Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Alureon (perhaps even more)


  • Please log in to reply
3 replies to this topic

#1 RDC123

RDC123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 16 November 2010 - 10:49 PM

Good evening!

I was asked to have a look at a friends machine (a Dell Dimension E520 running Windows XP) to remedy what sounded like a fairly routine spyware/malware related issue. Having cleaned many machines over the course of the past few years, I rather confidently took the machine to work on it. I had no idea what I was getting myself into, lol! I've had the machine for a couple days now, and I have run countless scans, using several different tools (Malwarebytes, Spybot, SFC, Rootrepeal, HijackThis, to name a few), and have gotten the machine to the point where nothing is detected. However, there are several remaining symptoms that have left me pulling out my hair trying to remedy. SVCHOST errors, inability to do Windows updates, and things of that nature. It seems that when I try to do anything to get around the OS, like boot with Windows XP Prof. CD, or ERD Commander, the machine bluescreens. In a last ditch effort to manipulate some system files based on articles I've read, I tried attaching the machines hard drive to another machine (mine, Thinkpad T400 running Windows 7) via a USB/SATA adapter, and that's when my Microsoft Security Essentials immediately detected the Alureon when the drive mounted. If this were my machine, I would have just reloaded it by now, but since it belongs to fairly PC illiterate person, I'd rather not have to reload if at all possible, since they have no idea where any of the media is for the software they have installed, and I'd rather not have to 'own' that whole ordeal.

Please forgive the vague and anecdotal nature of the problem description, as I've been over the machine such that I can't even remember all I've done to it. Given what I've uncovered tonight, I'm looking for guidance, since I am clearly not getting anywhere on my own.

Please advise.

Thanks in advance.
Rod

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 16 November 2010 - 10:57 PM

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 RDC123

RDC123
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 16 November 2010 - 11:32 PM

Budapest,

Thanks for that link! Ironically, I was on the trail of TDSSKILLER earlier this evening, but it seems that no matter where tried to download it from (Kaspersky included) when extracting it from the ZIP, there was corruption, and the .exe wouldn't extract properly, presenting the following error: ! C:\Users\RDC123\Desktop\Virus Tools\tdsskiller.zip: CRC failed in TDSSKiller.exe. The file is corrupt. At first, I thought that it might have been machine specific, but no matter what machine I tried to extract it on, I was met with the same error. Moments ago, after posting my topic, I came across a link to TDSSKILLER.exe in another thread that points directly to a 'good' copy of the exe, versus the ZIP, and I am running it now, and sure enough, it detected! AND it looks like it let me cure it!! Following the reboot, I immediately tried a windows update, and was able to get them to install. I'll continue to follow the advice in the link you provided, to ensure any remnants are cleaned up.

Thank you kindly, it appears I am much better off now, than before! With any luck, this will be the last you hear from me. :)

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 PM

Posted 16 November 2010 - 11:34 PM

:thumbup2:
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users