Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1468
  • Last Modified:

can't remove alureon.a infection

I have a machine running windows xp SP3.  It recently had a pretty serious virus infection.  I used Combofix, Malwarebytes, Hijackthis and Microsoft Security Essentials to remove the infections.  Now, when I run Combofix it scans clean, Malwarebytes (full scan) runs clean, and Hijack this shows no errors.  HOWEVER, when I run Microsoft Security Essentials, I get an infection called: "Trojan: DOS/Alureon.A".  Microsoft Security Essentials is not able to remove it.  I've rerun Combofix and Malwarebytes, neither finds or removes it. Please help me remove this.  The computer definitely acts strange (MS Word closes without warning sometimes) so I do think it's a real infection that Microsoft Security Essentials is finding.
0
mattbiel
Asked:
mattbiel
  • 6
  • 4
  • 4
  • +5
2 Solutions
 
udaya kumar laligondlaTechnical LeadCommented:
0
 
FayazCommented:
Download Dr. Web Cure it (free) and scan the machine in Safe mode.
0
 
johnb6767Commented:
How to remove malware belonging to the family Rootkit.Win32.TDSS ...
http://support.kaspersky.com/viruses/solutions?qid=208280684
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Kris MontgomeryCommented:
If you ever have any malware, here is the best step-by-step guides and information on combating malware yourself.
http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide/

However, at this time, you can go to http://www.LivePCSupport.com.  Comodo Live Support is free for 60 days and an actual virus removal specialist will remove any malware you have for free.

Thanks!

mug
0
 
mattbielAuthor Commented:
Thanks, I'm running Dr Web cureit right now, full scan from safe mode.

If that doesn't work and I have to try the fixmbr route, I'm nervous about that.  I can just boot into recovery console and then type "fixmbr" and press enter and it will do it?  Are there risks involved with this?  Sounds kind of risky.
0
 
Kris MontgomeryCommented:
Yes, the main risk with using fixmbr is that an error could occur that would stop your computer from booting at all.  This can be remedied, but not easily.  My suggestion would be to back up your data first and create a full system image if at all possible before running fixmbr.

Thanks.

mug
0
 
Kris MontgomeryCommented:
Here is a boot sector removal tool from Avira...  http://www.avira.com/en/support-download-antivir-boot-sector-repair-tool

Thanks!

mug
0
 
orangutangCommented:
0
 
nobusCommented:
0
 
mattbielAuthor Commented:
Dr. Web found it. BackDoor.Tdss.4005 is the status,  "MBR_HardDisk0.mbr" is the object.  It could not cure it so it moved it.  the path is c:\Qoobox\quarantine.  Will I still need to do a fixmbr after this scan is done?  (it's still scanning, 4 hours in so far)
0
 
nobusCommented:
that depends on the fact that the mbr is infected or not
0
 
mattbielAuthor Commented:
So Dr. Web finished and like I said it found it, but it couldn't remove it.  It's in the MBR.   I booted to Recovery Console, selected the C drive, and then typed in fixmbr and pressed enter.  I got a warning that my table was non-standard or something and if i continued I may lose access to the drive and I probably should not continue.  So I said "no" and exited.  Is this warning standard or what?  I'm gonna do an image of the hard drive before I continue, but that's gonna take a few days.  I'll keep you guys posted
0
 
nobusCommented:
did you use the fix i posted, or not?
0
 
mattbielAuthor Commented:
Yes, the fix you posted was to boot to recovery console and do fixmbr and then fixboot.  I posted above what happened when I did fixmbr...an ominous warning message, so I said "no" when it asked me If I was sure.  now I'm gonna do an image of the hdd first.
0
 
johnb6767Commented:
"Dr. Web found it. BackDoor.Tdss.4005"

Did you try the tool I referenced above?

"How to remove malware belonging to the family Rootkit.Win32.TDSS ...
http://support.kaspersky.com/viruses/solutions?qid=208280684"

Specifically designed to remove this family of threats.....
0
 
johnb6767Commented:
@SSharma....

TDSSKiller has previously been suggested.....
0
 
mattbielAuthor Commented:
OK so I have resolution.  If anyone else is trying to remove this virus, forget about doing anything UNTIL you do the MBR.  I tried every scanner, every option out there, but this dang thing would not go away until I did the MBR.  Once I did it, I then used Dr. Web Cureit and it scanned clean, and now all is good.  

For safety precautions I had to image the hard drive first, which is why it took me so long to get a resolution.  Thanks everyone!  I'm also accepting Dr.Web Cureit as a partial solution because I think it's the best scanner I've seen, even better than Malwarebytes or Combofix.  
0
 
mattbielAuthor Commented:
Thanks everyone, very helpful!
0
 
nobusCommented:
tx for the feedback !
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

  • 6
  • 4
  • 4
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now