Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with rootkit MBR:Alureo


  • Please log in to reply
5 replies to this topic

#1 stantech

stantech

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 May 2012 - 01:15 PM

I have a windows 7 pro dell optiplex. The avast antivirus is reporting a rootkit virus defined as MBR: Alureo. The computer boots fine but I can't boot to Bitdefender or even Acronis. In fact Acronis reports no HDD. It will not run TDSS Killer or any Maleware tools I tried so far. I can't get into safe mode either. Also, I can't get on-line. What to do next?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:08 AM

Posted 11 May 2012 - 02:02 PM

Copy this tool to infected PC


FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot ,click on REPAIR

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 11 May 2012 - 02:02 PM.


#3 stantech

stantech
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 May 2012 - 03:25 PM

Thanks I downloaded the tools and will run them soon. I did try TDSSKiller and it would not run at all. I'm not sure what you mean by change parameters, but if it is something I need to do in TDSS killer I could never get that far.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:08 AM

Posted 11 May 2012 - 04:44 PM

Follow my instructions.

First step is to run FIXTDSS

#5 stantech

stantech
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 11 May 2012 - 10:05 PM

You ere right. After I ran FIXTDSS I was able to run TDSS Killer, but TDSS Killer did not find anything. However, the computer seems to be running better, I can get into safe mode and on-line. Avast scan good, everything seems normal. I will post the TDSS Killer report tomorrow. Thanks so much for your help.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:08 AM

Posted 11 May 2012 - 10:49 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users