locked
Alueron.CT RRS feed

  • Question

  • Scan ID: {D541DF97-FC8E-45EB-AC75-35755794BFFA}
    Scan Type: AntiMalware
    Scan Parameters: Full Scan
    User: NT AUTHORITY\SYSTEM
    Name: Trojan:Win32/Alureon.CT
    ID: 2147628639
    Severity: Severe
    Category: Trojan
    Path Found: file:C:\Documents and Settings\username\Local Settings\Temp\45.tmp
    Detection Type: Concrete

     

    Just wondering if Microsoft was actually coming out for a fix for this? Removal keeps failing all the time. Do we contact Microsoft for each machine that has this issue?

    Tuesday, August 24, 2010 12:09 AM

Answers

  • Hi,

    Thanks for the post.

    Please first download the latest definitions from the following link:

    https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fAlureon.CT

    After that, please do a full scan in Clean Boot Mode for check:

    Clean Boot
    =============
    Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps:
    1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility.
    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
    3. Click the "Startup" tab, click "Disable All" and click "OK".
    4. Click "OK" to restart your computer to Selective Startup environment.
    5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.
    6. Check whether or not the issue still appears in this environment.


    Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, August 24, 2010 9:48 AM
    Moderator
  • Hi,

     

    Thank you for the update.

     

    Just like Miles said, you should update your FCS and run full scan on all the problematic machines. if you have a sample of new threat, please submit the malicious file to: https://www.microsoft.com/security/portal/Submission/Submit.aspx

     

    Regards,


    Nick Gu - MSFT
    Thursday, September 2, 2010 4:55 AM
    Moderator

All replies

  • Hi,

    Thanks for the post.

    Please first download the latest definitions from the following link:

    https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fAlureon.CT

    After that, please do a full scan in Clean Boot Mode for check:

    Clean Boot
    =============
    Let's disable all startup items and third party services when booting. This method will help us determine if this issue is caused by a loading program or service. Please perform the following steps:
    1. Click "Start", go to "Run", and type "msconfig" (without the quotation marks) in the open box to start the System Configuration Utility.
    2. Click the "Services" tab, check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
    3. Click the "Startup" tab, click "Disable All" and click "OK".
    4. Click "OK" to restart your computer to Selective Startup environment.
    5. When the "System Configuration Utility" window appears, please check the "Don't show this message or launch the System Configuration Utility when Windows starts" box and click OK.
    6. Check whether or not the issue still appears in this environment.


    Note: Temporarily disabling the Startup Group only prevents the startup programs from loading at startup. This shouldn't affect the system or other programs. We may still manually run these programs later.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, August 24, 2010 9:48 AM
    Moderator
  • Looks like I have the option to disinfect for another computer that has Alueron.H

    It continues to find other viruses

    Should I remove it? I have heard if I remove it the PC will blue screen all the time but if I disinfect I know it will come back. Any suggestions would be appreciated.

    Tuesday, August 24, 2010 4:51 PM
  • Hi,

     

    Thank you for the update.

     

    Just like Miles said, you should update your FCS and run full scan on all the problematic machines. if you have a sample of new threat, please submit the malicious file to: https://www.microsoft.com/security/portal/Submission/Submit.aspx

     

    Regards,


    Nick Gu - MSFT
    Thursday, September 2, 2010 4:55 AM
    Moderator