I’m using Windows 7and recently reformatted when it was alerted that I was infected with Trojan DOS ALueron E. But despite reformatting the virus is still in existence. Microsoft Safety Scanner only partially removed the virus.
I performed answMBR version0.9.9.168 20ll Avast Software and it detected Disk 0 partition 4 was infected MBR-Alureon-K [rtk]
Service MpNWMon C:\Windows\System32\Drivers\MpNWMon.sys locked 32

Only option here is to fix MBR which Im afraid will compremise my system…so what should I do then?
Unable to run Avast full scan on safe mode (which Im currently on)

This is a new variant of Alureon and one that created its own small partition in order to place the MBR rootkit.

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the logs and attach the logs here, not in the LOGS topic.

Hi thanks for the fast reply…this is the Malwarebytes Anti Malware…report

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
cherwith :: CHERWITH-PC [administrator]

Protection: Enabled

19/2/2012 1:26:06 AM
mbam-log-2012-02-19 (01-26-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180016
Time elapsed: 15 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Monitoring

Sorry did not save it in the right format.re attaching.

Ok attaching the aswMBR log file. What’s next?

I hope all the files attached can be opened. Do I need to run any other test? As I do not think I have a hard drive infection…but I’m not too tech savvy…so I could be wrong…but my files and folders are alright at present. and i only reformatted yesterday so…hardly have any files…on my laptop.

Its…3 am will check back tomorrow…thank u

It seems you are running avast and McAfee ?

never install multiple AV as this can/will create all kind if windows errors and false positive detections

it is recomended to run a removal tool so any leftover files are gone

run and reboot - Uninstallers – Security Software
http://singularlabs.com/uninstallers/security-software/

Ta Pondus saves me saying that

01:47:03.151 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 4 MB offset 976764928 01:47:03.151 Disk 0 Partition 4 **INFECTED** MBR:Alureon-K [Rtk]

Go Start > Run
Type in compmgmt.msc
Select Storage
Select Disc Management
Locate the 4 Mb partion (4)
Right click and select delete
Rerun aswMBR and post the log please

Thanks, have removed one of the anti-virus… and re-run the aswMBR

file is attached.

OK gone ;D

Do you have any other problems ?

At present everything seems to be working fine, I’m going to sleep now its 5 am plus. Will check back tomorrow if there are any issues. Thanks so much truly appreciate you taking the time to help, it is most appreciated, sorry for all the silly questions n installing 2 anti virus in one…op system…good night…i mean good morning.!

OH my gosh…I’ve been working on this Trojan:DOS/Alureon.E virus for DAYS! I’ve tried every thing I’ve found on many forums and the instruction to go into the disk management and delete the partition finally worked. In my case, it was a 1MB partition. Thank you!

@dminor7495 You need to be careful when you delete the partition as when it is active. that is the boot partition