Having fun with the (in)famous Alureon-K (ARGH!!)

Hi (trying again)…

I’ve had my fun today, starting of with a go on the Smart HDD, and now when it’s gone I’m enjoying the Alureon-K, that I can’t get rid of…
Some time ago I could see an extra partition of my HD, but now it seems gone…
So now for the results of the danish votes (of MBAM, OTL, FSS and discmgmt (or whatever it was called))…
Hopefully you can help me get rid of Alureon-K…

I can’t get the aswMBR running… When I start it (as admin) it starts up a process, and teminates right after…

Not enough room for the discmgmt (or whatever)… So here it comes…

Still trying to find solutions (apart from throwing the computer out the window!)…
So now I have som RogueKiller-Reports…

I’ve noticed, that I do get som strange pages (when clicking) when I seach the internet… Hopefully it goes away with the RogueKiller…

(And now my post is back at the top… Maybe getting some nice assistance… :wink: )

Essexboy is on UK time…and in bed now…
so unless jeffce or Oldman should arrive, you have to wait untill tomorrow night :wink:

Actually this is DK-time, and we’re one hour ahead of UK… :stuck_out_tongue:
Maybe I should go to bed as well… Stupid computer…
BTW, I’ve found the missing partition (again), but it will not let me remove it (so new picture with partition… somthing with an I/O-error… Wish I could get the aswMBR running… Any ideas… I’ve got Win7…

Actually this is DK-time, and we're one hour ahead of UK..
Vel..... Essexboy liker og legge seg rund midnatt.....mannen kan ikke være her 24 timer i døgnet. ;D

Well the problem with internet-misdirections solved temporary by re-installing google-search-engine, but its back again… Can still se the extra partition, but can not do anything about it, and aswMBR is still not working… It would be nice to make computer safe before going on small trip, leaving computer to girlfriend… :wink:

Hi,
Please download TDSSKiller.zip

[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan

[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)


Good to see you around in my topic… :wink:

I’ve done as told, giving this info… Though I have a feeling, that I should have closed my virus-program when running the TDS-thingy… It pop-up with 10 warnings (and blocks) when it was finished… Should I have a re-run?`

The log-info is attached, because I’m not allowed to send so many chars.

Hi,

I meant for you to attach the logs. Please attach all logs that way you don’t have to worry about the number of characters.

Run TDSSKiller again and delete the following:

\Device\Harddisk0\DR0 ( TDSS File System )

Attach the new log to your next reply.

Sorry, I’ve been on a short “vacation”, but I’m back now… Let’s get this thing done with… :wink:

I’ve run the TDSSKiller again and attached the log. But I have no idea about the:

and delete the following:

\Device\Harddisk0\DR0 ( TDSS File System )

Where? How? What do you mean?

PS: Thank you so much for taking time to help me out here… :slight_smile:

Hi,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop


IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here


Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please attach the C:\ComboFix.txt for further review.


I’m back, with the file ComboFix made for me… but…
I’m now on another computer, since I can’t start any programs (at least the browsers I tried). Everytime I try start something, it says something (in danish) about illegal action on a registration key, that are marked for deleting…? (Not very comforting…)

Please reboot to release the registry keys

Hi Jeff ;D

Ahh… much better! :slight_smile:
How much can I use my computer now… is it still infected?

Hi,

Thanks Essexboy for catching that while I was away. :smiley:

Let me look over the logs and get back with you. :slight_smile:

Hi,

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

DDS::
uStart Page = hxxp://www.dr.dk/nyheder/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: bygkorsager.dk\webc
Trusted Zone: daonet.dk
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.bygkorsager.dk/auth/controls/IlosoftImageUpload.dll

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Attach the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

Open Malwarebytes, update it and run a Quick Scan. Save the log created for your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

[*]Please go here then click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

[*]

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

[*]Select the option YES, I accept the Terms of Use then click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif

[*]When prompted allow the Add-On/Active X to install.
[*]Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
[*]Now click on Advanced Settings and select the following:

[*]Scan for potentially unwanted applications
[*]Scan for potentially unsafe applications
[*]Enable Anti-Stealth Technology

[*]Now click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif

[*]The virus signature database… will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
[*]When completed the Online Scan will begin automatically.
[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
[*]Now click on:
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply please attach the logs made by ComboFix, Malwarebytes and ESET online scanner. :slight_smile:

That ESET-thing took quite a long time… And the percent-counter was not very reliable. Was at 10% a long time, then suddenly at 99% and stayed there in one hour… Not so easy to check if it was finished not touching keyboard and mouse, when screensaver kicked in…
Oh well, here are all the logs… The ESET-log seems rather small, and doesn’t mention the 4 threats it found. So I made another file with those (thinking it was important)…

Hi,

Thanks for getting those logs…

[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

File::
E:\Documents and Settings\Ulrik Thomsen\Application Data\Sun\Java\Deployment\cache\6.0\4\2bc17bc4-1e88f244	
E:\Documents and Settings\Ulrik Thomsen\Application Data\Sun\Java\Deployment\cache\6.0\4\2bc17bc4-7c0364fe	
E:\Documents and Settings\Ulrik Thomsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\SUIXVCGQ\facebook2005_blogspot_com[1].htm	
G:\program_install\installer_guitar_pro.exe

[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Attach the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.

In your next reply please attach the ComboFix log and let me know how your system is running.

Back again… The computer seems to run fine, but I thought so after the first program had removed the ekstra HD-partition, so I don’t give so much for that. I haven’t been using the com. so much lately afraid I might start something stupid… My girlfriends hotmail was invaded by some program, and closed by microsoft. The account was spamming, they said… She’s got it back now, but not using my com…
I tried som google-seaching just before, and it doesn’t send me to random pages…
It seems everything is fine…

I renamed the log-file, but didn’t touch anything inside it… :wink: