Avast has identified an infection with MBR:Alureon-G RTK and various other issues, cleaned what it could and ran a boot scan.
Rebooted several times but Avast is still throwing up infection messages. How do I get rid of this?
Cheers,
MBR:Alureon-G RTK (and others?) - help with removal please
Started by
rolybaldwin
, Aug 22 2011 09:34 AM
-
This topic is locked
#1
Posted 22 August 2011 - 09:34 AM
rolybaldwin
-
- Member
-
- 4 posts
New Member
Avast has identified an infection with MBR:Alureon-G RTK and various other issues, cleaned what it could and ran a boot scan.
Rebooted several times but Avast is still throwing up infection messages. How do I get rid of this?
Cheers,
#2
Posted 22 August 2011 - 09:59 AM
rolybaldwin
- Topic Starter
-
- Member
-
- 4 posts
New Member
So I ran TDSSKiller which found and fixed it, rebooted, still there.
Ran aswMBR which found and fixed it, rebooted, still there.
aswMBR log coming...
Ran aswMBR which found and fixed it, rebooted, still there.
aswMBR log coming...
#3
Posted 22 August 2011 - 10:01 AM
rolybaldwin
- Topic Starter
-
- Member
-
- 4 posts
New Member
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-22 16:56:55
-----------------------------
16:56:55.093 OS Version: Windows 5.1.2600 Service Pack 3
16:56:55.093 Number of processors: 2 586 0xF06
16:56:55.093 ComputerName: DIM9200 UserName: Owner
16:57:02.421 Initialize success
16:57:02.609 AVAST engine defs: 11082200
16:57:06.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
16:57:06.234 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 3
16:57:06.281 Disk 0 MBR read successfully
16:57:06.281 Disk 0 MBR scan
16:57:06.281 Disk 0 MBR:Alureon-G [Rtk]
16:57:06.281 Disk 0 TDL4@MBR code has been found
16:57:06.281 Disk 0 MBR [TDL4] **ROOTKIT**
16:57:06.515 Disk 0 scanning C:\WINDOWS\system32\drivers
16:57:29.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:57:29.343 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR5.txt"
16:58:11.921 Service scanning
16:58:13.593 Modules scanning
16:58:24.843 Disk 0 trace - called modules:
16:58:24.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:58:24.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e0030]
16:58:24.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8a7fc030]
16:58:25.406 AVAST engine scan C:\WINDOWS
16:59:12.265 AVAST engine scan C:\WINDOWS\system32
16:59:24.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:59:24.250 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR6.txt"
Run date: 2011-08-22 16:56:55
-----------------------------
16:56:55.093 OS Version: Windows 5.1.2600 Service Pack 3
16:56:55.093 Number of processors: 2 586 0xF06
16:56:55.093 ComputerName: DIM9200 UserName: Owner
16:57:02.421 Initialize success
16:57:02.609 AVAST engine defs: 11082200
16:57:06.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
16:57:06.234 Disk 0 Vendor: Hitachi_ V5DO Size: 238475MB BusType: 3
16:57:06.281 Disk 0 MBR read successfully
16:57:06.281 Disk 0 MBR scan
16:57:06.281 Disk 0 MBR:Alureon-G [Rtk]
16:57:06.281 Disk 0 TDL4@MBR code has been found
16:57:06.281 Disk 0 MBR [TDL4] **ROOTKIT**
16:57:06.515 Disk 0 scanning C:\WINDOWS\system32\drivers
16:57:29.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:57:29.343 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR5.txt"
16:58:11.921 Service scanning
16:58:13.593 Modules scanning
16:58:24.843 Disk 0 trace - called modules:
16:58:24.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:58:24.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7e0030]
16:58:24.859 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8a7fc030]
16:58:25.406 AVAST engine scan C:\WINDOWS
16:59:12.265 AVAST engine scan C:\WINDOWS\system32
16:59:24.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:59:24.250 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR6.txt"
#4
Posted 22 August 2011 - 10:36 AM
rolybaldwin
- Topic Starter
-
- Member
-
- 4 posts
New Member
Tried a different cure with TDSSKiller and it seems to have gone, now.
Thanks if you read this far!
Thanks if you read this far!
#5
Posted 22 August 2011 - 11:11 AM
Gammo
-
- Malware Removal
-
- 2,299 posts
Member 2k
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
