12/10/10 - updated Malwarebytes & it found an infected driver and was unable to heal it. I had Avg 2011 (now have MS.Sec.Ess.), Updated Avg & ran its scan, it found the same file & named it Win32/Patched.DX. With no Avg knowledgebase info on it, i googled it and its the win32/Alureon.H ....apparently....
Neither could clean it as its a white-listed .sys file.
The virus itself didnt seem to do much, my web is slow in this part of uk so im never really sure, but no-redirecting just the odd 'explorer has encountered a problem & needs to close' error message and the sudden drop of the windows and a slow desktop refresh type occurance and it was back to ok... but i wanted to clean up whatever Mbam & Avg had found.
Browsed for info & help on web while i updated windows, windows then installed a few including MSR tool.
This found 1 file & partially cleaned the file, then left me with 2 instructions... one was 'some manual steps to be taken', and then a full scan with my anti-virus...easy i thought...
The manual steps included having the Recovory Console, which appears to be present after tapping f8 @ bootup.. is this the correct recovory console?? - but it didn't work anyway as i couldnt access my XP cd via the Recovory Console screen to copy files accross..(and it named my cd drive F: not D: - i do have 2 other h/d installed so i presumed its ok)...
It wouldn't access F: anyway so i gave in and i left it, booted up, ran Avg again & it found 2 more + the original .sys file - these new ones i could see were 'MRT.exe' and the same but with 'memory 08de0000' at the end. I knew MRT had the file somewhere so presume both new infections were acceptable for now.
Avg then 'cleaned' the MRT.exe infection which i thought could cause MRT to crash or something @ reboot - it didnt.. but avg then had 2 files it couldn't deal with.. so i just gave in & rebooted when finished.
All seemed well, but i knew by the recent bootup & down times, initial internet connection page speed etc that something was still wrong so i re-scanned both Mbam & avg again, this time checking all boxes and Avg found Trojan Gen19.AGYH & Trojan Gen19.AGYV in 4 files, 3 being spool .dll's & 1 was sys32\config temp file, it cleaned them all.
I doubted my efforts had erased it as i had the win32/virut virus in 2009 and ended up re-installing windows, but i had more faith in removing this one as it didnt eat .exe files like virut did, so I rebooted again and browsed for more help incase i had trouble with my XP disc.
I found this site and saw the mentioned win32/Alureon infection listed... mine didnt do what all others did with the re-directing so i didnt follow any leads there, but i did see i had to get rid of Avg as its now bloated and I got Win Security Essentials and will prob get Comodo Fwall...
Win.Sec Ess found 1 & cleaned it, Mbam then found nothing, and they still don't find anything today, but i now have Windows File Protection popping up at every bootup saying a need to replace files in the dll cache.. my XP cd-rom is apparently an 'older version than the one on the pc' and cannot copy from it using Recovory Console. This window will not go away so how do i find out whats missing ( i did note the 3 spool dll's that the gen19 trojan infected), i mean how do i know for sure which important windows files need replacing? the web seems to work ok today, pc is slow at bootup and bootdown is much worse. i havent tried every software yet but i've had no other difficulties since.
Please help me with the File Protection so i can be sure my pc is clean & fixed...
Thanks
Edited by Manc, 18 October 2010 - 04:49 PM.
Sign In
Create Account
