I hadn’t turned on this computer in a while, and saw it had a bunch of windows updates to do. Updated those, then did a boot scan afterwards and this came up.

Threat MBR:Alureon-I [Rtk]

The weird part is it looks like Avast is saying that the infection is in an Avast file? I attached a photoshop of the scan. This computer has Windows 8 64 bit.

Can anyone tell me what this is and what I should do about it? I honestly have no idea, and I can barely figure out how to do anything on this computer with this blasted new OS.

My main concern is, could this spread to my other three computers through the wireless modem? I don’t use this one for anything important since I can’t really figure out how to use it but I want to clear it off and make sure it doesn’t spread, if it’s a real problem.

hello let’s verify one thing :

Launch this tool then choose the option “Look”

http://www.security-helpzone.com/Tools/g3n/Part_Look.exe

a report will be created on the desktop which will be named “Part_Look.txt”

give the link of the report which you’ll accomodate here : http://cjoint.com

it’s possible you have to disable “SmartScreen”

something other :

it’s SuperAntiSpyware I see in your notification zone ? you can uninstall it , it’s obsolète , and Avast! does a better work

Hi Gen

I downloaded the thing you said, and it made a Part_Look.txt report, but I don’t know how to use that other website you said (it’s in french or something)? So I attached the txt here and also copy pasted but I don’t know what this means?

¤¤¤¤¤¤¤¤¤¤ Part_Look | g3n-h@ckm@n ¤¤¤¤¤¤¤¤¤¤

Disk: 0 Size=305G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

0 0 EE-UNKNWN 21.0T No No 1 294,967,295

Does that mean there is no problem?

I also ran Malwarebytes and it didn’t find anything.

your HDD is a SSD ?

I’m sorry I’m not sure what that means. My computer is a laptop that I bought, so it’s not something I made if that is what you’re asking. It’s this model HP 2000 2b43dx
http://www.amazon.com/HP-Laptop-Radeon-Built-In-Webcam/dp/B00C5M6UGE

Also, just to add the superantispyware has been acting weird saying it hasn’t updated even though I’ve updated alot. And my ad block plus on my browser doesn’t seem to be working either. Not sure if that’s part of this.

Is there another report I need to run for you to tell me if this is something bad? All I did was tell Avast to move to chest, not sure what else to do. I just installed Spybot S&D because I heard that is good and I got a report from that but doesn’t seem to have the same thing pop up like in avast.

Thank you so much for helping me with this I’m really clueless about it. My main concern is to prevent this from hurting my other computers, I have them all turned off right now. Do you think it is safe to turn them on or will they become infected?

Hi, I haven’t really had any responses about what I should actually do. Can someone please tell me what I should do to make sure this isn’t a real problem? I really need to use my other computers but I am afraid to turn them on. Can someone please tell me about this issue?

be patient…he is not online 24/7 so when using a forum you have to wait until the helper is back online

what is SSD. http://www.storagereview.com/ssd_vs_hdd

hello

Download and register http://www.bleepingcomputer.com/download/adwcleaner/dl/125/ ADWCleaner on your office(desk):

don’t click Download , wait that the download window arrives for confirmation

Launchit , (For vista / 7 / 8 = > right click " run as administrator")

Click abolition(deletion) and post C:\Adwcleaner [ Sx].txt

======================

Download and register Malwarebytes Anti Rootkit by clicking this link on your Office(Desk):

http://downloads.malwarebytes.org/file/mbar

• The file mbar xxxxx.zip on your office(desk) unwinds (right click on mbarxxx.zip and choose to unzip here)
  *Launch by double-clicking it on the file mbar.exe. (In the directory mbar)

/! \ Important : under Vista and Windows 7/8, it is necessary to launch the file by click-right - > to Execute as administrator

• In the following windows, click “Next”

• Click the option of update " Update "

• Wait during the update, then click “Next”

• If it is not already made, selects "3 compartments (drivers, Sectors, System) ".

• Wait

• Once the ended scan, a window opens, click on OK. Two possibilities :

== > if the program found nothing, clicks Exit.

== > if infections are present your PC will reboot several times

2 Reports are generated and are registered in the directory of where you launched Mbar.exe (generally the Desktop).

== > system-log.txt
== > mbar-log-date (*****) .txt

• Post 2 reports in your next answer in attached files.

I am going to post them as soon as I get them, thanks! I am having problems right now because before I saw your post I tried to use the “reset to factory default on win 8”, I thought it would erase all the problems (by reinstalling windows 8 ), but doesn’t seem to be working right. Windows update doesn’t work at all now.

I’m running the malwarebytes anti rootkit now but I don’t know how long it will take.

ok I’m waiting

Okay, I ran the reports but it didn’t find anything. Also I ran the malwarebytes one and the adcleaner one in safe mode and they still found nothing.

My windows updates are completely not working, I think maybe my whole backup on the computer is corrupted so I ordered a recovery cd so I can reinstall again.

I’m going to rerun the avast too to see if I can get it to come up again.

hello

sorry but I have lot of work coding…

==

Attention!!!: Only these links are officials do not download the tool on other links!!
Attention!!!: this tool can be detected wrongly as virus
Attention!!!: this tool is powerful to follow scrupulously the instructions below

All the processes " not vital of Windows " are going to be cut, register(record) your work. There will be an extinction of the office(desk) during the scan - > no panic.

Deactivate all your protections if possible, antivirus, sandbox, firewalls

Download and register(record) Pre_Scan on your office(desk):

http://Http://services.service-webmaster.fr/cpt-clics/clics-30453-6820.html (renamed(reappointed) winlogon)

Or, if the link is not functional:

http://Http://www.archive-host.com/files/1731274/ecd939269bcc7cdfed2d2e726c22709a32db3067/winlogon.exe (Renamed(reappointed) winlogon)
http://Http://www.security-helpzone.com/Tools/g3n/winlogon.exe (renamed(reappointed) winlogon)

If the tool is boosted(relaunched) several times, he will propose you a menu and if no option is asked, launch the option " Scan|Kill "

If the tool is blocked(surrounded) by the infection use this version with these other extensions:

http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.scr
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.pif
http://Http://www.security-helpzone.com/Tools/g3n/Pre_Scan.com

If the tool detects a proxy and if you did not install(settle) click " to delete(eliminate) the proxy "

It is possible that black windows flash, let it work.

The tool is going to send on a server the viruses which it quarantined so that I can study these more in-depth infections.

Let the tool restart your computer.

Post Pre_Scan_date_hour.txt which appear in the root of your record(disk) system (generally C:)

DO NOT POST IT ON THE FORUM!!! it is too long

Accommodate the report on http://cjoint.com then give the link obtained , or attach it here