I posted a topic asking for help on the Win32 Alureon virus and I’m not getting any replies here, is there something I’m doing wrong? People are reading the thread but no comments?! I would really appreciate some feedback here.
Win32/Alureon.gen is a dangerous downloader trojan threat that attacks Windows system processes and prevent access to msconfig and regedit. Win32/Alureon.gen spreads usually through pornographic and gambling related adult web sites, SPAM e-mail attachments and suspicious file sharing downloads. In addition to installing other infections, Win32/Alureon.gen may also download corrupt boot.com files and updated itself. The Win32/Alureon.gen is a malicious trojan downloader that can seriously harm your system files and pc hardware!
There is a lot of info on the web, never had that one. Is Avast finding it for you?? First thing I would do is to go to system in windows under advanced, change you setting from DEP for window functions to DEP for all programs. This will control file replication. I recommend you run Avast boot program you the next time you boot up Avast will scan your hard drive before windows is running. Let me know what happens, and I will try to help you.
Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php
Do that first and get a boot scan
Seems your original thread is having good help provided, now.
I think maybe the average users (self included) here were probably a bit intimidated by the size of the logfile.
Nothing wrong with posting a log like that, but normally a user would wait until one was solicited by someone who knows what to do about them.
One of the problems of that particular log is that there are very few people on the forums familiar with OTL or OTS logfiles.
So it actually need to get discovered by one such person to be able to interpret it and offer advice, fortunately that has now happened.
Hi DavidR,
Yes these are very specific anti-malware forensic tools from which eliminating scripts are being brewed up.
“Merlin is stirring all the while”. And the tools are not always available for all types of malware or sometimes must be temporarily retracted, because they are under threat in the endless game of malcode between malcreants to infect and eliminators to eliminate. At the moment ComboScript was torpedoed by the latest vundo rootkit and running it would have damaged the OS beyond repair. But a new ComboScript will appear and when ComboScript has had its days like HJT then some new developer’s tool will certainly appear.
But there is a whole variety of tools, some are lesser known as the VBS script SilentRunners, dotomyco, well recent development of hijacking critical windows processes (atapi.sys for instance) and hooking them with a rootkit and running anti-malware tools into the ground.
There are also easy ways to do this if one has a decent clean recent back-up or getting a slave into another computer, some info gets specific total recall: with an image at hand - it is a question of remove harddisk, hang unto the image system, image unto it, hard disk back into the machine, and ready to boot up…after closing Windows XP- the image loader starts to work and will copy itself to the master boot by starting up - some do this every day…
It is an endless chessgame in which essexboy and oldman are important players hopping from forum to forum when PM-ed to do their White Knight eliminating activities, they earned a big thank-you from many here,
polonus