I performed a search on IE8 today for information on my ASUS p5n32sliedel 2.02g motherboard and one of the results was a webpage with an embedded video which claimed to have all the info on my board. Stupidly I clicked on the embedded start button and MS Security Essentials immediately went red and told me a serious trojan virus threat had been detected. I ran a full system scan and was told that win32alureon.bp had been found. I quarantined and deleted the file. Suddenly my IE8 opened and began to access the WWW. I pulled the land cable and began running another scan. The virus was back. I then ran malwarebytes and it found 3 infected files. I ran Spybot search and destroy and 21 infected files were removed. I followed this up with an Advanced system care scan and it too found more infected files. I put the LAN cable back in and tried to get an update to MS Security Essentials and suddenly my IE8 said I had lost connection. It was like the virus was preventing me from getting an update. I went to Microsoft and performed an online scan which discovered 3 more infected files. I still did not feel like the virus was gone, so I downloaded the latest version of avast and performed a full system scan. Again an infected file was detected and removed. I then set up avast to perform a bootup scan and rebooted the system. 3 more infected files were found including another virus “suspbehav-c” I sure hope that my system is finally clean.
Here is the mbab log from one scan:
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org
Database version: 4143
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/26/2010 2:16:34 PM
mbam-log-2010-05-26 (14-16-34).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Temp\5c555yW55.tmp (Trojan.Dropper.Gen) → Quarantined and deleted successfully.
This is my boot clean log
Boot Time Removal Tool started
Error 0xc0000034 deleting regkey \Registry\Machine\SYSTEM\CURRENTCONTROLSET\SERVICES\MSWU-f36decbb
Error 0xc0000034 deleting regkey \Registry\Machine\SYSTEM\CURRENTCONTROLSET\SERVICES\MSWU-a3adb6b1
Removed ??\C:\WINDOWS\system32\spool\prtprocs\w32x86\KUO1oCE.dll
Removed ??\C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ3w7u3.dll
Removed ??\C:\WINDOWS\system32\spool\prtprocs\w32x86\5555o.dll
Removed ??\C:\WINDOWS\system32\spool\prtprocs\w32x86\3g7i31qG.dll
Removed ??\C:\WINDOWS\system32\f36decbb.exe
Removed ??\C:\WINDOWS\system32\a3adb6b1.exe
BTR Completed Successfully