Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How can I remove the MBR:Alureon-G [Rtk] [Closed]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that you selected delete for this :

\Device\Harddisk0\DR0 ( TDSS File System )
  • 0

Advertisements


#17
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
I did select delete.

I also ran a scan with AVAST and got ZERO files infected. Before, it was 1... that MBR:Alureon-G [Rtk] virus. It's gone! :) But the computer is still refusing to shut down. It's been 6 minutes and I had to select "Turn off" again. That little hour-glass just keeps turning over and over.

OK, after 2 minutes, the regular arrow cursor returned but no shut-down. Do you have any idea why this is still happening?

Thank you so much for getting rid of the virus!

I thought the shut-down problem was part of the virus symptoms.

The hour-glass only appears when the cursor is over the taskbar.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that would suggest that one of your programmes is not shutting down properly

First I will clear my tools and then we will investigate that :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

Let me know once that has completed and I will then look at the other problem
  • 0

#19
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
OK I'm currently turning the computer off and restarting it again multiple times. At first, it would not shut down at all... and that's been going on since yesterday. But today, after about 3 cycles, a message came up and disappeared before I could read it, and the computer did shut down after clicking on the shut down thingie. Then the next time, it shut down quickly. I tried it maybe 3 more times and it still shut down normally. Now I'm gonna try the green 'restart' button and see what happens.

Jeez! You really did a great job.

Yes, that makes sense. Something wasn't shutting down. But it seems to've corrected itself with the multiple shut-downs, don't you think? I'll do the other stuff tomorrow though, just to make sure.

I have no money but as soon as I can afford something, I'll surely contribute. This will be life-changing. I have the text-to-speech program on the laptop. It's no longer available on the PC. Only on the Mac now. But Macs are not accessible to me. Their screen magnifier is totally YUCKY! You gotta press 4 keys to bring up a window to adjust it!!!! The Windows magnifier can be dragged anywhere and re-sized instantly just with the mouse.

Thank you totally for lending me your super-smart brain! :)
  • 0

#20
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
I spoke too soon! :) After a short while of being away from the computer, I came back and chose 'turn off computer," and no box came up. After a few minutes, the box 'flashed' on for a split second and the tumbling hourglass turned back into an arrow. That's what's happening now, each time I try to shut down. Whaaah...
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now see if we can locate the culprit

Step 1: Start the System Configuration Utility

1.Click Start, click Run, type msconfig, and then click OK.
2.The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options

1.In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2.Click to clear the Process SYSTEM.INI File check box.
3.Click to clear the Process WIN.INI File check box.
4.Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5.Click the Services tab.
6.Click to select the Hide All Microsoft Services check box.
7.Click Disable All, and then click OK.
8.When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows

1.If you are prompted, log on to Windows.
2.When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

Notes?

You have used the System Configuration Utility to make changes to the way Windows starts.
?The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
?Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.


Now reboot and then shutdown a few times to see if that cures the problem
  • 0

#22
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Also, I neglected to mention that the shutting down problem existed before I came to the forum looking for help with the virus. I thought that symptom was from the virus.
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Probably not as it is a known problem with XP :)
  • 0

#24
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Do you still want me to remove all those cool programs we used?
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes as they are regularly updated :)
  • 0

Advertisements


#26
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
A log was generated at restart... I'm posting it, just in case you need it.

All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jonaGOOK
->Temp folder emptied: 639123 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52159356 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jonathan Ran
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: SHMOINKIE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49635 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 105959362 bytes

Total Files Cleaned = 152.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05162013_102841

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#27
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
JAVA:

I don't know what kind of programs use Java.
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Generally it is online games, if you do not use them then uninstall Java
  • 0

#29
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Apparently, I'm not the admin on this computer!!!! So I can't make the changes you told me to make. How do I find out who IS the admin. It may be my friend who had this computer before me, or it could be the agency he got it from. I've been distracted by the computer's problems and I overlooked the admin thing. :(

I'm starting to get bogged down! If I gave you the list of all the things wrong with my brain, you might even find it funny! Your instructions are the easiest I've ever encountered... but I'm beginning to slow down. I'm an Aspergers person... and for the most part, I only understand literal instruction. And if the instructions aren't totally linear, I could easily get confused at some point. The data is beginning to back up in my head and I fear I may be starting to lose some of it. :(

Ready to continue in spite of it though. :)
  • 0

#30
Goggleplex-Googleplex

Goggleplex-Googleplex

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Oops! I'm in the Configuration Utility.....
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP