Alureon-M[rtk]

hello support,
SOS!!

MBR rootkit

Alureon-M[rtk]

I need instructions on how to remove

thanks,

craig

we do that in the virus and worms forum section :wink: http://forum.avast.com/index.php?board=4.0

Follow this guide and attach logs from malwarebytes quick scan / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

it may take several hours before any of the removal specialists arrive…so be patient

thanks for the reply and direction.

craig

hello support,

i am trying to run in safe mode but aswMBR keeps crashing.

i shows the Alureon-M in the boot record but when scanning further it stops.

thanks,

craig

just attach the logs you are able to and Essexboy will help you when he arrive

Try running aswMBR again but Select ‘None’ in the AV Scan: drop down list.

Hi there are two things you could try for me

First :

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

[*]Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.

Then :

Go start > Run
Type diskmgmt.msc
The disc management console will open
Ensure that all drives are visible by expanding the view
Take a screenshot and attach to your next post

@ essexboy
We are getting some duplication of effort here (by essexboy and others) as zpupster has two topics on the go, this one and one in the viruses and worms forum, http://forum.avast.com/index.php?topic=96755.0 with all of the logs.

Ah did not check the names - unsubscribing from this ;D