Possible infection(s)

Viruses and worms
1

Got a pop up from Avast! of possible virus infection, and upon googling, it looks like I may have picked up something rather nasty: Win32:Alureon-EU (atapi.sys and A0053804.sys) as well as Win32:Rootkit-gen [Rtk] and Win32:Trojan-gen. These have been quarantined by Avast!

I followed the instructions in the stickied ‘Logs to assist in Cleaning Malware’ thread in this forum, so here are the results:

From Malwarebytes:

Malwarebytes’ Anti-Malware 1.44
Database version: 3605
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20/01/2010 4:17:56 PM
mbam-log-2010-01-20 (16-17-56).txt

Scan type: Quick Scan
Objects scanned: 119547
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Roger\Desktop\super_pi_mod.exe (Malware.Packer.Krunchy) → Quarantined and deleted successfully.

Attached are the two OTL text logs. Appreciate any help.

2

Welcome to the forums, Oldfish :slight_smile:

It seems that much has been done by avast and MBAM.

Hopefully, someone can help you with the OLT logs real soon.

3

Thanks CharleyO. Hopefully this can be cleared up with minimal fuss, but I’m quite ready to reinstall the OS if it comes down to it.

4

A question: these files/viruses that have been moved to the virus chest by Avast!: is it safe to delete them? (I’ve read it’s not safe to delete the Alureon one, since it’s tied to the atapi.sys file). If it’s okay to delete them, does this mean my machine is clean and ready to go?

5

Looking at the logs it does not appear to be too bad - but a quick question or two

  1. Did you set the proxies in firefox ?
  2. Did you disable system restore ?
  3. What problems do you have now ?
6
  1. No.
  2. Yes.
  3. None of which I’m aware.

Thanks for the input. :slight_smile:

7

There is no need to delete anything from the Chest as it is a protected area where they can do no harm to your computer. Generally, we suggest leaving them in the Chest for at least 2 weeks and then scan each one by right clicking each one in the Chest and selecting Scan. If they are still shown as infected AND there have been no adverse effects to the operation of your computer, then you can delete them. But, as I stated above, there is no need to delete them. When they are deleted from the Chest, they are gone forever.

8

In that case I would suggest you reset the proxy settings on FF
for Firefox there are instructions on this page and you want the setting to be no proxy

Run OTL and hit the cleanup button and it will disappear

9

Thanks for the replies.

Essexboy: the setting is already at No Proxy.

10

Thats good - it may have been a transcription error that I saw

Enjoy

11

Really appreciate the help/input. Thanks for taking the time. :slight_smile:

12

My pleasure