Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cannot remove alureon.a


  • This topic is locked This topic is locked

#46
yellowpower123

yellowpower123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
After the short scan in step 1, nothing was found from the short scan but there was a window pop up from Dr.Web that said "Windows operating systems use the HOSTS file to map text hostnames to IP addresses. Modifications to the HOSTS file indicate possible operation of malicious software. Do you want to restore the default HOSTS file? (A copy of existing HOSTS file will be stored in the Dr.Web Quarantine directory.--- written in a lighter color) Yes or No?"

is rebooting at the end all it will take to restore the default file (if that should be done)?
  • 0

Advertisements


#47
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let it change HOST file. It's OK.
  • 0

#48
yellowpower123

yellowpower123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
When I refreshed this page to see your response, I didn't see the second to last one about deleting the antivirus programs until now. I hope it's ok that I did the DR.Web before I deleted the antivirus programs (it was turned off during the scan).

Dr.Web Log

_desktop.ini;C:\cabs\D00805-001-001;Win32.HLLW.Gavir.ini;Deleted.;
OTL.exe;C:\Documents and Settings\Administrator\Desktop;Trojan.Siggen2.43612;Incurable.Moved.;
0E4C0000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.52641;Incurable.Moved.;
0E4C0001.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.52641;Incurable.Moved.;
0E4C0002.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.52641;Incurable.Moved.;
4DF47CEC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40000;Trojan.Siggen2.10592;Incurable.Moved.;
4DF47CED.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40000;Trojan.Siggen2.10592;Incurable.Moved.;
4DF47D06.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40001;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D07.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40001;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D0E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40002;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D0F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40002;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D18.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40003;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D19.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40003;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D21.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40004;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D22.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40004;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D2A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40005;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D2B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40005;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D32.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40006;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D33.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40006;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D3A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40007;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D3B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40007;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D43.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40008;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D44.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40008;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D4B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40009;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D4C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B40009;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D52.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B4000A;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D53.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B4000A;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D5A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B4000B;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4DF47D5B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00B4000B;Trojan.PWS.Siggen.10506;Incurable.Moved.;
4D436C4C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C400000;Trojan.Fakealert.19786;Deleted.;
4E6CAAFC.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C680000;Win32.HLLW.Autoruner.25074;Deleted.;
4FFADACB.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F900003;Trojan.DownLoad1.60836;Deleted.;
  • 0

#49
yellowpower123

yellowpower123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Dr.Web moved OTL.exe somewhere, can I just download another one?

Side note: somehow "Clean this" icon is on my desktop but I never click on it because I didnt trust it. This happened during the time my comp was infected with a virus.
  • 0

#50
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Dr.Web log is clean. All that it found is quarantine files. Did you remove one of your antivirus software? Let's see where we stand now:

Download OTL to your Desktop

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the "Scan All User" checkbox
  • Change "Extra Registry" option to "SafeList"
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

  • 0

#51
yellowpower123

yellowpower123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
yes, I deleted Microsoft essential & I only have symantec Antivirus program now (not including aswmbr & Dr.Web)

I tried to download OTL on my flashdrive and copy it to my desktop on my other computer, but I couldn't remove my flashdrive. It kept saying "Generic volume cannot be stopped right now." I tried to download a Unlocker but I couldn't find one/ the website didnt work. I didn't want to pull it right out and data might be lost. What's weird is the only thing I did was download the OTL to the flashdrive then I existed when the download is complete--I didn't open any other file on my computer so I don't know why I can't safely remove it.
  • 0

#52
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You can remove your USB memory by unplugging it from your PC. There are very low chance to lose your data. If you have very important data then first turn off your PC then unplug it from it.
  • 0

#53
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP