MBR Alureon

Yesterday I got MBR Alureon on my computer. After trying various things to remove it I gave up and booted up on my recovery disc and reformatted and reinstalled from from an image I had on my external drive. The external drive was plugged in the computer when I discovered I had MBR Alureon. One of the effects of Alureon was that all of my directories on my harddrive and on my external drive showed to be empty. I unplugged the external drive, plugged into my son’s laptop and it still showed empty. Panic! But then I discovered they were really there but I just couldn’t see them.

The computer reformatted and restored the image and now all seems to be well and oddly even the external drive is showing all the files now. I am a bit concerned. I don’t know if the external drive had some of the infection and could reinfect me when I used it to reinstall the backup image. Also, I don’t know if the MBR is clean or repaired when you reformat and reinstall.

Also, I don’t understand anything about MBR. I do have a partition drive and Windows 7, 64 bit.

How do I know this thing is really gone? I did an avast full system scan which was clean. I have no pop ups or anything suspicious at this point.

I did not log into any websites while infected but I am still concerned that sensitive info. such as passwords were compromised but I am afraid to log in to sites or change passwords if I might still be infected.

Can someone tell me how to know for certain I am ok now or if you think I am? I don’t understand what was happening with my external drive. Why did it not show directories when plugged into my son’s laptop unless something is infected on it too?

Soon as I feel my computer is clean I will create a new backup but if I am just taking this infection with me that is a waste of time.

I just downloaded and ran a scan from aswMBR. HEre is the log.

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 09:26:10

09:26:10.377 OS Version: Windows x64 6.1.7601 Service Pack 1
09:26:10.377 Number of processors: 4 586 0x170A
09:26:10.378 ComputerName: LINDA-PC UserName: Linda
09:26:11.324 Initialize success
09:26:11.535 AVAST engine defs: 12030800
09:26:31.741 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
09:26:31.753 Disk 0 Vendor: ST3750528AS HP34 Size: 715404MB BusType: 3
09:26:31.767 Disk 0 MBR read successfully
09:26:31.772 Disk 0 MBR scan
09:26:31.778 Disk 0 Windows 7 default MBR code
09:26:31.786 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 90 MB offset 2048
09:26:31.792 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702216 MB offset 192780
09:26:31.825 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13089 MB offset 1438332928
09:26:31.864 Disk 0 scanning C:\Windows\system32\drivers
09:26:39.146 Service scanning
09:26:50.401 Modules scanning
09:26:50.414 Disk 0 trace - called modules:
09:26:50.425 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
09:26:50.806 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8007aa0060]
09:26:50.820 3 CLASSPNP.SYS[fffff8800180143f] → nt!IofCallDriver → [0xfffffa8006990cf0]
09:26:50.833 5 ACPI.sys[fffff88000f0b7a1] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80073ad060]
09:26:51.479 AVAST engine scan C:\Windows
09:26:53.402 AVAST engine scan C:\Windows\system32
09:28:31.391 AVAST engine scan C:\Windows\system32\drivers
09:28:40.214 AVAST engine scan C:\Users\Linda
09:32:00.709 Disk 0 MBR has been saved successfully to “C:\Users\Linda\Downloads\MBR.dat”
09:32:00.729 The log file has been saved successfully to “C:\Users\Linda\Downloads\aswMBR.txt”

Follow this guide and also attach Malwarebytes and OTL logs
http://forum.avast.com/index.php?topic=53253.0

Then one of the malware removers will check it when they arrive