Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Alureon.A, etc


  • Please log in to reply
103 replies to this topic

#1 KAPM

KAPM

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 12 March 2013 - 09:18 PM

Unable to run DDS. Received the following message: A device attached to the system is not functioning.



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 12 March 2013 - 10:14 PM

KAPM,

 

Let's see what your system shows with the following short scan...

 

Please download RogueKiller:
http://www.sur-la-toile.com/RogueKiller/
 

When you get to the website, go to where it says:
(Download link) Lien de téléchargement: rendu2.png

Select the version that applies for your system: 64-bit or 32-bit (See Note below)

 

Click the dark-blue button to download.
Save to the Desktop.

 

Close all windows and browsers.

Right-click and select: Run as Administrator


At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.) 

Press: SCAN


When done, a report opens on the Desktop: RKreport.txt

 

Please provide the RKreport.txt (Mode: Scan) in your reply.

 


Note:

To find out if the system is 32 or 64 bit:

Click: Start

Type System in the Start Search box

Click System in the Programs list produced.

 

The operating system is displayed as follows:

For a 64-bit version operating system, under System > System type, it shows:

64-bit Operating System

 

For a 32-bit version operating system, under System > System type, it shows:

32-bit Operating System


Edited by Aaflac, 12 March 2013 - 10:16 PM.

Old duck...


#3 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 13 March 2013 - 08:40 PM

Thank you for the quick response!  I tried to run RogueKiller and received the same message as when trying to run DDS: "A device attached to the system is not functioning."

 

 

I just realized I didn't include any background.  This computer is running Windows Vista Home, 32 bit.  My neighbor asked for assistance when she kept getting a blue screen. Microsoft Essentials reports issues, but was unable to fully clean the computer and directed us to run Windows Defender Offline.  This was ran and found several different trojans/virus(I didn't make note of which ones. We are no longer receiving the blue screen, but when logging in Microsoft Essentials reports Trojan:DOS/Alureon.A and tries to clean it. Then it says detected threats could not be cleaned and directs to run Windows Defender Offline again and at the same time reports that Alureon was succesfully removed by Windows Essential.  This happens everytime we reboot.

 

Also receiving message "Host Process for Windows Services stopped working and was closed"

 

In addition, prior to opening this topic we ran a full scan using malwarebytes and no issues were detected.



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 13 March 2013 - 08:54 PM

KAPM,

 

Thanks for the additional info.

 

Need some information in order to proceed...

Do you have the Repair your computer option in the Advanced Boot Options menu?
 

To find out, restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option above, do you have your WindowsVista  installation CD/DVD available?

And last, do you have a clean USB flash drive available, and access to another computer?
 


Old duck...


#5 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 14 March 2013 - 06:26 PM

Yes, it does have the Repair Your Computer option. 

 

I don't have an installation CD/DVD. 

 

I do have a clean flash drive and access to a computer that is running Windows XP and and another that is running Windows 7.



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 14 March 2013 - 06:57 PM

KAPM,

 

  :thumbsup2: You have what we need, so, let's roll...

 

You may want to print these instructions so you can have access to them. Also, you may want to read them once before you apply them.

 

Please plug a flash drive into a clean computer.
Go to Start > Computer
Double-click Computer, and select the flash drive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.

 

Download Farbar Recovery Scan Tool:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the 32-bit download.
Save the program to the >> USB flash drive.

 

Next, plug the flash drive into the infected computer.

 

>>>Restart the computer.

  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Scan your computer's memory for errors.
  • Command Prompt

 

 

Select Command Prompt

  • In the Command window, at the blinking cursor type notepad and press: Enter
  • In Notepad, under the File menu select: Open
  • Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
  • Close out of Notepad.
  • Click the Command window
  • Type g:\frst.exe, and press: Enter
    Note: Replace the drive letter g with the drive letter of your flash drive!
  • The tool starts and prepares to run. Follow the prompts.
  • Click Yes to the disclaimer.
  • Press: Scan

 

When done, the program saves the FRST.txt report, on the flash drive.

Close Notepad, then, click the Command Prompt window, type exit, and press: Enter
Back at the System Recovery Options, press: Restart.

 

When the computer boots into Windows, please provide the FRST.txt in your reply.
It is located in the USB flash drive.


Edited by Aaflac, 14 March 2013 - 07:01 PM.

Old duck...


#7 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 14 March 2013 - 08:55 PM

Thank you!  I made it to selecting "Repair your computer". 

 

The language setting option did not come up and User account displayed with a blank icon and "Other User" which is not one of the users on the computer.

 

Tried typing in the username and password multiple times and received the following message: "The specified domain either does not exist or could not be contacted."



#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 14 March 2013 - 10:36 PM

Image 1/Language:
repair08.jpg
This one did not come up?
 
Image 2/Select Operating System:
repair14.jpg
How about this one?
 
Image 3/User name and Password:
repair24.jpg
Did you use the drop arrow on the right of the blank space?
Is there where you found an account named "Other User"?
 
Image 4/Recovery Tools:
repair15.jpg
Presuming you never got here?

Edited by Aaflac, 15 March 2013 - 12:21 AM.

Old duck...


#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 14 March 2013 - 10:52 PM

Forgot to ask, what kind of computer is this...Dell, HP, etc.?


Old duck...


#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 15 March 2013 - 12:19 AM

Got a nasty piece of malware on that computer.

There is the following option...

Download a Windows Vista Recovery Disc:
http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/

Burn it to CD, or DVD:
http://neosmart.net/wiki/display/G/Burning+ISO+Images+with+ImgBurn

It allows you to run the Repair your computer option and select the Command Prompt.

If it works, will modify the FRST instructions so you can us them.

Old duck...


#11 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 15 March 2013 - 08:25 AM

Thank you so much for sticking with me! 

 

I'm unable to see the images in your previous post, but can tell you that I did not receive the language or operating system question.  I don't recall a drop down arrow, but I will double-check this evening. What I do remember is basically the frame without a picture for "Other User" and a right facing arrow, no drop down arrow, but I will check again. Never got to the recovery tools option.  I did do a little bit a googling last night and ran across this problem in some other posts, but didn't see a consistent solution.  Although a number of people ended up using Windows Vista discs.

 

As to the computer it is a Dell.

 

This is my friend's computer so I will check with her and see how she would like to proceed, but the recovery disc sounds like the way to go.

 

I have a copy of Windows XP home edition and was going to ask if it looked like we could install that, but the box says it is an upgrade edition and doesn't list Vista, just 98 and Millenium.

 

Anyway, I will get back to you this evening.

 

Thanks again!



#12 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 15 March 2013 - 09:16 AM

A couple more questions:

 

The Windows Vista Recovery Disc download said it was for 64 bit.  Will it work for 32?

 

Also, if we decide we want to, is installing another version of windows an option?



#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:06 PM

Posted 15 March 2013 - 12:01 PM

Somehow got the feeling it was a Dell...lots of people with the same problem. What model is it? Laptop? Desktop?

 

32-bit = x86 Windows

 

Also, if we decide we want to, is installing another version of windows an option?

 

It is an option, but, you would probably need some downloads from Dell.

 

 

Dell also has the option to restore the default factory configuration, if you wish to use it.

 

You would still need to get to the Advanced Boot Options menu and select: Dell Factory Image Restore
Another issue is whether you need to backup any files on the computer, because everything will be gone if you go this route.

 

Would hold off on the Vista Recovery Disc until you make a final decision on what you want to do.

Dell has its very own proprietary characteristics. The Dell support forums will have the information you need.


Edited by Aaflac, 15 March 2013 - 12:01 PM.

Old duck...


#14 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 16 March 2013 - 06:08 PM

Decided to try the Windows Vista Recovery disc.  It is downloading right now. 

 

The computer is a Dell Inspiron 531 desktop.



#15 KAPM

KAPM
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:06 PM

Posted 17 March 2013 - 03:18 PM

How do we proceed with the recovery disc?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users