• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

My laptop (Vista, Office) running NIS2009 (defaults) just updated via Windows Update and on restart the "Microsoft Windows Malicious Software Removal Tool - June 2009" dialog box popped up and message said "Malicious software was detected and removed from your computer - click to view details".  I clicked and it said that "Trojan:Win32/Alureon!inf" had been detected and deleted.  Should I be worried?  Bit concerned that NIS2009 running defaults didn't pick this up. 

Replies

Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

My laptop (Vista, Office) running NIS2009 (defaults) just updated via Windows Update and on restart the "Microsoft Windows Malicious Software Removal Tool - June 2009" dialog box popped up and message said "Malicious software was detected and removed from your computer - click to view details".  I clicked and it said that "Trojan:Win32/Alureon!inf" had been detected and deleted.  Should I be worried?  Bit concerned that NIS2009 running defaults didn't pick this up. 

Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

Can you find and submit the file for analysis?  Would be nice to know what file was deleted / detected and whether or not it was a FP.
Win7 x32 SP1
Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

It looks like it was allready deleted. You might want to run a full scan just to be sure
"All that we are is the result of what we have thought"
Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

the same thing happened to me earlier where malicious removal tool detected the threat and Norton did not even tell me about any infection..after having to latest protection.. i ran full system scan and did everything but nothing came...i investigated the file which was found by malicious removal tool and uploaded the file to virustotal and results were amazing..out of 40 scanners 21 detected them..i wish i could have shared that link with you..it's been a month and i deleted the link of virustotal..but i remember..Kaspersky,eset and McAfee, AVG,bitdefender like security software detected it..as my father runs McAfee on his dell laptop so i just check every infected by zipping it..and some other frnds in my neighbour and out there on internet send me theri infection via zipped file and i check them and after that i come to the final decison...How ever i like Symantec..and just send the file to them to get that nasty threat in their future detection definitions..

You can check my opened thread another threat not detect to know more about submission and detection..!!

Genuine Windows 8.1 x64 Pro; NIS 2014; HP Pavallion G6 Notebook with AMD Core 2 Quad A10; 6 GB RAM; ; 1TB Western Digital HDD, AMD Radeon 2.5 GB Graphics Card
Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

ok, here's another.  I'm beginning to doubt NIS2009 capabilities.  I have just run Malwarebytes' Anti-Malware and it found ANOTHER trojan!  gxvxcserv.sys

Here is the logfile of the removal.

Malwarebytes' Anti-Malware 1.37
Database version: 2263
Windows 6.0.6001 Service Pack 1

11/06/2009 22:48:40
mbam-log-2009-06-11 (22-48-34).txt

Scan type: Quick Scan
Objects scanned: 69862
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.170,85.255.112.235 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2e9689ff-176a-456f-9283-bd25e81862f4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.170,85.255.112.235 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.170,85.255.112.235 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2e9689ff-176a-456f-9283-bd25e81862f4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.170,85.255.112.235 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.170,85.255.112.235 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2e9689ff-176a-456f-9283-bd25e81862f4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.170,85.255.112.235 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

What is going on here?  NIS2009 is fully functional working on defaults.

Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

Silvefox1:

Your malwarebytes shows no action taken.  Please disable system restore, and get Malwarebytes to fix the problem.  It is hard to judge where the infection came from.  No antivirus stops everything and the malware writers are getting better and better all the time.

You need to remove what is identified by Malwarebytes.  Reboot, and go into safe mode and run it again.  Post the results for us to look at.  You have a rootkit which hides malware, hides drivers, and downloads malware.

gxvxcserv.sys  is one of the files we look for in these types of infections.

Also please download Rootrepeal  http://rootrepeal.googlepages.com/

Do not remove anything, but paste the log for Quads to look at.  He is our rootkit guru.

Message Edited by delphinium on 06-12-2009 06:52 PM
Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

Please Use both RootRepeal http://community.norton.com/norton/board/message?board.id=Norton_360&message.id=13889#M13889

And GMER http://www.gmer.net/  Scan and then save the log and post the log to http://pastebay.com/

Use youe Norton username on pastebay 

I will cross referance the logs and see 1. if you still have it,  2. If I have toi script to remove it like I have done for others.

 Quads

Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

Thanks Quads & delphinium for helful replies.  Will get on with disabling sys restore, into safe mode & unning the apps you mention. I'll let you know how I get on will post log here.   Really want to make sure this Trojan has been totally wiped from my Laptop.

Kudos0

Re: Trojan:Win32/Alureon!inf detected and removed by Windows Malicious Sofware Removal Tool June 2009

Please attempt to use the tools to get the logs in normal mode first.

Quads 

Replies are locked for this thread.