Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Win32\Alureon.ct


  • Please log in to reply
3 replies to this topic

#1 fireeye1

fireeye1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 19 October 2009 - 11:51 AM

This issue has rendered my friends computer virutally useless....

here was the site he downloaded a "Hopeful" "keygen" from

I saved the file and my antivirus program told me that the file was " Trogan Win32\Alureon.CT

He told me that it was a binary file he ran.
:thumbsup:
Just after he ran the file, the computer has a STOP Error 0x00000000a (IRQL-NOT_LESS_OR_EQUAL) and 0x00000050 (PAGE_FAULT_IN_NONPAGE_AREA)

The computer WILL NOT boot in safe mode or any of other options. It just returns to the BSOD (STOP) screen


I put my XP CD in and tried to run the Recovery Console, but I do not know how to navigate through the command prompts.

I did enter Listsvc to see what drivers were running, but they were mostly disable, but that may not be an issue since i am booting from the CD.

Will running the Recovery Console possibly fix this problem? IF so, does anyone know how to navigate throught it well enough to detail what I need to do?


This thing seems to be really nasty and I do no know what to do from here.

LAST RESORT IS TO REINSTALL WINDOWS. UNFORTUNATELY THERE ARE FILES THAT ARE IRREPLACABLE*** YIKES!!

Thanks.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 19 October 2009 - 04:43 PM.
Removed link


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,130 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:52 AM

Posted 19 October 2009 - 02:50 PM

"A keygen (an abbreviated form of "key generator") is a small program that will generate valid CD keys or serial/registration numbers for a piece of software. These are made available by software cracking groups for free download on various websites dedicated to software piracy. In some countries, the use of keygens to activate software without purchasing a genuine code is unlawful."

http://en.wikipedia.org/wiki/Keygen

"No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences."

http://www.bleepingcomputer.com/boardrules.php

Louis

#3 fireeye1

fireeye1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 19 October 2009 - 02:58 PM

I completely understand that using a serial Crack or Keygen is illegal and is not lawful. All of the above was relayed to the user.

Nevertheless, the file that was downloaded was not infact a Keygen, it was a virus.

My task is to removed the virus so that the computer will boot properly.

Any help would be much appreicated.

#4 Droolio

Droolio

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 19 October 2009 - 04:40 PM

I recently encountered this very Trojan on a customer's PC - it seems to be very new as their Norton's AV didn't detect it, and the VirusTotal site at first only showed infected files as 'suspicious', until I told it to rescan. So in the space of a few days, when most AV engines didn't recognise it, it suddenly became well known - but not before the PC was infected. (One reason why I personally don't run AV :thumbsup: )

Anyway, it was doing the same thing - blue screening. Safe mode, Last Know Good Configuration nor manually restoring older registry files didn't help.

The only way I could fix it was to do a repair install over the top (second R option when you boot from the XP CD - not the first Recovery Console option). This should allow you to keep documents and settings of current install. See here for a guide, pay special attention if the repair option is unavailable - as per that page - as I had to perform the bootcfg /rebuild option (and rename/delete the Windows\bootstat.dat file as well).

You should probably scan the PC's hard drive offline first, using a standalone virus scanner in a Live CD environment - I used Kaspersky Virus Removal Tool.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users