Posted 21 June 2011 - 10:56 AM
Yesterday morning (1:30AM) I was geekily reading manga when my computer, out of nowhere, wanted to run a strange setup[random numbers].exe. I said no. It popped up again. I said no. We wrestled with the "no" button for a minute, before I opened the Task Manager and killed a suspicious looking process. That stopped the battle. I ran a full scan with Microsoft Security Essentials and it found a few java exploits (which I fixed) and nothing else. I went to bed. I woke up later and ran Microsoft Security Essentials again and it found Trojan:Win32/Alureon.DX associated with ten mysterious .exe files in my temp folder. It removed those.
These are the files it removed:
I ran another full Microsoft Security Essentials scan (third time's a charm) and it found Trojan:Win32/Alureon.DX in file:C:\Users\Me\AppData\Local\Temp\774.tmp and it was removed.
By this time I've Googled this trojan and I've hit DEFCON 1 based on my findings. After stumbling onto your forums and doing a bit of research, I download TDSSKiller. I put it on my desktop and run it as administrator (using Windows 7, but I'm the only designated user for this computer). TDSSKiller finds no infection.
Next, I downloaded Sophos Anti-Rootkit Version 1.5.4 and it finds a few temp files in IE. I don't use IE, at all, so I nuked these. It found a handful of other items, but said "clean up not recommended for this file" for each one.
These are the items Sophos found:
C:\Program Files (x86)\ASUS\FancyStart\FancyStart.exe
C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
C:\Program Files (x86)\CCP\EVE\bin\vivoxsdk.dll
I still wasn't satisfied, so I downloaded Malwarebytes' Anti-Malware Version 18.104.22.1680 (updated immediately). I ran both quick and full scans and it found nothing, no infection. I have since run a billion more scans of Microsoft Security Essentials and Malwarebytes (after restarts, updating databases as of this morning) and they find no infection.
I went to Windows Updates and patched anything it felt I should need. I removed all old instances of Java and installed the newest version. I removed Adobe Reader 9 and replaced it with 10. I am currently in the process of saying goodbye to Firefox and switching to Google Chrome. I have no problems going to sites that, supposedly, this Trojan likes to block. I am not being re-directed to any ad sites. I had zero issues downloading and running all the programs used above.
Am I still infected? Have I done all a girl can do? Any help will be vastly appreciated! Thank you!
Note: I didn't post any actual logs, because I was asked not to do so. If you need them, I have them!