none
Can't get rid of Trojan:DOS/Alureon.E Rootkit

    Question

  • My avast security first detected this rootkit but it unable to remove it.  Microsoft security essentials is able to identify it and when it prompts me to remove this item.  When I click on apply, it starts to remove it, and then an error is encountered and stops midway.  It then prompts me to reboot to clean my computer.  This does nothing.  Using Vista.

    Tried the TDSSKiller and it only took 1.5 minutes to run with no rootkit identificatiion.

    Any suggestions?

    Saturday, February 18, 2012 5:29 PM

All replies

  • Use a working machine to download Microsoft’s Standalone System Sweeper. Although it’s still at the beta testing stage, it runs very well indeed.

    Download the appropriate 32-bit or 64-bit version here https://connect.microsoft.com/systemsweeper  and burn a CD. Boot from the CD and run a full scan.

    Anyone who repairs viruses, rootkits and the like should use this program. It also has a nice Windows interface, unlike the older, clumsy Linux equivalents.

    Sunday, February 19, 2012 8:17 AM
  • Use Malwarebytes Anti-Malware Free edition, that will clean all the infections.

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html


    Thanks, Being Human

    Monday, February 20, 2012 2:21 PM
  • Malwarebytes didn't catch it!

    Wednesday, February 22, 2012 8:04 AM
  • We’re still waiting for the new variant of Trojan:DOS/Alureon.E to be given its own classification, and for the Microsoft threat encyclopedia to be updated. The new variant takes control of the operating system by creating its own boot partition rather than by injecting its code into the MBR, so the only way to remove it at this point is to delete the hijacked partition:

    http://answers.microsoft.com/en-us/protect/forum/protect_scanning/mse-is-unable-to-remove-alureon/ee00d0f9-d5a5-40eb-b464-f29a041ed318?page=2

    GreginMich


    Wednesday, February 22, 2012 3:05 PM
  • Probably in the wrong forum but with a Windows XP SP3 machine I used http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller and it worked like a charm to remove the dos/alureon.e Trojan. Even removed the "fake" partition. The partition the Trojan set up was only 2MB. I was still concerned about deleting it so I gave TDSSKiller a try. It worked. It is true though at this time, Security Essentials did not catch it in time before it created a boot sector.

    Friday, June 15, 2012 9:07 PM
  • Struggled with this for two days. MSE: Nada, Norton Power Eraser: Zilch, McAfee Stinger: No result. Alureon took Malwarebytes out behind the building and slapped it around, called it names and made it cry. Manually removing it, attempting to delete the partition, combing through the registry didn't work either, but it ate up a lot of time. TDSSKiller got it done in about 25 seconds. It's now hanging around my neck on a jump drive for the next user that comes to me with one of these nasty little pieces of malware. Thank you very much!
    • Proposed as answer by cholmeslawdog Saturday, April 06, 2013 5:51 PM
    • Unproposed as answer by cholmeslawdog Saturday, April 06, 2013 5:51 PM
    Monday, January 07, 2013 8:27 PM
  • As you have MSE and avast both installed MSE isn't able to remove that Rootkit. Following is my suggestion for it.

    Download and scan your PC with Microsoft Safety Scanner (http://www.microsoft.com/security/scanner/en-us/default.aspx).

    For more details go to this Microsoft Encyclopedia Entry http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32%2fAlureon.

    Tuesday, January 15, 2013 11:46 AM