Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can't remove Win32/Alureon.H

  • Please log in to reply
3 replies to this topic

#1 VespaMonkey


  • Members
  • 3 posts
  • Local time:02:53 PM

Posted 16 August 2010 - 10:03 AM

Strange things afoot on my PC! Search engine redirecting from Yahoo and google, some odd e-mail behavior (address mining?) and who knows what else.

I am using:
Windows XP Media Center Edition
Version 2002
Service Pack 3

I am currently using AVG Free, but was using Norton Internet Security when I got infected.
AVG Free full scans do not help
AVG Rootkit (out-of-date) and Malware Bytes Anti-Malware do not help
Windows Malicious Software Removal tool (August 2010) identifies the virus as Win32/Alureon.H but does not remove it completely and says "manual removal required."

Thank you so much for you help.

BC AdBot (Login to Remove)


#2 VespaMonkey

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:53 PM

Posted 16 August 2010 - 02:48 PM

I forgot to mention that I am using Mozilla Firefox 3.6.8. Thank you.

#3 harlequin99


  • Members
  • 1 posts
  • Local time:07:53 PM

Posted 02 September 2010 - 06:15 AM

I had the same virus on my machine. It is particularly nasty! In addition to redirecting search engine results, Alureon stopped my anti virus software from updating, windows update was not accessible and the virus would install other unpleasant viruses and trojans on my system. It seemed impervious to all the (many) anti-virus tools I used - either it would go undetected or would be detected but the software could not remove it. Here is what I did to eventually get rid of it, using standard free software tools:

1. Download Microsoft Security Essentials if you do not already have it (Get it here)

2. You need to ensure that MSE is fully up to date. If the automatic update facility does not work then you can down load and run the update yourself here 32-bit update (XP) / 64-bit update (Vista/Windows 7)

3. Run Microsoft Malicious Software Removal Tool (Get it here). This detects Alureon and partially removes it. It then recommends that you run anti-virus software to fully remove it.

4. You then need to restart your computer in safe mode. Keep tapping F8 on start up or (for XP) go to the start menu and click on "Run", type "msconfig", go to the Boot.ini and tick the checkbox next to /SAFEBOOT. It is vital that you restart your computer straight away in safe mode or the virus seems to quickly repair itself and you will need to run the Malicious Software Removal Tool again.

5. Once you are in safe mode, run a full scan with Microsoft Security essentials. This time the software should be able to completely remove Alureon.

6. Run your favourite anti-malware/anti-spyware program to pick up any nasties that Alureon installed on your system that went unnoticed by your anti-virus. I recommend Malwarebytes' Anti-Malware. I ran Lavasoft's AdAware software which claimed my system was clean but the malwarebytes software picked up a dozen nasties that Lavasoft missed, including W32/Zbot which is a very nasty banking password stealer, which I believe Alureon infected my system with.

7. Perhaps not necessary but to be on the safe side I cleaned out all my temporary files with this tool - OldTimer's Temp File Cleaner

Hope this helps someone out there! The key is to manually update your anti-virus from the apppropriate website if auto-updates do not work and to run the anti-virus software in safe mode. I am still not 100% convinced I am rid of it, but all my subsequent scans have been clean. Fingers crossed... and good luck!

#4 Driesiooo


  • Members
  • 113 posts
  • Local time:02:53 PM

Posted 02 September 2010 - 08:41 AM

You can try do to what harlequin99 recommended. But if that doesn't work, you can do the steps below.

# Go to the Online Eset scanner and preform a scan: http://eset.com/onlinescan

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Note - when ESET doesn't find any threats, no report will be created.
  • Push the Posted Image button.
  • Push Posted Image.

Edited by Driesiooo, 02 September 2010 - 08:43 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users