Trojan rootkit A.........

jeff_wa_40 · ‎06-08-2012

Norton 360 won't remove a trojan on my pc. How do I get it out of my system?

PC_confused · ‎03-21-2009

Hello jeff_wa_40 and welcome to the Community. Don't be too surprised if you find your post has been moved to the Norton 360 forum, where it should get better exposure. There will be a shortcut left here, telling you your post has been moved and where it was moved to.

Now the tough part..... I'm pretty sure you want to jump in and do what you can to clean your PC yourself. Please hold off and wait for instructions from one of the GURU's. Any changes you make, could make it harder for them to clean your PC. Maybe it's just the onset of summer, but the GURU's seem to be getting quite a few viruses to work on. Give them a chance..

Windows 7 Home SP1 - IE 9.0.8112.16421 - NIS 2012 19.9.1.14 - Ghost Ver 15.0.1.36526 - Dell Optiplex GX280 PC.

dickevans · ‎04-08-2008

Jeff,

The volunteer to wait for is Quads. He's very good BUT in order for him to help you you MUST follow his instructions EXACTLY. The reason I stress this is that doing other things can make it impossible for him to undo what you have done and guide you to a clean machine. I think he lives in New Zealand so there will be delays. Hang in and hang on. It will be worth the time and effort.

Stay well and surf safe

Dick
Win7x64 SP1 current NIS V20

Quads · ‎07-21-2008

Trojan Rootkit A. what is the rest of the detection name??

Quads

jeff_wa_40 · ‎06-08-2012

I think it's something like Alveoun I am not sure of the spelling.

jeff_wa_40 · ‎06-08-2012

I found the name again. It is alureon. Thanks.

Quads · ‎07-21-2008

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Norton / Symantec naming something Alureon not Tidserv, Alureon is seen as the name given by Microsoft MSE.

Please read carefully

1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.

Quads

jeff_wa_40 · ‎06-08-2012

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-10 04:44:19 ----------------------------- 04:44:19.021 OS Version: Windows x64 6.1.7601 Service Pack 1 04:44:19.021 Number of processors: 4 586 0x2A07 04:44:19.021 ComputerName: JEFF-PC UserName: Jeff 04:44:20.300 Initialize success 04:44:26.431 AVAST engine defs: 12061000 04:44:29.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 04:44:29.535 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3 04:44:29.535 Device \Driver\iaStor -> MajorFunction fffffa80084515e8 04:44:29.535 Disk 0 MBR read successfully 04:44:29.551 Disk 0 MBR scan 04:44:29.551 Disk 0 Windows VISTA default MBR code 04:44:29.567 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 04:44:29.582 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 698434 MB offset 3074048 04:44:29.613 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15469 MB offset 1433466880 04:44:29.660 Disk 0 scanning C:\windows\system32\drivers 04:44:38.942 Service scanning 04:45:14.401 Modules scanning 04:45:14.417 Disk 0 trace - called modules: 04:45:14.432 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80084515e8]<< 04:45:14.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078d7790] 04:45:14.448 3 CLASSPNP.SYS[fffff8800198b43f] -> nt!IofCallDriver -> [0xfffffa8005d8fe40] 04:45:14.464 5 ACPI.sys[fffff88000f487a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005d8e050] 04:45:14.464 \Driver\iaStor[0xfffffa8007fd6060] -> IRP_MJ_CREATE -> 0xfffffa80084515e8 04:45:15.680 AVAST engine scan C:\windows 04:45:18.488 AVAST engine scan C:\windows\system32 04:48:26.145 AVAST engine scan C:\windows\system32\drivers 04:48:51.137 AVAST engine scan C:\Users\Jeff 04:50:24.519 AVAST engine scan C:\ProgramData 04:50:28.013 Disk 0 MBR has been saved successfully to "C:\Users\Jeff\Documents\MBR.dat" 04:50:28.013 The log file has been saved successfully to "C:\Users\Jeff\Documents\aswMBR.txt"