Author Topic: [Resolved] trojan:dos/alureon.e DDS Copy and Paste  (Read 5790 times)

0 Members and 1 Guest are viewing this topic.

Offline KeiserBKeiser

  • Bronze Member
  • Posts: 33
Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
« Reply #30 on: March 19, 2012, 02:07:17 pm »
Okay reconnected everything and scanned with Microsoft Security Essentials.  Nothing found.  When I attempted to start up SPYBOT and update it though, you'll see that it's not updating and instead failing with some strange file name.  I took a screenshot attached here.

I figured that I would attempt to uninstall and reinstall SPYBOT, but when I did it showed the second screenshot in recovery, and I believe it's that file, FRAUD.DEFENSECENTER that started everything.

I have also attached the very first problem when this all began.  Everything appears to be working normal....but I don't believe it's outta there.

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25478
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
« Reply #31 on: March 19, 2012, 02:39:47 pm »
OK, the alureon.e infection was actually secondary. The last image you showed me is a fake Antivirus screen. That is the primary infection.

So here is what you need to do.

Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.




    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2

    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes'' Anti-Malware
      • Launch Malwarebytes'' Anti-Malware
      • Then click Finish.
      MBAM will automatically start and you will be asked to update the program before performing a scan.
      • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
      • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
      On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
      • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
      • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
      • When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
      • Click OK to close the message box and continue with the removal process.
      Back at the main Scanner screen:
      • Click on the Show Results button to see a list of any malware that was found.
      • Make sure that everything is checked, and click Remove Selected.
      • When removal is completed, a log report will open in Notepad.
      • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
      • Exit MBAM when done.
      Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.[/list]

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #32 on: March 19, 2012, 04:56:27 pm »
      Found 3 issues, Log is cut and pasted below
      Malwarebytes Anti-Malware 1.60.1.1000
      www.malwarebytes.org

      Database version: v2012.03.19.05

      Windows 7 Service Pack 1 x64 NTFS
      Internet Explorer 9.0.8112.16421
      Wankerdoodle :: KEISERDOODLE [administrator]

      3/19/2012 6:22:09 PM
      mbam-log-2012-03-19 (18-22-09).txt

      Scan type: Full scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 336409
      Time elapsed: 27 minute(s), 20 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 3
      C:\TDSSKiller_Quarantine\18.03.2012_10.55.27\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
      C:\TDSSKiller_Quarantine\18.03.2012_10.55.27\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
      C:\TDSSKiller_Quarantine\18.03.2012_10.55.27\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.

      (end)

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #33 on: March 19, 2012, 05:00:57 pm »
      There is some new program that winpatrol is asking about.

      It says "a new startup program has been detected. This program will run each time you login or restart your machine.

      WINLOGON:USERInit     

      Should I allow this?

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25478
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #34 on: March 19, 2012, 05:16:14 pm »
      Yes, you can allow that. But I am also a bit confused.

      How many times did you run TDSSKiller? The log you posted shows no removal, yet the Malwarebytes' Anti-Malware log you just provided shows that TDSSKiller did quarantined 3 files.  Also the pictures you attached above, when was the bottom one taken?

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #35 on: March 19, 2012, 05:25:49 pm »
      I think I ran the TDS Killer twice.  The first time, I had not yet backed up my system. 

      That last photo was the very first instance that something was going wrong.  Pop ups like that which claim system wide problems typically make me very suspicious.  This however looked so much like Microsoft Security Essentials that I fell victim.

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25478
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #36 on: March 19, 2012, 06:19:25 pm »
      OK, that makes a bit more sense.

      When you reinstalled Spybot, were you able to run the update?

      What problems is your computer having now?

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #37 on: March 19, 2012, 06:30:52 pm »
      I didn't uninstall SPYBOT yet, I figured I would wait and see what your feelings were on it.

      The issues of the system locking up and not finding the web are gone.  The laggy system, is gone......

      The only thing that at present looks odd is the update for the SPYBOT S&D.   


      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25478
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #38 on: March 19, 2012, 06:51:33 pm »
      Reboot the computer and then try running Spybot again. If it will not update, try using a different mirror to download the files from. You can use any of them, not just the ones closest to you.

      If it fails to update using 2 different mirrors, go ahead and uninstall it and reinstall it and try again.

      Let me know how it goes.

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #39 on: March 19, 2012, 06:59:42 pm »
      Failed on the mirrors.  Giving me the same funny looking script as in the photo above,

      I will now uninstall and reinstall and update.  BRB

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #40 on: March 19, 2012, 07:07:30 pm »
      Here's a question I've always had about spybot.  Do I want the teatimer thing and the IE thing?

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #41 on: March 19, 2012, 07:09:54 pm »
      Updates are now loading in SPYBOT like I'm accustomed to.

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #42 on: March 19, 2012, 07:11:52 pm »
      If I didn't know any better, I'd say that it's fixed.   :p
        Any suggestions of where else to look?

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25478
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #43 on: March 19, 2012, 07:16:03 pm »
      About Teatimer, if you don't have something like Malwarebytes' Anti-Malware running in the background, then Teatimer is a good thing to run. But Malwarebytes' Anti-Malware is better, but you have to have the paid for version.

      The IE thing, yes. I use it even though I use IE infrequently.

      About being fixed, lets hold of for 24 hrs or so. Use your computer normally and reboot several times during the day. Lets give the infection time to reconstitute itself. I doubt it will, but that whole Spybot thing has me suspicious.

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline KeiserBKeiser

      • Bronze Member
      • Posts: 33
      Re: [In Progress] trojan:dos/alureon.e DDS Copy and Paste
      « Reply #44 on: March 19, 2012, 07:18:38 pm »
      Agreed, I'll continue to reboot and move around online normally.   I tried to update Windows and I get the following error

      Errors found
      Code 80070005  Windows update encountered an unknow error