Hello, I am trying to clean a computer belonging to my niece. There was no anti-virus software installed on it. It was continually locking up, would not connect to the internet or would try to redirect to another site, would not allow Task Manager to run at times, and would frequently try to run checkdisk at startup.
I was able to install Avast and MBAM by downloading through another computer (they scanned and found nothing). I removed a lot of the issues by uninstalling programs and disabling others, but not the internet related issues. It had a Windows 7 upgrade and I ended up reinstalling Vista (no Windows 7 upgrade disk available). The problems seemed to go, but reappeared when I starting downloading Window updates for Vista.
Avast was blocking multiple attempts to connect to “http://26714.t.c.adlinker.net/” but finding nothing with full scans.
I eventually downloaded and installed Windows Security Essentials using another computer. MSE found “virus: Win32/Aluren.gen!B”, but was unable to successfully remove it (advised “Partially Removed”). It suggested Defender Offline. I installed that using another computer and it located “Trojan: DOS/Alureon.J” and Items: “boot\.\PHYSICALDRIVE0\Partition0 (Type00)” and “http//go.microsoft.com/fwlink/?linked=142185&name=Trojan: DOS/Alureon.J&threatid=2147658331”. Defender was unable to successfully remove and had an “Error Code 0X8007065b. Function failed during execution.”
I also used Microsoft Safety Scanner and had similar results.
There is also an item that appears in the drop down menu in the box located at the top of computer windows (the place where you select what area you want to go to in the computer or where you want items saved). That item is “http://go.microsoft/fwlink/?LinkId=69157”.
The computer has been able to install Windows updates, but not Security Essential updates or Defender Definition updates.
I have tried to follow the forum instructions by downloading the listed tools and other tools found in different threads. I have done this through another computer.
I am attaching the log reports.
I was also wondering if the virus is successfully removed, then is there a way for me to revert the computer back to the Windows 7 upgrade (I do not have an upgrade disk, but was curious if something was stored on the drive that would allow this)?
Execute TDSSKiller.exe by doubleclicking on it. Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.
[*]Under Additional options check the boxes next to: - Verify Driver Digital Signature; - Detect TDLFS file system - Use KSN to scan objects
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Execute TDSSKiller.exe by doubleclicking on it. Confirm “End user Licence Agreement” and “KSN Statement” dialog box by clicking on Accept button.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
Then…
Please download ComboFix by sUBsfrom here and save it to your Desktop. If you are unsure how ComboFix works please read this guide carefully. note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix. If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon ( http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
It looks good. Microsoft security updates are installing now. Computer is running much faster.
As mentioned, I rolled back the operating system from a Windows 7 upgrade to Vista (I had a Vista install disc for the computer, but do not have the Windows 7 upgrade disc). Is there a way for me to go back to Windows 7 without a disc (previous Windows version stored on the hard drive?) or am I out of luck?
Also, I have been using Avast and recommending it to friends and family for years, but never been to the forum. I wish I would have thought to check here a few weeks ago and saved myself a lot of time. What you do is awesome. My niece was thinking she would be out a few hundred dollars for a new computer.
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt) Note: The report will also be stored on C:\DelFix.txt