Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.Alureon!IK


  • Please log in to reply
No replies to this topic

#1 Indred

Indred

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:12 PM

Posted 11 September 2009 - 12:36 PM

Hello,

First things first:

-Windows XP Pro SP3
-AMD Phenom 9850 Black Edition
-ATi 4870 512MB
-WD 640GB - Partitions: C (system, 47GB, 13GB free), E (549GB, 272GB free)
-Hitachi 1TB - Partitions: D (931GB, 445GB free)
-4GB Memory

-Using Firefox
-Firewall: Online Armor Free
-Antivirus: Avira Personal Free
-SpyBot SD
-SuperAntiSpyware
-AutorunEater

On-demand Scanners:

-BitDefender Free
-A-Squared Free
-MBAM
-Ad-AwareAE

Experimental runing in addition:

-ThreatFire Free
-DriveSentry Free




Now, to the problems at hand:

I restarted my computer after 3 busy days, when SpyBot SD started before windows to scan... When it finnished, it found multiple instances of:

hjgruic...blabla.tmp - one in Windows\Temp
hjgruic...blabla.sys - one in Windows\System32\drivers
multiple instances of hjgruic...blabla.dll - in Windows\System32

It cleaned them, windows started normaly, when Online Armor reported each of these files trying to run with the process Explorer.EXE which is in C:\Windows. I blocked them, some number of cmd black screens appeared, but immidiately disappeared after the Firewall blocked them (or at least i think it did). I ran scans with Avira, which found one and said it quarantined it.. I ran SpyBot SD again, which found AGAIN all those from the start and cleaned them (yeah, right...) and then i ran A-Squared...
Now, it found a bunch of files, amongst them Explorer.EXE which said to be infected with Trojan.Win32.Alureon!IK. When it quarantined them, all, explorer.exe turned off.. I tried to run it from CTRL+ALT+DELETE, but it couldnt find the file! So i restored only that from quarantine and this is as far as i can go on my own.... Now, everything is running normally (or at least i think it is), but if you get any ideas, I would appreciate it.....

Thanks in advance and sorry for any spell errors, English is not my native language...

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users