built into the computer, but it's not being recognized. Is anything wrong?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Quote

  :filefind
  CMD.exe
  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 19:37 on 06/01/2012 by April rising
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "CMD.exe"
C:\Users\April rising\AppData\Local\Temp\cmd.exe --a---- 132096 bytes [20:01 05/01/2012] [20:02 05/01/2012] 453E67D3B847DEDFADBBDC06F02D2C6C
C:\Windows\System32\cmd.exe --a---- 318976 bytes [02:48 21/01/2008] [02:48 21/01/2008] 74F26FC01B180D4A99A168ED69C30A53
C:\Windows\SysWOW64\cmd.exe --a---- 318976 bytes [02:48 21/01/2008] [02:48 21/01/2008] 74F26FC01B180D4A99A168ED69C30A53
C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_e72b6240d2b9faa5\cmd.exe --a---- 363008 bytes [02:50 21/01/2008] [02:50 21/01/2008] 72A73B43C20902760022FBC91B3EC948
C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6001.18000_none_f1800c93071abca0\cmd.exe --a---- 318976 bytes [02:48 21/01/2008] [02:48 21/01/2008] 74F26FC01B180D4A99A168ED69C30A53

-= EOF =-

Other than the file in the temp folder is legit.

Lets empty the temp folders:

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Let me know if the issue continues.

Problem solved.

Thank you so much for all your help with these problems!

You are welcome.

Rename Combofix to Uninstall and click on it. That should remove the application.

Be safe!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.