Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART HDD related to Alureon.E - Please help


  • Please log in to reply
5 replies to this topic

#1 jkovats

jkovats

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 09 April 2012 - 12:32 PM

Hi, Thank you in advance for any help I can get.

It all started 2 days ago, where I got hit with the S.M.A.R.T. HDD problem. I had a 2nd computer nearby and watch the youtube video I found from the forum creator (I think). Regardless, my computer (Vista 32 bit) hung on reboot in an attempt to get to safe mode. Nothing worked, except F11 which took me to a system restore. There was a restore point from a Windows update earlier that day, so I did that. A short time later, windows reloaded. The SMART HDD Problem appeared to be gone.

Initially, once I rebooted, Microsoft Security Essentials caught TROJAN:DOS/Alureon.E. All it said was suspended. I did try to remove it it, but the Apply actions button was not an option. I dove deeper into searching for a solution.

I downloaded TDSSKiller, it did not find it. Only a file called smtp or something that was medium risk.

I tried Malware Bytes. It found a couple of trojans and spyware, none being Alureon.E and removed them. I ran HitMan pro, nothing. I tried aswMBR, it found a couple of things, and then wanted to do a deeper scan with new virus definitions.
I ran Comodo Killswitch last and found no suspicious activity.

Obviously, I forget the steps I took. Here are the current problems.

Security Essentials still see this Alureon.E @ start up and claims to Suspend it.

Some folders on my desktop are now a slightly different (shaded) colour. There were 3 docx files on my desktop that were never there( I deleted them). There were 2 desktop.ini files on my dektop that were never there before, I deleted them.


I tried some of the manual steps from here http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.

None of the 4 files were found in the registry.

The last and most interesting thing is that when I went to manually delete files in c:/documents and settings, that folder too, was a different colour than the rest, I was denied access, and the most interesting part, was that the system date was older than the computer, ie, 2006 when the laptop was bought in 2008. Further inspection found that several other folders in users/ folder had the same characteristics. Denied access, and older system dates.

Am I screwed? I have 'functional' computer. I am using it to post this. However, I am paranoid that it is being hijacked at any minute.

I do occasional system back ups, the last one being 2-3 months ago.

ANY help would be appreciated.

Thanks,

Jordan

PS: I just noted that in IE 9 all of my favorites / boookmarks are gone. Nothing there.

I did run CCleaner last night and cleared my cache, and all the other stuff it does, along with cleaning the registry. I have used that tool for years without problem.

Thanks again.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Thanks, I just realized that too!

Edited by jkovats, 09 April 2012 - 01:01 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 AM

Posted 09 April 2012 - 02:14 PM

Hello, I was just about to say Do NOT run a registry or Temp file cleaner as it may remove the hidden files.

Try this ....
his infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.



Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jkovats

jkovats
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 09 April 2012 - 03:19 PM

Thanks,

I'll give it a whirl shortly.

I did go in and try to manually tick unhide and did so in some of the folders. I notice in some of the other folders, i.e. Documents and Settings, the tick boxes for Read Only and hidden, along with the Advanced button is missing. Likewise, the Location:, size:, Size on disk:, and Contains: informaton is missing.

I will report back after running these two programs.

Thanks again,

Jordan

#4 jkovats

jkovats
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 09 April 2012 - 07:27 PM

Hi there,

I did the above as directed. Only Unhide produced a log file. It ran for about 40min. I ran FixTDSS. It said it was going to reboot....I have been rebooted back to Windows Vista...my hard drive light is on...that is normal, it has been about 20 minutes. Nothing. I checked Taskmanager, no FixTdss process running. Unfortunately, I can't tell you what it said because it said nothing. I don't know if it did it's thing or not.

Meanwhile, Security Essentials said that I am at Risk. Alureon.E Trojan found, quarantined. Now it is asking for a restart. I guarantee that I will get that again after reboot. I have the last 8 times or so.

Any other thoughts?

Thanks,

Jordan

Edited by jkovats, 09 April 2012 - 07:27 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:29 AM

Posted 10 April 2012 - 09:50 AM

We need a deeper look as we cannot get at TROJAN:DOS/Alureon.E

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Schultze

Schultze

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:29 AM

Posted 24 September 2012 - 04:50 PM

We have been dealing with this same issue at my work. The virus changed the DNS settings for a computer. I got a call saying their internet was out and saw that the DNS settings were blank. Also, MSE started alerting me that it has found the Dos:Alureon.E virus. MSE was unable to remove it. After reboot, it would show up again.After Malwarebytes and TDSkiller were also unable to remove this I noticed that there was a 2MB partition that was not created by Windows. I was able to delete that partition and MSE did not find any threats after the reboot.
I deleted this by (Windows XP) Right clicking my computer>Manage>Disk management. I dont know if this will work for you but it did for us. I know this was back in April but maybe it can help somebody else out. :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users