Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My experience removing DOS/Alureon.E trojan


  • Please log in to reply
1 reply to this topic

#1 scottfromscott

scottfromscott

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 16 April 2012 - 08:26 PM

My wife's elderly aunt lives next door and acesses our router from her computer which was running Windows Vista. About 4 days ago her Windows desktop lost it's background image and the only icon on the desktop was the trash can. No pictures or documents would show up when I typed 'winfile' in the Start Menu search box, just a backup file. (I later found that the files had their attributes set to hidden, and was able to restore some of them to visibility by unchecking the hidden flag under the Users directory, but some files were missing). Microsoft Security Essentials tried to clean the trojan it found (DOS/Alureon.E) but could not. I tried several of the recommended techniques and utilities to remove it but none worked. (Kaspersky, BitDefender, etc.)

I had an upgrade disk for Windows 7 so did the upgrade and chose the option to install to a new directory which puts the old Vista directory under Win.old. After the installation and reinstalling Microsoft Security Essentials, it showed up again, but the partition of infection was also displayed. In my case it was partition 3 of 1GB size. As a last ditch effort before reformatting the drive or replacing it, I deleted the indicated partition, reran MSE and it indicated no infection. This requires accessing the disk manager located by right clicking Computer in the Start Menu, then choosing Manage, then disk management. If MSE indicated the infected partition and it is not the boot partition, you also may be able to remove it (it was created by the trojan).

Edited by hamluis, 17 April 2012 - 09:59 AM.
Moved from Win 7 to AV, Firewall, etc.


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:56 PM

Posted 16 April 2012 - 08:56 PM

Aleuron aka TDSS is a rootkit. So I would also suggest another approach of using a antivirus bootable disk scanner like Fsecure Rescue Disk or Kaspersky Rescue Disk. Because you are scanning from the bootable CD, the rootkit cannot hide itself.

Edited by Romeo29, 16 April 2012 - 08:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users