Alureon problem

When i turned the computer on it gave me a whole bunch of hard drive errors. it said to run a windows scan then asked me to buy a product. I then decided to look in my start menu to see if something was added and i found:sqoXnmCuXYw.exe I used the avast boot time scan and found alot of stuff I moved them to the chest. When the computer restarted everything on my desktop and in all folders is hidden. I am scared to delete them cause i dont want to lose all the stuff on the computer. Please help!!!

Here is what is in the chest:

Win32:Alureon-ADW [trj]
Win32:Zango-ag [pup]
Win32:Alureon-aef[trj]
Win32:zbot-avh[trj]
Win32:dcom-aa[expl]
KOT
Java:agent-du [expl]
Java:agent-eb [expl]
Java:agent-dr [expl]
Java:agent-gj [expl]
Win32:Morphex[cryp]

These 2 are in c:\documents and settings\all users\application data
sqoXnmCuXYw.exe Win32:Alureon-aef[trj]
trz3D.tmp Win32:Alureon-aef[trj]

if not already done, check your computer with this

Check for malware with this

Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found

post the scan log here

also upload the sqoXnmCuXYw.exe file to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the url in the address bar and post here for us to see

Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6872

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2011 1:20:40 PM
mbam-log-2011-06-18 (13-16-51).txt

Scan type: Full scan (C:|)
Objects scanned: 252360
Time elapsed: 10 hour(s), 42 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 10
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\AppID{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\AppID{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\AppID{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) → No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) → No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) → No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) → No action taken.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) → No action taken.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTDNS_SERVICE (Adware.QuestDns) → No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879027FBD765D573EA897 (Malware.Trace) → Value: SRS_IT_E879027FBD765D573EA897 → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) → Value: ClickPotatoLite@ClickPotatoLite.com → No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) → Bad: (1) Good: (0) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) → Bad: (1) Good: (0) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command(default) (Hijack.StartMenuInternet) → Bad: (“C:\Documents and Settings\jermaine spencer\Local Settings\Application Data\vyq.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”) Good: (iexplore.exe) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) → Bad: (1) Good: (0) → No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) → Bad: (93.188.162.248,93.188.160.58) Good: () → No action taken.

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) → No action taken.
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) → No action taken.
c:\documents and settings\jermaine spencer\application data\clickpotatolite (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) → No action taken.
c:\documents and settings\all users\start menu\Programs\clickpotato (Adware.ClickPotato) → No action taken.

Files Infected:
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy{1df45b0e-36f9-475f-a864-4ab1c4677a96}-xejnaf.exe (Heuristics.Shuriken) → No action taken.
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy{f0b78617-9f77-49fc-8086-735c46d57e14}-xejnaf.exe (Heuristics.Shuriken) → No action taken.
c:\documents and settings\jermaine spencer\favorites\free porn videos & pussy movies- sex videos, porno, porn tube, xxx and pussy porn…url (Rogue.Link) → No action taken.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) → No action taken.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) → No action taken.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) → No action taken.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) → No action taken.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf_update.dat (Adware.ClickPotato) → No action taken.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) → No action taken.

your Malwarebytes was not updated when you scanned ( Database version: 6872 ) latest is 6888

your log say “NO ACTION TAKEN” you need to click the remove selected button after scan to quarantine the infections…

update Malwarebytes and run a quick scan and click “remove selected” button…

post new log

Sorry having trouble find the logs as alot of the stuff is hidden on the computer. These viruses hide the desktop items it wont let me search anything and it shows the c drive as empty. I also cant see any programs unless I go to delete them. I copied the wrong log. I just updated and I am rescanning again.

www.malwarebytes.org

Database version: 6872

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2011 1:22:59 PM
mbam-log-2011-06-18 (13-22-59).txt

Scan type: Full scan (C:|)
Objects scanned: 252360
Time elapsed: 10 hour(s), 42 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 10
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTDNS_SERVICE (Adware.QuestDns) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E879027FBD765D573EA897 (Malware.Trace) → Value: SRS_IT_E879027FBD765D573EA897 → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) → Value: ClickPotatoLite@ClickPotatoLite.com → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command(default) (Hijack.StartMenuInternet) → Bad: (“C:\Documents and Settings\jermaine spencer\Local Settings\Application Data\vyq.exe” -a “C:\Program Files\Internet Explorer\iexplore.exe”) Good: (iexplore.exe) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) → Bad: (93.188.162.248,93.188.160.58) Good: () → Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\jermaine spencer\application data\clickpotatolite (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0 (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\clickpotato (Adware.ClickPotato) → Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy{1df45b0e-36f9-475f-a864-4ab1c4677a96}-xejnaf.exe (Heuristics.Shuriken) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy{f0b78617-9f77-49fc-8086-735c46d57e14}-xejnaf.exe (Heuristics.Shuriken) → Quarantined and deleted successfully.
c:\documents and settings\jermaine spencer\favorites\free porn videos & pussy movies- sex videos, porno, porn tube, xxx and pussy porn…url (Rogue.Link) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\documents and settings\all users\application data\clickpotatolitesa\clickpotatolitesa_kyf_update.dat (Adware.ClickPotato) → Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) → Quarantined and deleted successfully.

Malwarebytes’ Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6888

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2011 4:39:51 PM
mbam-log-2011-06-18 (16-39-51).txt

Scan type: Full scan (C:|)
Objects scanned: 252513
Time elapsed: 1 hour(s), 36 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

not necessary to run full scan as the quick scan will find and remove over 99% of what MBAM is able to detect
http://forums.malwarebytes.org/index.php?showtopic=10405

anyway is your problem gone ?

Actually I found a problem. I have a windows alert that says I need to turn on my automatic updates. When I click on it it wont turn on and gives me a message to turn it on manually through the control panel. When I go to the control panel it is already on. I dont know whats going on.