MRB: \\.\PHYSICALDRIVE0\Partition4 / MBR:Alureon-K Please Help!

Hi,

I’ve discovered on my dad’s computer the MBR:Alureon-K rootkit. I’ve attempted to delete it via Avast a number of times but on every reboot of the computer Avast re-detects it again. How can I successfully remove this malware infection and has it potentially compromised my dad’s computer for good? I read on another thread from another site that the best solution was to reformat the hard disk!

Thanks.

attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done removal experts will be notified and help you…

If it is on partition 4 do you have an operating system on that one ?

I’ve now attached the requested logs for AdwCleaner / Malwarebytes / OTL / aswMBR.

I don’t believe the operating system is on partition 4. I’ll attach an image of the partitions on the drive in a moment.

An image of the HD partitions.

Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065
This is the bad boy looks like the installation failed

To remove it go to disc management
Right click the 2Mb partition
Select delete

Then re-run AswMBR please and post that log

Ok, I have now removed the 2MB partition and re-run AswMBR. Have attached the log.

Any further problems ?

That looks to have done the trick. Thanks!

Run OTL and press the cleanup button
Run AdwCleaner and press uninstall
Delete AswMBR from the desktop

Keep safe now :slight_smile: