Infected with MBR:Alureon-K

Avast detects MBR:Alureon-K in Partition2.

I’ve run Malwarebytes. Here is the report:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versión de la Base de Datos: v2012.05.21.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
vrgeu52 :: GAP1826 [administrador]

21/05/2012 20:19:31
mbam-log-2012-05-21 (20-19-31).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 319506
Tiempo transcurrido: 10 minuto(s), 7 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 4
C:\Documents and Settings\vrgeu52\Mis documentos\Downloads\details.exe (PUP.BundleInstaller.OI) → En cuarentena y eliminado con éxito.
C:\Documents and Settings\vrgeu52\Mis documentos\Downloads\SoftonicDownloader_para_angry-ip-scanner.exe (PUP.OfferBundler.ST) → En cuarentena y eliminado con éxito.
C:\Documents and Settings\vrgeu52\Mis documentos\Downloads\SoftonicDownloader_para_mini-cad-viewer.exe (PUP.ToolbarDownloader) → En cuarentena y eliminado con éxito.
C:\Documents and Settings\vrgeu52\Mis documentos\Downloads\SoftonicDownloader_para_rmprepusb.exe (PUP.BundleOffer.Downloader.S) → En cuarentena y eliminado con éxito.

fin)

I’ve run OTL.exe. OTL.txt and Extras.txt ara attached to the post.

aswMBR.exe does not run.

RogueKiller starts but does not end.

Please, help me.

Thanks.

Finally RogueKiller ended.

The reports are attached.

One more from RogueKiller

Hi,

Please download TDSSKiller.zip

[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan

[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)

Hi.

Now, at start up, I get the message:

INVALID BOOT.INI FILE
INICIANDO C:\WINDOWS\

Could anyone help me?

Thanks

Jeffce is helping you… also consider that we are not all in same timezone… Jeffce is on US time and he also have a life beside helping here
so…just be patient and he will be back :wink:

+1
Also see his sig…! :wink:

Sorry.

I´ll wait him.

Thanks.

Sorry for the delay. I appreciate your patience…I have had mandatory training for work this week and hours are really crazy!!

Ok…aswMBR will not run. TDSSKiller won’t run…

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?

I can’t boot the computer,

INVALID BOOT.INI FILE
INICIANDO C:\WINDOWS\

so I can’t run diskmgmt.msc

Yes, I can burn a CD on another computer.

Hi,

We need to boot into the Recovery Console.

Please do the following:

[*]Restart your computer
[*]Before Windows loads, you will be prompted to choose which Operating System to start
[*]Use the up and down arrow key to select Microsoft Windows Recovery Console
[*]You must enter which Windows installation to log onto. Type 1 and press enter.
[*]At the C:\Windows prompt, type the following bolded text, and press Enter:

CHKDSK /r

This will check for bad sectors on your harddrive and recover the data if possible.

Let me know how this goes and if you are now able to boot normally.

Hi.

The computer does not boot from HD.

From Cd, Recovery Console. I run chkdsk and I get the mesagge:

El volumen parece contener uno o más problemas irrecuperables.

I run Dir and I get

Error durante la enumeración de directorios

I run Bootcfg /scan and I get

Error: no se puede comprobar satisfactoriamente los discos para las instalaciones de windows. Es posible que este error esté causado por un sistema de archivos dañado, que impedirá que se comprueb Bootcfg satisfactoriamente. Use Chkdsk para detectar cualquier error en disco.

This problem starts just after complete TDSSKiller.exe and restart.

Saludos.

I tried with Testdisk and finally it boots.

Here is the report of TDSSKiller.exe

Great Job!

Run TDSSKiller and when you see this >> \Device\Harddisk0\DR0 ( TDSS File System ) be sure to delete it. Attach the new log made by TDSSKiller. :slight_smile:

Here is the report

Now I will reboot

The system reboots, but Avast finds:

MBR:Alureon-K in Partition2.

Hi,

Just so you know, we are dealing with quite a nasty infection and this may take a bit of time to completely clear out, but you are doing great!

You mentioned earlier that aswMBR.exe would not run. Try and give that a run again and if the log is produced please attach that.

It run.

Here is the log

Hi,

Copy aswMBR to your root drive i.e. C:\aswMBR.exe
Click Start > Run
Copy/paste the following command into the box and press enter

aswMBR.exe -ap 1

Once it has completed then reboot and re-run aswMBR and post the log here