Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alureon variant?


  • Please log in to reply

#1
MS-Free

MS-Free

    Member

  • Member
  • PipPipPip
  • 425 posts
I have no noticeable symptoms (besides the weird double-underlined green links in IE5 that provide little pop-up ads on hover, if that's anything).

This is a clean install of Windows XP (SP2) (virtualized via VirtualBox: Host OS: Ubuntu 10.10), nothing has been downloaded or installed (besides some VirtualBox integration software, and the things required as part of the Start Here guide).

I Couldn't get OTL to run (got an error message stating that OTL is not a valid Windows Executable)- tried downloading it several times to try to insure it wasn't the result of a corrupted download.

Wouldn't have even suspected anything if it weren't for the fact that as I side project I was trying to get a deep understanding of the things contained within the registry; What could/could not be changed, possibly the effects of adding/removing certain values/keys, etc.)

Looking over the export I found 2 entries that just didn't make sense (Neither Word, Excel, nor Office are installed):

HKLM\SOFTWARE\Classes\*\OpenWithList\Winword.exe
HKLM\SOFTWARE\Classes\*\OpenWithList\Excel.exe

All the hits on Google for those entries seem to point to the presence of an Alureon variant (ironically I believe that this was/is one of the infections being "Studied" with my current Practice Log, but I digress. ). Might-as-well take it to the "Experts" for conformation. (Also provides a great excuse to see things from a users prospective - great addition for my training that I wasn't expecting to have. :D)

MBAM turned up nothing as did a scan with Avira.

The GMER log (ark.txt) proved to be 10.5MB - don't know how you want me to provide that part. Appeared that there were a lot of False Positives being reported as a result of the VirtualBox Additions.

MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4945

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10/25/2010 2:31:04 PM
mbam-log-2010-10-25 (14-31-04).txt

Scan type: Quick scan
Objects scanned: 123644
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Oh, and for some reason the system boot drive is E: (not that it should really make much of a difference.)

Edited by MS-Free, 27 October 2010 - 04:05 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP