Hi everyone, first post and I have a tough one. My daughter’s netbook has picked up Cloud AV with some kind of rootkit on board (possibly Alureon?) The netbook is a Dell running Windows XP. Like others have reported, the minute the computer boots, the virus takes over and starts reporting all kinds of fake infections. Can’t do anything else, no internet access including no safe mode with networking.
Avast was updated but didn’t catch it, Malwarebytes was installed on the computer but was a couple of months out of date. I haven’t found a way to update MBAM yet - through a google search I found info about doing some kind of manual update from a flash drive but the site with the update download seemed scary to me and I didn’t want to download anything as I couldn’t find any info about it at the actual MBAM site.
In safe mode, I tried running the Kaspersky TDSS killer from a flash drive, it didn’t detect anything or I didn’t do it right. I also ran a portable version of SuperAntiSpyware, no luck there, it also didn’t detect anything. If I leave safe mode, the virus kills all attempts to run or update antivirus utilities. So… I’ve got a flash drive, no CD drive even, and need help! Is it a hopeless case? Any guidance would be greatly appreciated.
Update before I give up and turn in for the night… hardwire connection didn’t help, still no safe mode with networking. Ran Kaspursky Virus Tool, which caught and cleaned one thing but ultimately didn’t help much. Ran RKill which found nothing, checked for Proxy Server but that doesn’t seem to be happening.
I’ll follow the rest of the instructions as I can get to it tomorrow and post the logs - if anyone knows a way to update MBAM from a flash drive please let me know.
Hi, one more update and then I really am going to bed. On this particular netbook, Cloud AV hid itself in the windows/system32 folder, (who knows if it’s the same every time). I noticed this while running another useless scan with some tool I downloaded. So… came out of safe mode, killed Cloud AV’s process in task manager. Went to system32 and deleted the clearly labelled .exe file. Did a system restore back to a date about two weeks ago, got internet access back in IE at least. Had to uninstall and reinstall MBAM as there were files missing/corrupted, now the update is finished, scan is running, we’ll see what it turns up. My Avast is functional again and updated. Firefox and Chrome are completely corrupted - I’m going to have to dump them and re-install. I’m hoping to be through the worst of it now but we’ll see. Just thought I’d post the info for anyone else suffering from this crazy thing.
