Please help. Win32/Alureon.Gen!U removal

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View



So I seemed to have gotten myself this nasty virus.  From what I've read
it's
particularily nasty, and I need a little help getting rid of it.
Please help
me.


--
karinaoi21
------------------------------------------------------------------------
karinaoi21's Profile: http://forums.techarena.in/members/143683.htm
View this
thread: http://forums.techarena.in/virus-spyware/1257892.htm

http://forums.techarena.in


Re: Please help. Win32/Alureon.Gen!U removal


Win32/Alureon is a downloader trojan that brings malicious programs
onto infected computer. follow the removal instructions to egt rid of
Alureon trojan and its variants
http://darfuns.com/trojan-removal/win32-alureon-b-trojan-downloader /

DANGER!


According to McAfee's SiteAdvisor this site is the source of multiple
Trojans.

Re: Please help. Win32/Alureon.Gen!U removal


Quoted text here. Click to load it

http://technet.microsoft.com/en-us/library/cc512587.aspx

Removal tools (or instructions for manual removal) are no solution to an
infection, particularly not with malware that may download more malware
or may give an attacker remote access. One can never be sure what else
was modified on the system and thus can never be certain that the
malware was removed entirely.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Please help. Win32/Alureon.Gen!U removal



This is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved
at 11:07:58 PM, on 12/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running
processes:
C:\\Windows\\system32\\taskeng.exe
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Program
Files\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe
C:\\Program
Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\Program Files\\Google\\Gmail
Notifier\\gnotify.exe
C:\\Program Files\\Microsoft
Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Java\\jre6\\bin\\jusched.exe
C:\\Program
Files\\Lavasoft\\Ad-Aware\\AAWTray.exe
C:\\Program Files\\HP\\HP Software
Update\\hpwuSchd2.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Windows\\sttray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Electronic Arts\\EADM\\Core.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\johnsadventures.com\\John's Background
Switcher\\BackgroundSwitcher.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Program Files\\DNA\\btdna.exe
C:\\Program Files\\Crawler\\Notes\\CNotes.exe
C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Program Files\\Windows Media
Player\\wmpnscfg.exe
C:\\Windows\\system32\\wbem\\unsecapp.exe
C:\\Program
Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe
C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqbam08.exe
C:\\Program Files\\AVG\\AVG8\\avgscanx.exe
C:\\Program
Files\\AVG\\AVG8\\avgcsrvx.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\ParetoLogic\\Anti-Virus PLUS\\Pareto_AV.exe
C:\\Program
Files\\Trend Micro\\HijackThis\\HijackThis.exe
C:\\Program Files\\Malwarebytes'
Anti-Malware\\mbam.exe
C:\\Windows\\system32\\SearchFilterHost.exe

R1 -
HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6850FX
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 -
HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
http://www.google.ca /
R1 - HKLM\\Software\\Microsoft\\Internet
Explorer\\Main,Default_Page_URL =
http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6850FX
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL
=
http://go.microsoft.com/fwlink/?LinkId=54896
R1 -
HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 -
HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page =
http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6850FX
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6850FX
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R1 -
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet
Settings,ProxyOverride =
*.local
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName
=

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper -
- C:\\Program Files\\Common
Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: WormRadar.com
IESiteBlocker.NavFilter -
- C:\\Program
Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: (no name) -
- (no
file)
O2 - BHO: NCO 2.0 IE BHO -
- (no
file)
O2 - BHO: Groove GFS Browser
Helper -
- C:\\Program Files\\Microsoft
Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper
-
- C:\\Program
Files\\Java\\jre6\\bin\\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
- C:\\Program Files\\Common
Files\\Microsoft
Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error
Redirector -
-
c:\\windows\\system32\\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
- C:\\Program
Files\\Java\\jre6\\bin\\jp2ssv.dll
O3 - Toolbar: (no name) -
- (no
file)
O4 - HKLM\\..\\Run: [Windows
Defender] %ProgramFiles%\\Windows
Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run:
[IAAnotif] C:\\Program Files\\Intel\\Intel Matrix
Storage Manager\\iaanotif.exe
O4 -
HKLM\\..\\Run: [SynTPEnh] C:\\Program
Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 -
HKLM\\..\\Run: [] C:\\Program
Files\\Google\\Gmail Notifier\\gnotify.exe
O4 - HKLM\\..\\Run: [Adobe Photo
Downloader] "C:\\Program
Files\\Adobe\\Photoshop Album Starter
Edition\\3.0\\Apps\\apdproxy.exe"
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program
Files\\Microsoft
Office\\Office12\\GrooveMonitor.exe"
O4 - HKLM\\..\\Run:
[AppleSyncNotifier] C:\\Program Files\\Common
Files\\Apple\\Mobile Device
Support\\bin\\AppleSyncNotifier.exe
O4 - HKLM\\..\\Run: [AVG8_TRAY]
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher]
"C:\\Program
Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run:
[SunJavaUpdateSched] "C:\\Program
Files\\Java\\jre6\\bin\\jusched.exe"
O4 -
HKLM\\..\\Run: [Ad-Watch] C:\\Program
Files\\Lavasoft\\Ad-Aware\\AAWTray.exe
O4 -
HKLM\\..\\Run: [HP Software Update] C:\\Program Files\\HP\\HP Software
Update\\HPWuSchd2.exe
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program
Files\\QuickTime\\QTTask.exe" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper]
"C:\\Program
Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run:
[SigmatelSysTrayApp] sttray.exe
O4 - HKLM\\..\\Run: [ParetoLogic Anti-Virus PLUS]
"C:\\Program
Files\\ParetoLogic\\Anti-Virus PLUS\\Pareto_AV.lnk" -NM -hidesplash
O4
- HKLM\\..\\RunOnce: [Launcher] %WINDIR%\\SMINST\\launcher.exe
O4 - HKLM\\..\\RunOnce:
[Malwarebytes' Anti-Malware] C:\\Program
Files\\Malwarebytes'
Anti-Malware\\mbamgui.exe /install /silent
O4 - HKCU\\..\\Run: [msnmsgr]
"C:\\Program Files\\Windows
Live\\Messenger\\MsnMsgr.Exe" /background
O4 -
HKCU\\..\\Run: [EA Core] "C:\\Program Files\\Electronic
Arts\\EADM\\Core.exe" -silent
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run:
[BackgroundSwitcher] "C:\\Program
Files\\johnsadventures.com\\John's Background
Switcher\\BackgroundSwitcher.exe"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program
Files\\Windows
Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [BitTorrent DNA]
"C:\\Program Files\\DNA\\btdna.exe"
O4 - HKCU\\..\\Run: [CrawlerNotes]
c:\\progra~1\\crawler\\notes\\cnotes.exe
/notes
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar]
%ProgramFiles%\\Windows
Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4
- HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run:
[Sidebar] %ProgramFiles%\\Windows
Sidebar\\Sidebar.exe /detectMem (User 'NETWORK
SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\\Program
Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe
O8 - Extra context menu item: E&xport
to Microsoft Excel -
res://C:\\PROGRA~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
O9 -
Extra button: Send to OneNote -
-
C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to
OneNote -
-
C:\\PROGRA~1\\MICROS~3\\Office12\\ONBttnIE.dll
O9 - Extra button: Research -
-
C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP:
c:\\windows\\system32\\inethttpfilter.dll
O10 - Unknown file in Winsock LSP:
c:\\windows\\system32\\inethttpfilter.dll
O10 - Unknown file in Winsock LSP:
c:\\windows\\system32\\inethttpfilter.dll
O10 - Unknown file in Winsock LSP:
c:\\windows\\system32\\inethttpfilter.dll
O13 - Gopher Prefix:
O16 - DPF:
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF:
(Windows Live OneCare
safety scanner
control) -
http://cdn.scan.onecare.live.com/resource/download/scanner/en-gb/wlscctrl2.cab
O16 - DPF: (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF:
(MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 -
DPF: (Minesweeper Flags
Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol:
grooveLocalGWS -
- C:\\Program
Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O18 - Protocol:
linkscanner - -
C:\\Program
Files\\AVG\\AVG8\\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere
Modem Call Progress Audio (AgereModemAudio) -
Agere Systems -
C:\\Windows\\system32\\agrsmsvc.exe
O23 - Service: AMD External Events Utility -
AMD -
C:\\Windows\\system32\\atiesrxx.exe
O23 - Service: Apple Mobile Device -
Apple Inc. - C:\\Program
Files\\Common Files\\Apple\\Mobile Device
Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner
(avg8emc) - AVG Technologies
CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
O23 -
Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
s.r.o. -
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. -
C:\\Program
Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Intel(R) Matrix
Storage Event Monitor (IAANTMON) - Intel
Corporation - C:\\Program
Files\\Intel\\Intel Matrix Storage
Manager\\Iaantmon.exe
O23 - Service:
InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\\Program
Files\\Common
Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service:
iPod Service - Apple Inc. - C:\\Program
Files\\iPod\\bin\\iPodService.exe
O23 -
Service: Lavasoft Ad-Aware Service - Lavasoft - C:\\Program
Files\\Lavasoft\\Ad-Aware\\AAWService.exe
O23 - Service: ProtexisLicensing -
Unknown owner -
C:\\Windows\\system32\\PSIService.exe
O23 - Service: SigmaTel Audio
Service (STacSV) - IDT, Inc. -
C:\\Windows\\system32\\STacSV.exe
O23 - Service:
plasservice (ZeppelinService) - ParetoLogic Inc. -
C:\\Program Files\\Common
Files\\ParetoLogic\\PLAS\\plasservice.exe

--
End of file - 10442 bytes


--
karinaoi21
------------------------------------------------------------------------
karinaoi21's Profile: http://forums.techarena.in/members/143683.htm
View this
thread: http://forums.techarena.in/virus-spyware/1257893.htm

http://forums.techarena.in


Re: Please help. Win32/Alureon.Gen!U removal


Quoted text here. Click to load it

This group is about firewalls, not about MS Windows. Direct your
question somewhere suitable.

--
Jon Solberg (remove "nospam" from email address).

Re: Please help. Win32/Alureon.Gen!U removal


karinaoi21.3zz93b@DoNotSpam.com says...
Quoted text here. Click to load it

Posting HiJack logs in Usenet is bad form - it screws up search engines
and does not get you the help you need. HiJack comes with instructions
on where to post your logs - if you can't follow those instructions you
won't be able to fix your computer either.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.  
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Re: Please help. Win32/Alureon.Gen!U removal



Quoted text here. Click to load it
 infected by spywares/adwares

Site Timeline