Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan: Win32/Alureon.gen!J

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 2nd, 2009, 1:21 pm

It's funny you should say that: just prior to coming here for help, I was told at another self-help site to do just that - clean up the registry. You live and learn, hopefully...
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am
Advertisement
Register to Remove

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 3rd, 2009, 4:14 pm

Shaba, update from PC Pitstop:

Well, yay!!! The MS WORD VIEWER works good enough!!

Signman, I'd like to thank you from the bottom of my heart. You've given me back at least a semblance of 13 pages that I would not have been able to cull from the nether-reaches of my brain again. The copy is not perfect: some of the paragraphs are switched around and mismatched, but never mind any of that, most of it is there somewhere, and I can work with it.

Signman, thank you, thank you, thank you...off to put Humpty Dumpty back together again!!!!!
-------------

So, Shaba, will see you in a couple of days. Getting this doc in some sort of order is the priority today and tomorrow, but will be performing final clean up duties by end of the week and will report back.
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 5th, 2009, 1:28 pm

Hello, hass!! As you can see, if you've read through my thread, I'm not the expert here...Shaba is da-man!!!

I experienced the exact, same issues that you're going through right now; and Shaba gave me very-easy-to-follow instructions on getting rid of it - beginning with downloading and installing Hijackthis from trendmicro.com. It's freeware. After it scans your computer, don't use it to fix anything, just copy and paste the log it generates here to Malware, and I guess either Shaba, or some other experienced tech will take it from there. They're trained to be able to identify the "tragedies" that have wormed their way onto your HD from that log. I am sorry, but I'm a pure dope in that department. Nonetheless, feel free to contact me at any time for input, and I'll be happy to contribute whatever I can. And, please do journey through this thread: it's a step-by-step, how-to lesson on cleaning up that Trojan.

Good luck, hass, and persevere, it's simpler than it might look!!

P.S. -- hass, a word of caution: if you have any documents and such that are vitally important to you, back them up now, before you clean out this virus.
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 6th, 2009, 10:41 am

Hellllllloooooooo Shaba...have dutifully run through & completed "clean-up" checklist. Some of these recommendations are truly cool!!

I do have a couple of lingering questions, however:

(1) regarding registry cleaning, what is the current protocol for novices like me for keeping one's registry bug free without employing a utility such as Eusing?

(2) do you recommend keeping OneCare after downloading WinPatrol and SpywareBlaster (can't afford Kaspersky right now)? Incidentally, methinks that that Host file business is a bit too tricky to personally tackle. Any suggestions there, as well?

Lastly, I'm not sure if you took notice that hass could use some help here. Should he just begin a separate thread?

Shaba, you've been a real gem, and I cannot thank you enough. You have alleviated a lot of misery by helping me out here. You are a good soul...thank you, thank you, thank you!!
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby Shaba » February 14th, 2009, 2:37 am

Sorry for delay, I got no email notification.

Glad to hear that :)

1) Registry doesn't necessarily need any cleaning if you properly uninstall programs using uninstaller.

2) OneCare is OK if you don't have any antivirus/firewall. If you do, then not because you should you only one antivirus and firewall.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 14th, 2009, 11:54 am

Hi, Shaba, can't tell you how happy I was to hear from you. I was worried that my verboseness (is that even a word?) had run you off.

Alrighty then, will keep OneCare (hate MS) until I can scare up the 80 bucks for Kaspersky.

And, Shaba, that Host file recommendation is more technical than my meager know-how. On a scale of 1 to 10, how important do you deem it? Because if it's reeeealllly important, I think I'll have to hire someone to tackle it for me.

Lastly, Shaba, did you make contact with hass, who asked for help here in this thread, or should I send him a message directing him otherwise?

Okay, shutting up now :D...wwtfn
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby Shaba » February 14th, 2009, 3:35 pm

It is not completely needed but recommended.

No, I didn't make any contact with hass. I think that that message got splitted to its own thread.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 14th, 2009, 4:20 pm

Okay, my Obiwan-of-Few-Words...I think your work here is done. I, for one, shall miss you, you're like family to me now :). But, I know there are lots of dragons out here, so I must be unselfish and let you "be off" to slay them.

Seriously, though, you should know that my computer is working better than ever now, and I have you to thank for that.

Take care, Shaba...wanda
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby Shaba » February 14th, 2009, 4:21 pm

Thank you for your kind words :)

I hope that you stay clean in the future.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 15th, 2009, 11:08 am

:)
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 16th, 2009, 12:36 am

Wow, Shaba...either I'm just jinxed or OneCare TOTALLY sucks...

--------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 15, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 15, 2009 17:51:50
Records in database: 1800056


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
G:\
I:\
J:\
K:\
W:\

Scan statistics
Files scanned 105106
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 02:20:43

File name Threat name Threats count
C:\WINDOWS\system32\ConTest.dll Infected: not-a-virus:FraudTool.Win32.Ascentive.b 1

The selected area was scanned.

--------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:30 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - >¤EC4B7-072B-4698-B504-2A414C1F0037} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) -  =¤8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O2 - BHO: (no name) - ¨¤¨¤6-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - Ð=¤B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar BETA - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... taller.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/po ... der_v6.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/w ... b?1,0,0,94
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 10392 bytes
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby Shaba » February 16th, 2009, 12:43 pm

Well no antivirus can find all malware. If it missed one file ,it doesn't mean that it "sucks". There are malware files which kaspersky will miss and onecare find :)

You can delete that file.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Trojan: Win32/Alureon.gen!J

Unread postby briolette » February 16th, 2009, 2:50 pm

Alright...cooler heads prevailed (yours) :D ...thanks ObiwaShabi!
briolette
Regular Member
 
Posts: 81
Joined: January 8th, 2009, 11:18 am

Re: Trojan: Win32/Alureon.gen!J

Unread postby Shaba » February 21st, 2009, 6:08 am

briolette this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware