I run Windows XP and use Avast free edition as virus scanner. I did a system restore yesterday due to the fact that I believe I had a browser hijacker and hope to eliminate it. After I did a system restore, browser searching no longer redirected me to other spam/ad sites. However, when I ran a boot and quick scan on Avast, it detected Alureon-c@mbr [Rtk] which appeared to infect the file MBR 0. It appears that I cannot delete it or move it to the virus chest (no action could be applied from the results of the scan log)
I am quite technologically challenged and have no clue what to do.
I would be grateful for any help and thank you for all of that and time (hopefully I won’t eventually have to get my laptop reformated for the matter)
So I tried to cure it when I scanned this again. This is the second time I’m scanning. The results look different. Does this mean that I don’t have the malware anymore?
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-03-11 17:06:33
17:06:33.807 OS Version: Windows 5.1.2600 Service Pack 2
17:06:33.807 Number of processors: 1 586 0xA00
17:06:33.837 ComputerName: KEN-LLKCZ7AYHG5 UserName: Ken
17:06:34.298 Initialize success
17:06:35.840 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-3
17:06:35.850 Disk 0 Vendor: ST94813A 3.04 Size: 38154MB BusType: 3
17:06:37.913 Disk 0 MBR read successfully
17:06:37.923 Disk 0 MBR scan
17:06:39.926 Disk 0 scanning sectors +78124095
17:06:39.966 Disk 0 scanning C:\WINDOWS\system32\drivers
17:06:44.843 Service scanning
17:06:46.365 Disk 0 trace - called modules:
17:06:46.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys aliide.sys PCIIDEX.SYS
17:06:46.385 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x84397ab8]
17:06:46.385 3 CLASSPNP.SYS[f759005b] → nt!IofCallDriver → \Device\0000006f[0x8436cf18]
17:06:46.395 5 ACPI.sys[f7506620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-3[0x8436c940]
17:06:46.395 Scan finished successfully
as i can see it found a TDL4 rootkit and removed it
Disk 0 TDL4@MBR code has been found
anyway i have sendt a PM to Essexboy to have look at this,
he is the removal expert here so you should check back here for his advice…he may be in bed now but will be back tomorrow
So I tried to cure the tdss thing and before i scanned it with the tdsskiller, I rebooted my computer again. Attached is the scan log; Can you tell me whether the virus is still here or gone? thanks!
I just modified my earlier post of the mbam log! I guess no more viruses, it seems? lol
please let me know if everything looks alright now…
if it’s fine, that means no more virus right?
anyways, THANK YOU SO MUCH! YOU GUYS ARE ALL EXPERTS ;D
I wouldn’t have solved this without any of your help.