Not what you were looking for? Ask our experts!
Reply
Visitor
Bonniemacus
Posts: 3
Registered: ‎10-14-2012

Alureon variants infect while running Norton Security Suite

Computer infected 10/10 (?) when got a full crash/dump and the blue screen.  Run Norton Security Suite and Malwarebytes on Win 7 OS.  Neither found any of the viruses/rootkits.

 

From advice found on MS forums,  ran Malwarebytes on Safe Mode and found Trojan.Agents , in C:\Windows\svchost.exe

and removed 3 times.

Ran TDSSKiller and found Rootkit.Boot.Pihar.c

 

After these ran MS Malicious Software Removal Tool and found the Alureon variants which the program said were partially removed:  Alureon.A  Alureon.J  Win32/Alureon.gen!AD  Win64/Alureon.gen!AD  Win64/Alureon.gen!F and Win 64/Alureon.gen! L

 

Ran scans from Uhackme which found nothing and Prevx which found nothing.

 

Still found Trojan Agent file when ran Malwarebytes in Safe Mode.

 

So, being the non IT person I am, I may have done the wrong things in the wrong order.  How do I determine what is left to do to remove all these viruses and rootkits ?

 

Thanks,

Sue

Bot Obliterator
Quads
Posts: 16,440
Registered: ‎07-21-2008

Re: Alureon variants infect while running Norton Security Suite

Basically a user that loaded the system up with programs and used other tools, on what they have no idea about.  Now what a messed up system

 

If C:\Windows\svchost.exe is still around I could guess what is left, but shrug shoulders on that system.

 

Quads

 

dickevans
Posts: 11,770
Registered: ‎04-08-2008

Re: Alureon variants infect while running Norton Security Suite


Quads wrote:

Basically a user that loaded the system up with programs and used other tools, on what they have no idea about.  Now what a messed up system

 

If C:\Windows\svchost.exe is still around I could guess what is left, but shrug shoulders on that system.

 

Quads

 


Almost sounds like it's time to reformat the drive and start from the very beginning.

Better ideas?

 

Dick
Win7x64 SP1 current NIS V21
Visitor
Bonniemacus
Posts: 3
Registered: ‎10-14-2012

Re: Alureon variants infect while running Norton Security Suite

Quads,

 

     Thanks for taking the time to read my question.  If only I'd come here first instead of the MS forums...  But, alas and alack, gotta deal with what it is now.

 

         We've all got things we're expert in, and it's generous of you to share your expertise.

 

      If the only way to insure the computer is safe, then we'll clear the hard drive and reinstall the OS, or chuck it whatever needs to be done.

 

     If you have any other suggestions, I'd do that--I'm actually very good at following directions when I'm out of my knowledge base.

 

     Thanks,

Sue

Visitor
Bonniemacus
Posts: 3
Registered: ‎10-14-2012

Re: Alureon variants infect while running Norton Security Suite

Dick,

 

     From what I've read, reformatting is the bottom line.  Hope we can avoid it, but will do if necessary.  No Prize Patrol here giving out cash for new computers.

 

     Best I can say I've been online for 16 years and never had anything like this happen before.  Don't even know how it happened.  Read about some Java security problems---could that have been how the infection happened ?

 

     Really want to know how to avoid this in the future... Unfortunately, have a kid who loves Minecraft and many related sites are filled with viruses.

 

Sue

Symantec Employee
HarryP
Posts: 769
Registered: ‎07-23-2010

Re: Alureon variants infect while running Norton Security Suite

Did you try using Norton Power Eraser or Norton Bootable Recovery Tool?


If not, please try that & let me know the results. 

 

Thanks,

HarryP

Bot Obliterator
Quads
Posts: 16,440
Registered: ‎07-21-2008

Re: Alureon variants infect while running Norton Security Suite

[ Edited ]

Symantec Employees 

 

NPE is not to me used on the likes of this system due to

 

Computer infected 10/10 (?) when got a full crash/dump and the blue screen.  Run Norton Security Suite and Malwarebytes on Win 7 OS.  Neither found any of the viruses/rootkits.

 

From advice found on MS forums,  ran Malwarebytes on Safe Mode and found Trojan.Agents , in C:\Windows\svchost.exe

and removed 3 times.

Ran TDSSKiller and found Rootkit.Boot.Pihar.c

 

I have had to get users systems bootable after it's use with this as NPE can not handle it, or handle it correctly  and use FRST to  correctly remove and repair.

 

Like  http://community.norton.com/t5/Norton-360/I-need-help-getting-my-Sony-Vaio-to-reboot-after-running-p...

 

Quads