Hi all,

First post here, and what a doozy of a virus my brand new system has picked up - the Win64 Alureon B@mbr. It seemed to have been gotten rid of by Avast (although in Safe Mode, I had to just delete it, as when I selected the Move to Chest option, it wouldn’t start up - might this be to do with the fact that it appears to be running in demo in Safe Mode, even though I renewed my licence recently?), and I used MBAM and OTP afterwards to see if anything was turned up, but looking at these threads, I was just waiting for it re-occur…I turn my PC on this morning, and it has.

I’ve currently sitting in Safe Mode. Slightly worryingly, MBAM turns up nothing (and I’ve no idea how to read OTP’s results ). Avast, however, has now picked up a new variant: Win64:Alureon-C [Trj] . I tried moving it to the virus chest, but as last time, got this message: Virus Chest Server not running. RPC communication failed. Even thought I’ve deleted it again, I suspect a new variant will be back soon, and so on and so on. Dear me, what a mess.

I’m a newcomer to dealing with malware, so let me know if I’ve neglected to mention anything obvious! I’ve attached the log from MBAM, but the OTS one proved to be too big, so here it is linked from my own webspace: http://nickparton.co.uk/misc/

Cheers,

Nick

welcome to the forum. lets hope someone check your log there I’m no expert on them.
but i could recommend you to do a boot scan sens you report avast is detected malware but unable to do anything with them.

http://www.schmahl.net/avastbootscan.php

then meaby a scan with superantispyware could work as a second opion.

http://www.superantispyware.com/

good luck and let us know on the progress.

The log you saved ( linked to ) is saved in Unicode so it looks like chines gibbely gobbel, you need to save it in ANSI

@mikaelrask - hiya, and cheers for the advice. Don’t know why I didn’t think of the boot scan! Duh.

Aha, I see - thanks for the heads-up. I resaved it out as ANSI, so I hope that will do the job.

Hi you have Avast 4.8 and that is not man enough for the MBR variants. So an upgrade to V6 is highly recommended

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr1.gif

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr2.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

Hi,thanks for the reply and help - this is definitely not my area of expertise! I ran MBR, and the scan results are attached.

Also, I only paid for renewal of my licence in January this year, and V6 came out in Feb - is the upgrade free, or not? Slightly confused…

Yes, it’s free.
asyn

Whoops, forget that last bit - I forgot to install the licence renewal update, and now I have, it’s given me Avast 6.0.1000! Hurrah and all that

Cheers, looks like I found out just at the right time!

Hurrah.
asyn

OK lets give GMERS tool a run at this

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button

http://i1224.photobucket.com/albums/ee362/Essexboy3/ASWMbr1.gif

Save the log as before and post in your next reply

Well, I’ve run MBA, and am back in normal startup without a bluescreen yet, so it looks hopeful! Log attached…

That looks good - I will need just one more ASWMbr scan to confirm that you are clear… Any other problems ?

Not so far - been running through the range of apps I have, and nothing’s gone awry yet. Fingers crossed it stays that way!

OK lets call you fixed

Run OTS and hit the cleanup button - poof its gone ;D

Delete aswmbr from the desktop along with the logs

OTS showed no other malware

Ruddy awesome. Thanks to everyone for their help and advice - especially Essexboy, of course! I genuinely appreciate the assistance in digging myself out of this largely self-inflicted hole. Hopefully, I can pass the favour on at some point. Other than an issue with Avast that I think I’ve found an existing thread to help me with, I think I’m all clear…

Cheers!

Nick

Glad to hear - do you have V6 now ?

Yep cheers, got that sorted!