Window XP: Removing Aleureon-B@mbr?

  • Thread starter Thread starter (PeteCresswell)
  • Start date Start date
P

(PeteCresswell)

I'm in the process of trying to fix up an old Dell Inspiron B130
laptop for somebody.

First thing I did was replace the expired McAfee virus protection
with the freebie version of Avast.

On the first scan, Avast identified 10 infected files and I had
it move them to Avast's "Chest". Going by file
names/directories, none of them looked particularly critical to
the system's functioning and, indeed, it seemed to run OK after
the next boot.

Then I scheduled a boot scan which turned up Malware-Gen and
something called Alureon-B@mbr - which sounds ominous to me, who
knows next to nothing.

Apparently it belongs to the category of malware called "root
kit" - of which I know zilch except that it is reputedly harder
to detect and maybe impossible to remove.

Can anybody elucidate?
 
I'm in the process of trying to fix up an old Dell Inspiron B130
laptop for somebody.

First thing I did was replace the expired McAfee virus protection
with the freebie version of Avast.

On the first scan, Avast identified 10 infected files and I had
it move them to Avast's "Chest". Going by file
names/directories, none of them looked particularly critical to
the system's functioning and, indeed, it seemed to run OK after
the next boot.

Then I scheduled a boot scan which turned up Malware-Gen and
something called Alureon-B@mbr - which sounds ominous to me, who
knows next to nothing.

Apparently it belongs to the category of malware called "root
kit" - of which I know zilch except that it is reputedly harder
to detect and maybe impossible to remove.

Can anybody elucidate?
Click to expand...

Hello Pete:

You want TDSSKiller:

<http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller>

HTH
 
From: "(PeteCresswell)" <[email protected]>

| Per 1PW:
| I think I'm gonna have to go there.

| Just ran the second Avast Boot-Time scan and it found zero
| problems.

| Yet, once one of the users' sessions was up and just sitting
| there, Avast popped a couple of "Threat Detected" messages from
| it's web scanner...

| Sounds like somebody is trying to get in or out, right?

1PW is correct. Alureon is another name for the TDSS RootKit.

Run the Kapsersky TDSSKiller
http://support.kaspersky.com/viruses/solutions?qid=208280684

Clean up with Malwarebytes' Anti Malware (MBAM).
 
Per David H. Lipman:
Run the Kapsersky TDSSKiller
http://support.kaspersky.com/viruses/solutions?qid=208280684

Clean up with Malwarebytes' Anti Malware (MBAM).
Click to expand...

In light of the wisdom so far, here is what I'm down to,
procedure-wise (given that Avast is my day-to-day anti virus):

--------------------------------------------------------
1) Schedule/execute Avast Boot-time scan, ===> WHICH DID NOT
DETECT TDDS ROOT KIT <=== ... but hey, I've got Avast
installed, so why not run it just for good measure....
Who knows, it might find something else that Kaspersky
misses....

2) Download latest Kaspersky rescue CD and run it.

3) Use Kaspersky's "TDDSKiller.exe" to remove any TDDS root kits.

4) Run MalwareBytes' MBAM utility just tb sure.

5) Run Windows defrag

6) HD Tune' disc check for bad blocks

7) Image the hopefully-clean system
 
Per David H. Lipman:

In light of the wisdom so far, here is what I'm down to,
procedure-wise (given that Avast is my day-to-day anti virus):

--------------------------------------------------------
1) Schedule/execute Avast Boot-time scan, ===> WHICH DID NOT
DETECT TDDS ROOT KIT<=== ... but hey, I've got Avast
installed, so why not run it just for good measure....
Who knows, it might find something else that Kaspersky
misses....

2) Download latest Kaspersky rescue CD and run it.

3) Use Kaspersky's "TDDSKiller.exe" to remove any TDDS root kits.
Click to expand...

You probably meant to type: TDSSKiller and TDSS
4) Run Malwarebytes' MBAM utility just tb sure.
Click to expand...

MBAM isn't a utility. It's one of your full fledged antimalware
layers that works in conjunction with, and supplements, Avast.
Seriously consider purchasing the MBAM Pro version to fill-in much
needed full-time protection.
5) Run Windows defrag

6) HD Tune' disc check for bad blocks

7) Image the hopefully-clean system
--------------------------------------------------------
Click to expand...

Consider running GMER to check for additional rootkits:

<http://www.gmer.net/>

Additionally consider SpywareBlaster and HostsMan for future layered
protection.

You might consider running David Lipman's Multi-AV Scanning Tool
instead of step 2. The URL is in his Sig.
 
1PW said:
layered
protection.
Click to expand...

Isn't "layered protection" just another term for a bloated system,
when a safer config would obviate all of it?
Oh, and be sure to have it running all at the same time <g>
 
Win64: Alureon-B@mbr [rtk] is a nasty Trojan horse that directly attack on system files and thus make your Windows based system almost unusable. You can also use manual methods to delete this severe infection, but manual method is very risky and a cumbersome process and it does not ensure about the complete deletion of this infection. It is recommended to use Automatic Win64: Alureon-B@mbr [rtk] Removal Tool for the complete removal of this severe infection.


Read More
 
Back
Top