alureon-k!!!...new guy

i have the alureon-k and have been through a list of things to get it out. after a fresh install of avast, a full scan finally recognized it but wont get rid of it. moving it to the chest isnt an option. deleting it doesnt get rid of it.

here is what i have tried thus far(with no supervision by anyone who knows what they are doing) :wink:

avast boot scan- all clear
MBAM- full scan didnt find it
Superantispyware- removed the typical stuff but didnt find this
combofix- wouldnt scan at all, just hung up at the starting of the scan
tdsskiller- wouldnt open or run
eset- found nothing
bitdefender- nothing
microsoft security essentials- found nothing
stared at the screen with an angry face- didnt work
threatened with a baseball bat- nothing

i have read there is a “partition” that is protecting the files from being removed. if you guys can walk me through this i would greatly appreciate it.

running windows xp pro service pack 3

OK lets see what aswMBR says

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif

wont open :-\

OK before I proceed with the tedious bit

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

i’m using the only computer i have(laptop)

I need you to download:
gparted-live-0.10.0-3.iso (115.1 MB)

Create a bootable CD, for Gparted from the ISO image.
You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

http://img829.imageshack.us/img829/5772/gpartedsplash.th.png

You should be here… Press ENTER

http://img5.imageshack.us/img5/7286/gpartedkeymaps.th.png

By default, “do not touch keymap” is highlighted. Leave this setting alone and just press ENTER.

http://img404.imageshack.us/img404/9840/gpartedlanguage.th.png

Choose your language and press ENTER. English is default [33]

http://img140.imageshack.us/img140/7958/gpartedgui.th.png

Once again, at this prompt, press ENTER
You will now be taken to the main GUI screen below

http://img32.imageshack.us/img32/1122/gpartedo.th.png

According to your logs, the partition that you want to delete is 2 MB

Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:

http://img233.imageshack.us/img233/1533/gpartedsteps.th.png

Now you should be here:

http://img696.imageshack.us/img696/8471/gpartedsuccessclose.th.png

http://img194.imageshack.us/img194/7753/gpartedboot.th.png

Is “boot” next to your OS drive?

If “boot” is not next to your OS drive under “Flags”, right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:

http://img196.imageshack.us/img196/3483/gpartedmanageflagsboot.th.png

Now double-click the
http://img822.imageshack.us/img822/641/gpartedexit.png
button.

You should receive a small pop up like this:

http://img88.imageshack.us/img88/8986/gpartedexitreboot.png

Choose reboot and then press OK.

is there any way to do it without making a boot disc? my cd drive has decided to quit working. i had a similar virus on a desktop several years ago that did the same thing to the cd drive.

Download and install LinuxLive USB Creator on your MS Windows computer. http://www.linuxliveusb.com/
Download the GParted Live iso file. http://gparted.sourceforge.net/download.php
From Windows, install then run the LinuxLive USB Creator program and follow the instructions in the GUI to install GParted Live on your USB flash drive.

Then reboot from the flash drive and follow the previous instructions

not working either :frowning:

port wont recognize the usb drive

Within disc management could you right click bad partition and see if the delete option is available - just look

Then copy aswMBR.exe to your root c drive and rename it to explorer so you then get C:\explorer.exe

Then from the run key type in the following

C:\explorer.exe -ap 1

Does it run ?

THEN

We need to install the recovery console so I will use Combofix to do that. When it runs allow the installation of the recovery console

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

to be sure i am renaming it right. aswMBR is on my c: drive folder. just click the icon and rename it “explorer”?

and i already have combofix. i downloaded it yesterday

Yes rename it and see if we can fool the malware

Is the delete option available for that partition ?

aswMBR gave me “application failed to initialize”

and the delete option was unavailable

OK go and run combofix - so that I will have the option of using the recovery console to switch partitions

By the time it has finished running and you have posted the log I may have a way around this

ok i will run combofix.

just to note though. i bought this laptop used several months ago and dont have a recovery cd. what other options do i have if i cant get rid of this virus? baseball bat?

As a last resort the recovery cd will work but mayhap we can do it in without resorting to that and losing all your data

What do i do if combofix freezes?since i dont have a recovery cd what

Options will i have?nnn

Combofix locked up. Clock wouldnt even keep time :-[

Could you reboot
Then look in C:\ and see if there is an i386 folder

there is an i386 folder