We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
w32/alureon.co virus, need help (updated with hijack and malwarebytes)
Options
silkyuk9
Posts: 2,815 Forumite
ive got this virus, w32/alureon.co and i have microsoft internet essentials that detects it, but, everytime essentials says it quaretined and asks me to restart my pc it seems to come back i go through the process again and again but the damn thing will not go away. please help me to get rid of this virus.
All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.
0
Comments
-
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM FULL SCAN then click SCAN
Remove everything thats found (needs to be ticked)
Post the COMPLETE log here AFTER youve deleted everything it finds
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD THIS VERSION')
http://www.filehippo.com/download_hijackthis/2894/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
ok, ive got malware bytes, and update, now in doing a scan so i will get back toyou shortly.All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0
-
Incidentally, Alureon is a sophisticated data-stealing trojan which can steal login and password data, and financially sensitive data.
If you are unsure how you got the virus or don't know how long it's been there, it would be wise to consider any sensitive data on the PC (such as online banking) as potentially compromised - it may be in someone else's possession by now.0 -
Incidentally, Alureon is a sophisticated data-stealing trojan which can steal login and password data, and financially sensitive data.
If you are unsure how you got the virus or don't know how long it's been there, it would be wise to consider any sensitive data on the PC (such as online banking) as potentially compromised - it may be in someone else's possession by now.
thats all i wanted to hearAll the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
to be honest im not sure how the hell these viruses get on my pc. each time i boot up microsoft essential comes up with a differsnt onr, ive had MSSEC.EXE, winw2brebolab, and others that ive not noted down.
i know viruses are trouble but how the hell do they get on my pc, i hae microsoft essential malwarebyes, advanced systemcare pro, IObit security. Arent these programs supposed to stop all these things?? well im f'ing sick of it all, what else do i need to stop viruses infecting my pc. i wouldnt mind but i dont go on all the bad things, i just surf the net and thats it!!All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
We can advise better once youve posted the logs I asked for:idea:0
-
-
ok here is the log from malwarebytes.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4211
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18/06/2010 13:32:34
mbam-log-2010-06-18 (13-32-34).txt
Scan type: Full scan (E:\|)
Objects scanned: 179958
Time elapsed: 3 hour(s), 39 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.168,93.188.166.199 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091807.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091908.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091913.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091918.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091923.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091928.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091933.dll (Trojan.FraudPack) -> No action taken.
E:\System Volume Information\_restore{ED8E925E-C645-489B-9027-6F2EABF15B84}\RP134\A0091935.exe (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\ernel32.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\9mYWS317u.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\g9i17qG.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\iQ3wSK3.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\KUOC7sK.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\O7o31m.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\qGMY1c.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\w9u1793.dll (Trojan.FraudPack) -> No action taken.
E:\WINDOWS\system32\spool\prtprocs\w32x86\Y931m9g.dll (Trojan.FraudPack) -> No action taken.
im now going to scan with hijack this so i will print a log after thats done also.All the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
hijack this info, i have fixed nothing with hijack this as i do not understand it.
Logfile of HijackThis v1.99.1
Scan saved at 13:41:55, on 18/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
e:\Program Files\Microsoft Security Essentials\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\IObit\IObit Security 360\IS360srv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\IObit\IObit Security 360\IS360tray.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Program Files\Microsoft Security Essentials\msseces.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\DivX\DivX Update\DivXUpdate.exe
E:\WINDOWS\system32\svchost.exe
E:\Documents and Settings\silky\Desktop\New Folder (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 80.239.151.10 rapidshare.com
O1 - Hosts: 80.239.151.11 rapidshare.com
O1 - Hosts: 80.239.151.12 rapidshare.com
O1 - Hosts: 80.239.151.13 rapidshare.com
O1 - Hosts: 80.239.151.14 rapidshare.com
O1 - Hosts: 80.239.151.15 rapidshare.com
O1 - Hosts: 80.239.151.16 rapidshare.com
O1 - Hosts: 80.239.151.17 rapidshare.com
O1 - Hosts: 80.239.151.18 rapidshare.com
O1 - Hosts: 80.239.151.19 rapidshare.com
O1 - Hosts: 80.239.151.20 rapidshare.com
O1 - Hosts: 80.239.151.21 rapidshare.com
O1 - Hosts: 80.239.151.22 rapidshare.com
O1 - Hosts: 80.239.151.250 rapidshare.com
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SiSRaid] E:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IObit Security 360] "E:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [MSSE] "e:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262455853898
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - E:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exeAll the big powers they've silenced me. So much for free speech and choice on this fundamental human right, and outing the liars.0 -
E:\WINDOWS\system32\spool\prtprocs\w32x86\Y931m9g.dll (Trojan.FraudPack) -> No action taken.
Im sorry, but they all say NO ACTION TAKEN
Your going to have to rescan, then at the end make sure theyre all TICKED and REMOVE them
(run a QUICK scan first, TICK and REMOVE everything thats found, then run a FULL scan which will hopefully run a lot quicker due to most already being removed):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards