Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alureon.J stays for the past 2 weeks [Closed]

Alureon.J TDSS

  • This topic is locked This topic is locked

#1
snvasanth

snvasanth

    New Member

  • Member
  • Pip
  • 1 posts

Hi there,

 

I have both Microsoft Security essentials and McAffee Antivirus for the past couple of years with no issues. Couple of weeks ago Security essentials started finding Alureon.J and keeps quarantining it at login and atleast once in an hour. Now for the past 1 week, it detects it every time I launch an application or run some exe file. Quarantine or Remove as the default action doesn't make any difference.

 

TDSSKiller -> this found 6 unsigned other items (not Alureon.J). Removed them. It did find Alureon.J once but I was able to only Skip it. When I found it one another time, I tried deleting it, bunch of 4 or 5 viruses were found. Now, it doesn't find this for the past 1 week.

 

Malware bytes, Super Antisypware, Malware byte anti rootkit, NPE, Offline Windows Defender from Flash Drive -> nothing helps.

 

Partition Table from Malware Byte Anti RootKit:

===============================

Partition 0 Type is Other (0xde)
NOT ACTIVE
Starts at LBA: 63, Numsec = 160587

Partition 1 Type is Primary (0x7)
ACTIVE
Starts at LBA: 161792, Numsec = 1536000
bootable

Partition 2 Type is Primary (0x7)
NOT ACTIVE
Starts at LBA: 1697792, Numsec = 975073280

Partition 3 Type is Empty (0x0)
NOT ACTIVE
Starts at LBA: 0, Numsec = 0

 

Any suggestions?

 

Thanks,

Vasanth


  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello snvasanth, welcome to Geeks To Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Windows XP: Double-click FRST.exe to run the programme. 
    Windows Vista/7/8: Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
aA7bkRO.png aswMBR

  • Please download aswMBR and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Windows XP: Double-click aswMBR.exe to run the programme. 
    Windows Vista/7/8: Right-Click aswMBR.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.
 
======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • aswMBR log

  • 0

#3
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hello,

Do you still require assistance?
  • 0

#4
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP