Hi Guys,
I have a similar issue as this post: http://forum.avast.com/index.php?topic=79419.0 .
My computer was infected by the Alureon virus, but I think I deleted it (or most of it at least). Now the wallpaper is still black, and my desktop icons have disappeared.
I’m running windows 7 and the virus was DOS/Alureon.E.
Here is what I have done now that I think the virus is gone.
1.) Ran Unhide.exe. The Icons have come back, but my wallpaper is still black.
2.) Ran RogueKiller. It found a few items, but I did not delete them. Please see the report below:
RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan – Date: 03/20/2012 17:32:48¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 5 ¤¤¤
[HJ] HKLM[…]\System : ConsentPromptBehaviorAdmin (0) → FOUND
[HJ] HKLM[…]\System : EnableLUA (0) → FOUND
[HJ] HKCU[…]\Advanced : Start_ShowMyGames (0) → FOUND
[HJ] HKLM[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → FOUND
[HJ] HKLM[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) → FOUND¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS723232A7A364 ATA Device +++++
— User —
[MBR] 207ab831c214298abb57f13666f37bfb
[BSP] 2fab74a01c42e1238679852242b73846 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305134 Mo
User = LL1 … OK!
User = LL2 … OK!Finished : << RKreport[1].txt >>
RKreport[1].txt
3.) Ran aswMBR.exe. Please see the report below:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-03-20 17:43:41 ----------------------------- 17:43:41.827 OS Version: Windows x64 6.1.7601 Service Pack 1 17:43:41.827 Number of processors: 2 586 0x603 17:43:41.827 ComputerName: ROB-NOTEBOOK UserName: 17:43:44.183 Initialize success 17:43:44.776 AVAST engine defs: 12032001 17:44:09.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:44:09.361 Disk 0 Vendor: Hitachi_HTS723232A7A364 EC2OA60W Size: 305245MB BusType: 11 17:44:09.408 Disk 0 MBR read successfully 17:44:09.408 Disk 0 MBR scan 17:44:09.424 Disk 0 Windows 7 default MBR code 17:44:09.439 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 17:44:09.455 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305134 MB offset 206848 17:44:09.471 Disk 0 scanning C:\Windows\system32\drivers 17:44:17.988 Service scanning 17:44:29.844 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32 17:44:42.527 Modules scanning 17:44:42.543 Disk 0 trace - called modules: 17:44:42.574 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 17:44:43.104 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ca4060] 17:44:43.104 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8007ca3450] 17:44:43.120 5 hpdskflt.sys[fffff880019842bd] -> nt!IofCallDriver -> [0xfffffa800783f1e0] 17:44:43.135 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007852060] 17:44:44.680 AVAST engine scan C:\Windows 17:44:47.254 AVAST engine scan C:\Windows\system32 17:47:46.872 AVAST engine scan C:\Windows\system32\drivers 17:48:08.635 AVAST engine scan C:\Users\Administrator.Rob-Notebook 17:48:28.291 AVAST engine scan C:\ProgramData 17:49:24.950 Scan finished successfully 17:50:49.533 Disk 0 MBR has been saved successfully to "C:\Users\Administrator.Rob-Notebook\Desktop\MBR.dat" 17:50:49.549 The log file has been saved successfully to "C:\Users\Administrator.Rob-Notebook\Desktop\aswMBR.txt"
4.) Ran OST but the post keeps telling me that the txt file is too big to upload?
Thanks for your help!