Win32: Alureon - CE [Rtk] Need Help Please

Hi just joined the forums here. It seems like you guys were able to help youfruitloop to get rid of this nasty Trojan, so I was wondering if I could get some help here.

Had this Trojan for some time now and I finally decided to get rid of it. Avast! detected the virus in the memory test and said it successfully removed it. Then it went through the whole boot scan found some infected files and deleted them. No worries right?

Well I then ran Malwarebytes and it also found it and deleted it. Thats when I started to worry. So little searching on the web and this looks like the place to get some help with this nasty Trojan.

The infected file that Avast! came up with is c:\windows\system32\geyekrhhsalpnn.dll
I am running Avast! 4.8

Seems like a pain to remove from Windows: try a rescue CD. Download and burn on another computer, boot the infected computer, and Bob’s your uncle.

Rescue CD’s. Download and burn the disk image on an uninfected computer. Boot the infected computer from the disk and run a virus scan (after updating virus definitions if this option is present).

Kaspersky Rescue Disk
AntiVir Rescue CD
F-Secure Rescue CD

You could try Rootrepeal,have a look at the link, http://www.malwarebytes.org/forums/index.php?showtopic=12709

geyekr, has recently been added to this list of this rootkit, copy/paste the log, and post here

Thanks for the fast replies here,

@micky77 I downloaded Rootrepeal and did the whole shebang on my Computer. It found several geyekr- .sys and temp. files which I wiped as the instructions told me. But I didn’t save the log for you. My Bad. Also looking at my hidden services there is still a geyekr file on there that this rootrepeal won’t wipe.

What I do have is this report taken after my computer crashed several times using this program. For some odd reason when I finished the first scan that detected the Trojan, I wanted to see if there was any hidden services running. When I clicked the scan button, I got the BSoD some STOPx… or a driver issue as said Microsoft.

Also now since I restarted the computer this error kept coming up I took a log of that and it’s the log.txt. I finally fix the problem by changing disk access to its lowest level.

I had to up the level when I first started since the program couldn’t access the HD. I changed it to the special level.

Don’t know if this helps you any.

I,m no expert with Rootrepeal. The only file/s, you should be wiping, would begin with geyek, in system32/drivers, and end in sys, for example C:\windows\system32\drivers\geyekrhfgdvswdstsak.sys.
All the other geyek files, should be removed with MalwareBytes.