Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Malicious URL like this one belongs to Alureon family. Alureon is extremely ugly malware contains dropper, rootkit, MBR rootkit,… . Once are rootkits active in system is very hard to detect it, because they usually hide themselves.
You should run boot time scan with latest VPS update. But be careful, after you clean rootkit, you will probably have to use Windows recovery disc (install disc) to reconstruct original MBR and system registry.
Looks like you were lucky with a 64bit system the malware failed to take hold (hotfix) and only managed to add a proxy. On completion of this let me know if the alerts still occur
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > ->
YN -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 1
YN -> HKEY_USERS\.DEFAULT\: "ProxyServer" -> http=127.0.0.1:59274
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > ->
YN -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-18\: "ProxyServer" -> http=127.0.0.1:59274
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-183297434-1813747179-3948722596-1001\] > -> HKEY_USERS\S-1-5-21-183297434-1813747179-3948722596-1001\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YN -> C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*Shell* -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
YN -> C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
[Empty Temp Folders]
[EmptyFlash]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
[]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[]Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled “reset” located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
Ok, the MAL warnings got fixed but there’s one problem.
I just checked my notification centre but it came up that on the 7th of March the Alureon virus was detected. It hasn’t happened since and scans are turning up nothing (full Malwarebytes scan), but I don’t know whether it has infected or not.
Looks like there shouldn’t be a need for that, I just did an avast! full system scan that came up with two infected files, which were subsequently moved to chest. If I do encounter any more problems, you wouldn’t mind answering my questions would you? You’re probably the most helpful virus specialist I know
About the Alureon notification … I actually played with one the other day on my VM and Avast was killing it before I could install it ;D The dropper itself was not detected ( it is now) but as soon as it started upacking then it died, and I could find no residue on my system