Alureon-G in rootkit! Please help me!!

A few weeks ago I noticed my XP SP3 pc started slowing down and started to show pop up ads ALL the time! I was using AVG anti virus and I kept getting warnings about my viruses infecting my computer! I learned that the virus was no virus but a trojan called Alureon.p I got a new anti virus (Avast, comfix, and malwarebytes, I scanned and cleaned my computer) So I thought until last week when I attempted to go on line for the first time and get windows updates (Trojan will not allow updates to run)I noticed my system was extremely slow and the pop ups came back so I did another scan and this time Avast tells me that I am now infected with Alureon-G which is in my opionion a billion times worse than Alureon.p I am getting so frustrated that I am ready to do a clean install on my system but I can’t even do that because I don’t have the boot disc that origianlly came with the system (its a hand me down) … blah blah blah! right??

Ok so yesterday I came across information here about downloading and running aswMBR and this is the information log that I saved:

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-28 09:47:14

09:47:14.937 OS Version: Windows 5.1.2600 Service Pack 3
09:47:14.937 Number of processors: 2 586 0x403
09:47:14.937 ComputerName: DELLXPS400 UserName: CTG
09:47:16.375 Initialize success
09:47:17.421 AVAST engine defs: 11062800
09:47:30.984 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-0
09:47:30.984 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
09:47:30.984 Disk 0 MBR read successfully
09:47:30.984 Disk 0 MBR scan
09:47:31.031 Disk 0 MBR:Alureon-G [Rtk]
09:47:31.046 Disk 0 TDL4@MBR code has been found
09:47:31.046 Disk 0 Windows XP default MBR code found via API
09:47:31.046 Disk 0 MBR hidden
09:47:31.046 Disk 0 MBR [TDL4] ROOTKIT
09:47:31.046 Disk 0 trace - called modules:
09:47:31.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868166f0]<<
09:47:31.046 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x87178ab8]
09:47:31.046 3 CLASSPNP.SYS[f75d2fd7] → nt!IofCallDriver → [0x867d1268]
09:47:31.062 \Driver\iastor[0x86861c98] → IRP_MJ_CREATE → 0x868166f0
09:47:32.031 AVAST engine scan C:\WINDOWS
10:02:59.062 File: C:\WINDOWS\pchealth\helpctr\OfflineCache\Professional_32#0409\0000024e.query HIDDEN
10:03:01.421 AVAST engine scan C:\Documents and Settings\CTG
10:12:45.156 AVAST engine scan C:\Documents and Settings\All Users
10:13:38.750 Scan finished successfully
10:15:45.687 Disk 0 MBR has been saved successfully to “G:\My Stuff\Avast Info\MBR.dat”
10:15:45.718 The log file has been saved successfully to “G:\My Stuff\Avast Info\aswMBR.txt”

Can someone please tell me what to do next?

*scan again and click “fix” and reboot
*after reboot scan again and click “save log” and post it here in next reply

:smiley:

Thanks Pondus!! Actually I want to thank you very much for your response! I am extremely happy to announce that I have fix the problem with some help from tdsskiller (IT really does cure the problem but you have to make sure that what ever anti virus you are using is NOT corrupted by alureon (that was my situation)) I also got an excellent firewall by a company called Emsisoft

As soon as I used tdsskiller I was able to go to the windows update site with absolutely NO problem!!
I had this trojan for over a month and I was starting to loose faith avg, Panda nor could Avast kill it but tdsskiller did!! AWESOME! 8)