hi there i am having a problem with this virus Win32:Alureon-EC [Rtk]

hi there i am having a problem with this virus Win32:Alureon-EC [Rtk] when i clicked Delete i thought is what deleteted but when I checked results of scan it was still there when i deleted it again it said : An error has occured during the processing of 1 result i tried repair but it pops up the same text again and again plss help me with this

and i have another
question what does this virus do? is it Harmful?

tnx for listening :-\

welcome to the forum.

a bit short on information there at first.

what os you using?
what version of avast you using?

what is the file name of the malware that is flagged by avast?

i would suggest you do a boot scan with avast and send what it finds to the chest.

and also do a scan with malwarebytes antimalware for a second opion.

http://www.filehippo.com/download_malwarebytes_anti_malware/

http://www.schmahl.net/avastbootscan.php- instruction for a boot scan. page is showing instruction for avast 5 but there is a link in the text where you can get instruction how to do it in the new version 6 there to.

good luck and let us know on the progress or if you need more help from us.

tnx for replying to me i can’t seem to put it to my chest it always says: An error occured during the process of 1 result and i am using
Avast 4.8

and when i scan using avast its always Win32:Alureon-EC [Rtk]
i dont know why anti malware did’nt find it and avst says its an Infection

Here is the result of Anti malware bytes it did’nt caught anything

Malwarebytes’ Anti-Malware 1.41
Database version: 3009
Windows 6.0.6001 Service Pack 1

5/28/2011 4:19:11 PM
mbam-log-2011-05-28 (16-19-11).txt

Scan type: Quick Scan
Objects scanned: 68
Time elapsed: 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.

Follow the directions for obtaining the OTS logs (save them as ANSI and not Unicode). Post the OTS log as an attachment (Additional Options > Attach > Post).

I am going to refer you to our Certified Malware expert, named Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time during the weekday. He will respond to you in this thread, so remember to check this thread daily.

Please do not make any further changes to your machine after you have provided the log.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc. if possible.

Let me know if you have any questions. Thank you.

Edit: Essexboy has been notified.

Your MBAM database is very old.Update it and then scan your PC.

Alurion suggests MBR

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the “Scan” button to start scan

http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

Does this mean my computer is safe I scande through all files everything so am i free of viruses?

and it still did’nt caught
Win32:Alureon-EC [Rtk]

Malwarebytes’ Anti-Malware 1.41
Database version: 3009
Windows 6.0.6001 Service Pack 1

10/22/2009 2:55:23 PM
mbam-log-2009-10-22 (14-55-23).txt

Scan type: Quick Scan
Objects scanned: 90527
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AlphaAV (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\AlphaAV (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\AlphaAV (Rogue.AlphaAV) → Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\msnaoladdon.dll (Trojan.BHO.H) → Quarantined and deleted successfully.
C:\Program Files\AlphaAV\AlphaAV.exe (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\Program Files\Common Files\Uninstall\AlphaAV\Uninstall.lnk (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\AlphaAV\Alpha Antivirus.lnk (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\AlphaAV\Uninstall.lnk (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\Users\user\Desktop\Alpha Antivirus.lnk (Rogue.AlphaAV) → Quarantined and deleted successfully.
C:\Windows\System32\drivers\UACd.sys (Trojan.Agent) → Quarantined and deleted successfully.

Are you sure aswMBR.exe is safe when i searched a website said that aswMBR.exe is not safe and the virus type is Malware

here are my other Questions

Q. plz check my other result are the viruses that have been cleaned harmful??

plus did it really delete Trojan.BHO.H i know it is very harmful so was it deleted permanently?

Q. my Computer restarts and hangs when i start it in the morning or when it was shut down for a long time how can i fix it

Q. and i got an error about weeks ago that some unkown app. is trying to change starup engine but it did’nt and that something is tricking firefox to update?

It is made by Avast - so I would guess it is safe ;D

It was probably a forum to confuse people
Possibly put up to prevent people of using aswmbr
Btw i used it too and with its help i got rid of such an
alureon rootkit
Give it a try ;D

Also a virus can’t be type malware all virusses are malware

here is the scan of aswMBR

aswMBR version 0.9.5.317 Copyright(c) 2011 AVAST Software
Run date: 2011-05-29 10:14:16

10:14:16.701 OS Version: Windows 6.0.6001 Service Pack 1
10:14:16.701 Number of processors: 2 586 0xF0D
10:14:16.703 ComputerName: USER-PC UserName: user
10:14:17.460 Initialize success
10:14:20.719 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
10:14:20.723 Disk 0 Vendor: ST3250310AS 3.AHC Size: 238475MB BusType: 3
10:14:22.745 Disk 0 MBR read successfully
10:14:22.748 Disk 0 MBR scan
10:14:22.752 Disk 0 unknown MBR code
10:14:24.762 Disk 0 scanning sectors +488391120
10:14:24.790 Disk 0 scanning C:\Windows\system32\drivers
10:14:29.258 Service scanning
10:14:30.750 Disk 0 trace - called modules:
10:14:30.766 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8560a1f8]<<
10:14:30.770 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x85feaac8]
10:14:30.775 3 CLASSPNP.SYS[88ba6745] → nt!IofCallDriver → [0x85660918]
10:14:30.779 5 acpi.sys[807b56a0] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0x8564cba0]
10:14:30.784 \Driver\atapi[0x85648cd8] → IRP_MJ_CREATE → 0x8560a1f8
10:14:33.131 Unsigned kernel modules:
10:14:33.145 0x82e91000 System32\Drivers\splb.sys
10:14:55.050 Scan finished successfully
10:16:09.464 Disk 0 MBR has been saved successfully to “C:\Users\user\Documents\gboy\MBR.dat”
10:16:09.471 The log file has been saved successfully to “C:\Users\user\Documents\gboy\aswMBR.txt”

Please follow his instructions so he can help remove the infection from your machine. You DO have malware (an infection).

Check the forum at least daily for his post, and otherwise, do not use the infected machine; try to use another machine if possible. Let us know if you have any questions and do not open up another thread about this problem. Thank you.

OK I think I see it

Please read carefully and follow these steps.

[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png

[*]If an infected file is detected, the default action will be Cure, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png

[*]If a suspicious file is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png

[*]It may ask you to reboot the computer to complete the process. Click on Reboot Now.

http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png

[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.

THEN

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

tdss results is to big to post how can i post it without passing the maximum letters?

sorry the tdss killer is to big what can i do to put it in?

You will need to attach the logs using the additional options part of the post

@ Segmentage,

To attach your file in your next post, please see the screen shot that Essexboy posted for you.

In the post page of the forum, click on Additional Options > Attach > Browse (to find where your file is located and insert it in the box to the left) > Post.

Let us know if you have any questions since we are waiting for your reply. Thank you.