Help with Disk 0 partition 4 Infected MBR:Alureon-K [Rtk]

Hi First time I have signed up and i am having allot of problems with my Dell Inspiron mini 1018.
I can’t seem to run many programmes with an error message 'the application was unable to start correctly (0xc0000005)
Malware bytes isn’t finding anything.

my aswmbr log is:
aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 13:51:15

13:51:15.268 OS Version: Windows 6.1.7601 Service Pack 1
13:51:15.268 Number of processors: 2 586 0x1C0A
13:51:15.284 ComputerName: JIMMYS-PC UserName: Jimmy
13:51:17.443 Initialize success
13:51:20.878 AVAST engine defs: 12021800
13:52:18.123 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
13:52:18.131 Disk 0 Vendor: ST9250315AS D005DEM1 Size: 238475MB BusType: 11
13:52:18.162 Disk 0 MBR read successfully
13:52:18.171 Disk 0 MBR scan
13:52:18.750 Disk 0 Windows 7 default MBR code
13:52:18.773 Disk 0 MBR hidden
13:52:18.800 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
13:52:19.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 206848
13:52:19.876 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228373 MB offset 20686848
13:52:19.948 Disk 0 Partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 0 MB offset 488395120
13:52:20.096 Disk 0 Partition 4 INFECTED MBR:Alureon-K [Rtk]
13:52:20.121 Disk 0 scanning sectors +488397152
13:52:20.664 Disk 0 scanning C:\Windows\system32\drivers
13:52:44.000 Service scanning
13:53:15.630 Modules scanning
13:53:26.999 Disk 0 trace - called modules:
13:53:27.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8495dfa9]<<
13:53:27.054 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x84946ac8]
13:53:27.073 3 CLASSPNP.SYS[86d9e59e] → nt!IofCallDriver → [0x84945558]
13:53:27.105 \Driver\PCTCore[0x84862df8] → IRP_MJ_INTERNAL_DEVICE_CONTROL → 0x8495dfa9
13:53:28.208 AVAST engine scan C:\Windows
13:53:31.359 AVAST engine scan C:\Windows\system32
13:56:51.816 AVAST engine scan C:\Windows\system32\drivers
13:57:09.269 AVAST engine scan C:\Users\Jimmy
14:00:37.058 AVAST engine scan C:\ProgramData
14:01:45.038 Scan finished successfully
14:02:06.928 Disk 0 MBR has been saved successfully to “C:\Users\Jimmy\Desktop\MBR.dat”
14:02:06.947 The log file has been saved successfully to “C:\Users\Jimmy\Desktop\aswMBR.txt”

Thank you for taking a look

Follow the guide and attach OTL logs
http://forum.avast.com/index.php?topic=53253.0

Prior to the log run lets kill this meanie first

Run an elevated command prompt :

Go start > all programmes > accessories
Right click command prompt and select run as administrator
Type in the following command

aswMBR.exe -ap 1

Ensure the spaces are in the right place

aswMBR.exe(space) -ap(space) 1

When AswMBR has finished then reboot and rerun aswMBR scan

okay thanks for the quick replys, i’ve tried doing the command prompt and getting a message
‘aswMBR.exe’ is not a recogized as internal or external command operable program or batch file’

Is aswMBR on the desktop ?
Did you type the full command
If so then download a fresh copy and retry
If not then move to the desktop

aswMBR is on the desktop, and a new copy has been downloaded too and i am still recieving the save message, I typed everything correctly just as you said

OK a new one - I will see if I can find the dropper when we get to the OTL logs

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

[*]Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste its contents on your next reply.

Thank you for that, But My laptop doesn’t seem to TDSSkiller, I’m not getting any error messages i’ve tried opening as admin and nothing loads up, I’ve tried opening TDSSkiller in safe mode too but nothing appears?

OK looks like the latest variant

Do you have a cd to create a system repair disc ?

Is the computer 64 or 32 bit

What Startup Repair is capable of can be read in this Microsoft Article.

You may need to Add The Run… Box For Windows 7 for the below…

However, you can also open the Run… box via depressing both the Windows key and R together.


Create a Windows 7 System Repair Disc:

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

[*]Click on Start(Windows 7 Orb) >> Run…, then copy/paste the following command into the box and click on OK:

recdisc.exe 

[*]Allow the UAC(User Account Control) prompt via selecting Yes.
[*]You should now see a menu like the below:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/WTSRD1.gif

[*]Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.

A blank CD/R or DVD/R can be used also…

[*]Note: If a AutoPlay window pops up, just close it.
[*]When the SRD has been created you will see similar to the below:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/WTSRD2.gif

[*]Now click on Close >> OK.
[*]You now have a Windows 7 System Repair Disc.

Please note: The above can be created with either a 32 or 64 bit Operating System. However the disks are not interchangeable…IE a 32 bit Startup Repair Disk cannot be used on a 64 bit Operating System and vice versa otherwise damage may be caused rather than any actual repairs implemented.

The differences between the aforementioned can be read in this Microsoft Article:-

32-bit and 64-bit Windows: frequently asked questions

Okay the laptop is 32 bit,
It Does not have a cd drive, but i have a usb powered cd/dvd writer which i can make the repair disk, I shall do this right now and let you know onces its done, thank you for helping me.

okay the system repair disk for 32bit has now been made.

OK once that has been made we will need to create a Linux disc part to enable the removal of the bad partition

I will give the instructions for that now

I need you to download:
gparted-live-0.11.0-7.iso (115.1 MB)

Create a bootable USB for Gparted from the ISO images. You can use UnetBootin do this.

Create a bootable CD You can use ImgBurn do this.


http://img829.imageshack.us/img829/5772/gpartedsplash.th.png

You should be here…
Press ENTER


http://img5.imageshack.us/img5/7286/gpartedkeymaps.th.png

By default, “do not touch keymap” is highlighted. Leave this setting alone and just press ENTER.


http://img404.imageshack.us/img404/9840/gpartedlanguage.th.png

Choose your language and press ENTER. English is default [33]


http://img140.imageshack.us/img140/7958/gpartedgui.th.png

Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below

http://img32.imageshack.us/img32/1122/gpartedo.th.png

According to your logs, the partition that you want to delete is 1MB
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:

http://img233.imageshack.us/img233/1533/gpartedsteps.th.png

Now you should be here:

http://img696.imageshack.us/img696/8471/gpartedsuccessclose.th.png


http://img194.imageshack.us/img194/7753/gpartedboot.th.png

Is “boot” next to your OS drive?

If “boot” is not next to your OS drive under “Flags”, right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:

http://img196.imageshack.us/img196/3483/gpartedmanageflagsboot.th.png

Now double-click the
http://img822.imageshack.us/img822/641/gpartedexit.png
button.

You should receive a small pop up like this:

http://img88.imageshack.us/img88/8986/gpartedexitreboot.png

Choose reboot and then press OK.

Now reboot from the Windows 7 Recovery Environment CD and execute the following commands:

[]bootrec /FixMbr
[
]bootrec /FixBoot
[*]exit

Once back in Windows.

Re-Run aswMBR and post the log