Suden Hack OS Win32:Malware-gen/ :Alureon-EN[Rtk]/ :FakeAlert-EY[trj]

This hapened after searching a picture on google and enter a website that probably contained some add+some script to try hack my OS and install all possible virus.
After the On Scan message of Avast detecting various temp files, this malware or trojan was able to start my Security Center downloading all possible fake malware and trojans, i immediately opened windows task manager, saw the name of that process runing and stoped it as fast possible,
also saw that it turned off my firewall the nasty crap, i turned it on anyways and scaned with malwarebytes 1st/ removed all malware and trojans/ restarted OS and now scaning with Avast, it detected 1 more, seems to be clean but i had to let you know.

Malwarebytes log report:

Memory Process infected:
C:\WINDOWS\msa.exe (Trojan.Agent) → Unloaded process successfully.

Registry Keys infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\n-elp8zlib (Adware.AdRotator) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{28cca93f-7b8c-1820-8cb7-433ab9213616} (Adware.BHO) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{28cca93f-7b8c-1820-8cb7-433ab9213616} (Adware.BHO) → Quarantined and deleted successfully.

Registry Values infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\com+ manager (Trojan.Agent) → Quarantined and deleted successfully.

Files infected:
C:\WINDOWS\system32\n-eLP8ZLiB.exe (Adware.AdRotator) → Quarantined and deleted successfully.
C:\Documents and Settings\Otaku Ichise\Definições locais\Temp\meacxrnsow.tmp (Trojan.FakeAlert) → Quarantined and deleted successfully.
C:\Documents and Settings\Otaku Ichise\Definições locais\Temp\Setup.tmp (Adware.Agent) → Quarantined and deleted successfully.
C:\Documents and Settings\Otaku Ichise\Definições locais\Temp\sxwonemarc.tmp (Trojan.Dropper) → Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\Tasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) → Quarantined and deleted successfully.
C:\Documents and Settings\Otaku Ichise.COMMgr\complmgr.exe (Trojan.Agent) → Delete on reboot.
C:\Documents and Settings\Otaku Ichise\Definições locais\Temp\dbrbbr_5d6fb60e0d.exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\WINDOWS\system32-vsN_PE_.dll (Adware.BHO) → Quarantined and deleted successfully.

On Scanner Avast:
06-12-2009 0:50:07 “Win32:Malware-gen” has been found in “C:\DOCUME~1\OTAKUI~1\DEFINI~1\Temp\asmnrcxweo.tmp” file.
06-12-2009 0:50:32 “Win32:Alureon-EN [Rtk]” has been found in “C:\DOCUME~1\OTAKUI~1\DEFINI~1\Temp\sacxmwnreo.tmp” file.
06-12-2009 0:51:16 “Win32:FakeAlert-EM [Trj]” has been found in “C:\DOCUME~1\OTAKUI~1\DEFINI~1\Temp\awsecnrxom.tmp” file.
06-12-2009 0:51:31 “Win32:FakeAlert-EY [Trj]” has been found in “C:\Documents and Settings\Otaku Ichise\Definições locais\Temporary Internet Files\Content.IE5\Q73EN3TN\xxx_6e9b87ce7f[1].exe” file.
06-12-2009 0:51:35 “Win32:FakeAlert-EY [Trj]” has been found in “C:\DOCUME~1\OTAKUI~1\DEFINI~1\Temp\xxx_6e9b87ce7f.exe” file.

After Scanning OS with Avast found 1 remaining and removed:
06-12-2009 1:11:42 “Win32:Trojan-gen” has been found in “C:\Documents and Settings\Otaku Ichise\Definições locais\Temp\enswaomxrc.tmp” file.

Any advice on how you would proceed, please let me know even if its too much advanced.

Please read:
http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414

Download and install CCleaner but use the Slim version to not have the Yahoo Toolbar:
http://www.ccleaner.com/download/builds

Edit: I see from your signature that you have CCleaner and that pic on your signature shows your are quite young and assume everyone has high speed Intenet connection and likes to see pictures in people’s signature.

Sorry about that YoKenny, i fixed my signature for beter performance in the forum.

I did read that article and realy noticed it was some script code in a website add, i was careless enough to not even close the browser immediately, altough avast stoped most of it, one did pass that was programmed to disable firewall/ use security center to download more malware and craps, me as currently an average user, i just tryed to kill the process immediately with windows task manager and scanned with MBAM 1st and then Avast, then after everything was removed i used CCleaner.

Thanks again for posting and help me know more about this issue, also you were right about my signature picture, sorry for that.

I learn something every day here and that’s great plus meeting people from around the world.

You may want to hide you msn.com email address in your profile as spammers have been known to visit her just for addresses to spam.

Thanks for the info :slight_smile: