Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:DOS/Alureon.J


  • Please log in to reply
10 replies to this topic

#1 omgpop

omgpop

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 15 September 2014 - 07:06 AM

I get this from MSE and it will constantly quarantine it every time I reboot.

 

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:

boot:\Device\Harddisk0\DR0



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 15 September 2014 - 07:10 AM

Hello, 
 
Alureon (more commonly known as TDSS) is a rootkit which opens a backdoor on your computer. As such, I must issue you the following warning. 
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 


Posted Image

#3 omgpop

omgpop
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 15 September 2014 - 07:11 AM

I have an OS disk to reinstall I just want to get rid of this Alureon thing.



#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 15 September 2014 - 07:13 AM

Are you prepared to reformat your Hard Drive, and reinstall your Operating System? 

Do you require assistance with this? 

 

What is your the make and model of your computer? What is the Operating System? 


Posted Image

#5 omgpop

omgpop
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 15 September 2014 - 07:16 AM

I'm using Windows 7 ultimate and I may need assistance and custom built pc


Edited by omgpop, 15 September 2014 - 07:21 AM.


#6 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 15 September 2014 - 07:20 AM

qd0Bfg4.png System Summary Information

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time.
  • Type msinfo32 and click OK.
  • Click on System Summary to select it. 
  • Click FileSave. Name the file System Summary and save the file to your Desktop.
  • Upload the file (System Summary) to my channel, here.

Posted Image

#7 omgpop

omgpop
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 15 September 2014 - 07:23 AM

Done



#8 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 15 September 2014 - 07:29 AM

Hello, 

 

That hasn't helped unfortunately. 

 

Please create a thread in the Windows 7 section requesting assistance with a reformat and reinstall. 


Posted Image

#9 omgpop

omgpop
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 15 September 2014 - 07:32 AM

Okay but will this reformat and reinstall fix the problem?



#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 15 September 2014 - 07:37 AM

As explained in my warning and the articles provided, a reformat of your Hard Drive will remove the infection, and is the only way to guarantee the integrity of your computer in future. 

 

Whilst the identified infection may be removed without a reformat, there is no way of guaranteeing your computer will ever be trustworthy again. 


Posted Image

#11 fezzikjr

fezzikjr

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:Tyler, TX
  • Local time:12:02 PM

Posted 15 September 2014 - 04:09 PM

Please note that the Alureon.J (there are multiple "." variants of this virus) virus typically installs itself to a hidden partition not normally seen by the Windows Partition Manager or by Windows Installation (advanced partition screen).  In my case, it installed itself to a small (1.3MB, I think) partition at the end of the HDD.  Note that this computer is a completely fresh install only online to grab Flash, Java, Adobe Reader, Chrome (all users), and Windows Updates.

 

I had to use GPart from Hiren's Boot CD in order to even see the hidden partition (although GPart did not "flag" it as hidden).  I followed the instructions as outlined in this thread, by deleting the partition and then running a freshly downloaded version Windows Defender Offline (downloaded and burned to disk by a clean computer).  After running the "Full" scan in WDO, it came back clean.  As soon as I booted into Windows, it came back up with the same error message as outlined in your original post above.

 

Now that the "hidden" partition has been removed, I'm going to run "Darik's Boot and Nuke", and start all over.

 

Nasty nasty virus...  :smash:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users