Alureon K, yes I think I have it too!!!

OK, so I put my laptop into hibernate earlier today, went out, then when I went to switch it back on it started up as if it had been shut down.
First thing I noticed that was wrong was on launching Google Chrome, all my bookmarks, history, cookies etc have disappeared. I then started getting these Mal URL pop ups from avast as people have described in other threads, even when there was no browser open.
I ran Malwarebytes and it picked up a trojan and a worm. I then did a full avast scan, followed by a bootscan. The bootscan picked up something in MBR,
sorry but I am not that computer literate and didn’t even know what MBR was.
The laptop also seems to have trouble restarting and hangs on the HP screen with the message saying press esc for startup menu, but even pressing escape does nothing. I had to hold down the power key until it went off, then press it to start again and it seemed to start ok.
But I was still getting these pop ups so tryed a system restore back to two days ago.
Unfortunately, I think this has deleted the log files from avast/Malwarebytes?

At one point chrome and IE would not launch, but seem to be OK at the moment. Still getting the Malicious URL blocked pop ups though.

Please help? and in idiot-speak if possible, as I say I am at intermediate level as regards computers :-\

thanks in advance

Follow the guide here and attach logs from Malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Watching ;D

wow! you guys are quck off the ball!!

Malwarebytes file here:

Got some new baddies too by the looks of it

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kim :: KIM-HP [administrator]

29/03/2012 21:49:28
mbam-log-2012-03-29 (21-49-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238647
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\sooi832.bin (Trojan.SpyEyes) → Quarantined and deleted successfully.

Files Detected: 1
C:\sooi832.bin\92DE80CB04C426A (Trojan.SpyEyes) → Quarantined and deleted successfully.

(end)

Do I need to do this OTL thing now? I’m wondering how I’m going to copy instructions and copy&paste if I close all windows ???

Do I need to do this OTL thing now? I'm wondering how I'm going to copy instructions and copy&paste if I close all windows
first you download OTL and save to desktop, then double click the OTL icon... when it is opens you copy and paste [b]the black script [/b]in to OTL ( see the instructions ) close all windows but not OTL....you are suppose to run that ;)

when done it will place to logs…on desktop…attach those

here ya go :smiley:

can’t seem to get aswMBR to run?

OK essexboy will help you

i see you are running Norton internet security and avast …never install multiple AV

No norton running as far as i was aware!!!
i do know not to run two at once :confused:

it’s installed, but never run it…and is disabled

Disabled isn’t enough as the low level drivers are still loaded and it is in this area that conflict can lock actions of the other AV leaving you less well protected.

You have to uninstall it at the very least and preferably run the uninstall tool also.

OK, removal done.

Had to restart after and it hung on HP screen again. Pressed power off and power on to get back :-\

(really grateful for your assistance btw)

it is bed time…essexboy is back tomorrow night :wink:

Thanks for your help. Got to use laptop for work tonight so hope it survives :-\

Hopefully see you tomorrow

Should I be working in safe mode until this is sorted?

Have been using PC today and not getting the pop up as often but am getting weird redirects from google searches, down to Alureon K I presume.
As my job revolves around search engines this is a huge problem. Are there any experts on yet who can look at my log please?

Really appreciate your hard work on this :wink:

Are there any experts on yet who can look at my log please?
remeber we are not all in same time sone.....and essexboy usually arrive here late UK time

OK lets kill that now

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

[*]Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL [2012/03/28 13:34:40 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Ispeaw [2012/03/28 13:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Tayccy [2012/03/28 13:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Rageaf

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks for the reply. I’ve downloaded TDSSkiller but it won’t run. Have tried double clickeing, right click open, right click run as admin…

OK this is where it will now become a little complex
Will you be able to burn a CD on another computer ?

We will take it in baby steps

Go start and in the search box copy/paste

Diskmgmt.msc

Click the file that appears

The following window will appear
Ensure that all drives are visible
Then take a screenshot
Post the capture as an attachment

a) I can’t burn a CD on another computer today. Have an external cd burner I can connect to hubby’s notebook but it’s at work.

b)
screenshot requested