Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I think I have Win32:Alureon-ET

  • Please log in to reply
No replies to this topic

#1 scudski


  • Members
  • 1 posts
  • Local time:10:35 AM

Posted 17 December 2009 - 05:10 PM

Hi there.

I've recently installed avast antivirus and it has picked up what I think is a rootkit. Despite either deleting this via avast, or moving to the avast chest, the infected file comes back. It is:

tdlcmd.dll in C:\Windows\system32 with a virus description of Win32:Alureon-ET [Rtk]

I've had this for the last 4 days. Initially it was reporting:

Win32:Alureon-EJ [Rtk] in C:\Windows\system\tdlclk.dll , or
Win32:Alureon-EN [Rtk] in C:\Windows\system\tdlclk.dll

This seems to now always be Alureon-ET

My PC is running Windows XP sp1. I did try to apply the latest patches and move to SP2 (a little late perhaps!), but this failed due to an open/in use C:\WINDOWS\system32\drivers\atapi.sys Whether this is related or not, I don't know.

Many many thanks for anyone who can help me.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users