system
July 20, 2013, 2:07pm
1
Hi,
I’ve discovered on my dad’s computer the MBR:Alureon-K rootkit. I’ve attempted to delete it via Avast a number of times but on every reboot of the computer Avast re-detects it again. How can I successfully remove this malware infection and has it potentially compromised my dad’s computer for good? I read on another thread from another site that the best solution was to reformat the hard disk!
Thanks.
Pondus
July 20, 2013, 2:23pm
2
attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0
run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR
when done removal experts will be notified and help you…
If it is on partition 4 do you have an operating system on that one ?
system
July 20, 2013, 4:46pm
4
I’ve now attached the requested logs for AdwCleaner / Malwarebytes / OTL / aswMBR.
I don’t believe the operating system is on partition 4. I’ll attach an image of the partitions on the drive in a moment.
system
July 20, 2013, 4:47pm
5
An image of the HD partitions.
Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065 This is the bad boy looks like the installation failed
To remove it go to disc management
Right click the 2Mb partition
Select delete
Then re-run AswMBR please and post that log
system
July 20, 2013, 6:00pm
7
Ok, I have now removed the 2MB partition and re-run AswMBR. Have attached the log.
system
July 20, 2013, 8:45pm
9
That looks to have done the trick. Thanks!
Run OTL and press the cleanup button
Run AdwCleaner and press uninstall
Delete AswMBR from the desktop
Keep safe now