Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan: DOS/Alureon.E

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan: DOS/Alureon.E

Unread postby RGreyeagle » February 14th, 2015, 9:26 am

I've tried Windows defender and receive error code: 0x8007065b. No help from Microsoft. Please assist.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16609
Run by King Richard at 5:16:30 on 2015-02-14
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3838.1797 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [GoogleChromeAutoLaunch_B2E0E2307CA303C68DB89CCEE2AB0B47] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
LSP: C:\Windows\System32\wpclsp.dll
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{3EFE2CEA-7783-4B21-B608-0A7A56D6897A} : DHCPNameServer = 10.0.1.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-11-15 274696]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 124560]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-1-30 366512]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\System32\drivers\OA002Ufd.sys [2008-6-3 168864]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\System32\drivers\OA002Vid.sys [2008-7-31 306560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2015-2-13 90776]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\System32\drivers\OA002Afx.sys [2007-6-7 219544]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-4-11 1009864]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-02-13 13:10:37 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2015-02-13 13:09:46 792576 ----a-w- C:\Windows\System32\d3d11.dll
2015-02-13 13:09:46 519680 ----a-w- C:\Windows\SysWow64\d3d11.dll
2015-02-13 13:09:46 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-02-13 13:09:46 369664 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-02-13 13:09:46 328192 ----a-w- C:\Windows\System32\dxdiag.exe
2015-02-13 13:09:46 262656 ----a-w- C:\Windows\System32\dxdiagn.dll
2015-02-13 13:09:46 252928 ----a-w- C:\Windows\SysWow64\dxdiag.exe
2015-02-13 13:09:46 195584 ----a-w- C:\Windows\SysWow64\dxdiagn.dll
2015-02-13 13:09:45 411648 ----a-w- C:\Windows\System32\PhotoMetadataHandler.dll
2015-02-13 13:09:45 321024 ----a-w- C:\Windows\SysWow64\PhotoMetadataHandler.dll
2015-02-13 13:09:45 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2015-02-13 13:09:45 189440 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2015-02-12 11:07:53 0 ----a-w- C:\Windows\ativpsrm.bin
2015-01-30 01:49:32 116773704 ----a-w- C:\Windows\System32\mrt.exe
2015-01-15 06:53:34 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 04:08:29 516536 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-14 03:08:42 17878016 ----a-w- C:\Windows\System32\mshtml.dll
2015-01-14 02:59:33 10924032 ----a-w- C:\Windows\System32\ieframe.dll
2015-01-14 02:59:04 448512 ----a-w- C:\Windows\System32\html.iec
2015-01-14 02:53:53 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2015-01-14 02:49:37 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2015-01-14 02:49:35 1392128 ----a-w- C:\Windows\System32\wininet.dll
2015-01-14 02:47:51 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-14 02:47:48 816640 ----a-w- C:\Windows\System32\jscript.dll
2015-01-14 02:47:45 599040 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-14 02:47:14 237056 ----a-w- C:\Windows\System32\url.dll
2015-01-14 02:47:08 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2015-01-14 02:46:46 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2015-01-14 02:46:01 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-14 02:45:59 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2015-01-14 02:45:06 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2015-01-14 02:45:00 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2015-01-14 02:44:55 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2015-01-14 02:44:54 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2015-01-14 02:44:49 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2015-01-14 02:44:48 248320 ----a-w- C:\Windows\System32\ieui.dll
2015-01-14 02:44:46 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-14 02:44:42 12800 ----a-w- C:\Windows\System32\mshta.exe
2015-01-14 01:51:42 12371456 ----a-w- C:\Windows\SysWow64\mshtml.dll
2015-01-14 01:49:16 367104 ----a-w- C:\Windows\SysWow64\html.iec
2015-01-14 01:47:30 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-01-14 01:46:05 9742336 ----a-w- C:\Windows\SysWow64\ieframe.dll
2015-01-14 01:43:54 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2015-01-14 01:42:51 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-14 01:42:31 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-14 01:41:35 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2015-01-14 01:41:34 231936 ----a-w- C:\Windows\SysWow64\url.dll
2015-01-14 01:41:28 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-14 01:41:26 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2015-01-14 01:41:13 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2015-01-14 01:41:09 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-14 01:41:01 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2015-01-14 01:40:54 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2015-01-14 01:40:48 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2015-01-14 01:40:45 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2015-01-14 01:40:39 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2015-01-14 01:40:38 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2015-01-14 01:40:35 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-01-14 01:40:33 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-14 01:40:32 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2015-01-13 01:51:40 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 01:39:22 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 01:53:20 53760 ----a-w- C:\Windows\apppatch\iebrshim.dll
2015-01-12 01:41:04 146944 ----a-w- C:\Windows\apppatch\AppPatch64\iebrshim.dll
2015-01-09 00:34:00 2790912 ----a-w- C:\Windows\System32\win32k.sys
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-19 00:26:53 139776 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-08 01:59:34 306176 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-12-08 01:37:22 399360 ----a-w- C:\Windows\System32\scesrv.dll
2014-12-06 03:14:36 48640 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:14:34 93184 ----a-w- C:\Windows\SysWow64\ncsi.dll
2014-12-06 02:54:35 178688 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-06 02:54:19 61440 ----a-w- C:\Windows\System32\nlaapi.dll
2014-12-06 02:54:19 205824 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-03 02:06:01 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-12-03 01:51:29 347136 ----a-w- C:\Windows\System32\schannel.dll
2014-11-26 02:05:50 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-11-26 01:42:47 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2014-11-19 18:28:58 797400 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2014-11-19 18:28:58 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
2014-11-19 18:28:58 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
.
============= FINISH: 5:17:16.96 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 2/11/2015 10:59:37 PM
System Uptime: 2/14/2015 4:29:05 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0F896N
Processor: AMD Athlon(tm) II X2 215 Processor | AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 316.923 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 0.923 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP7: 2/11/2015 11:33:54 PM - Scheduled Checkpoint
RP8: 2/12/2015 12:04:26 AM - Installed Realtek Ethernet Controller Driver
RP9: 2/12/2015 12:40:02 AM - Windows Update
RP10: 2/12/2015 6:43:22 AM - Windows Update
RP11: 2/12/2015 6:58:23 AM - Windows Update
RP12: 2/12/2015 7:19:24 AM - Windows Update
RP13: 2/12/2015 6:21:36 PM - Windows Update
RP14: 2/12/2015 6:51:58 PM - Windows Update
RP15: 2/12/2015 8:21:29 PM - Windows Update
RP45: 2/13/2015 7:45:54 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.13)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.2
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Monitor Webcam Driver (1.01.02.0804)
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
SparkTrust PC Cleaner Plus
Ultimate Extras sounds from Microsoft® Tinker™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Sound Schemes
.
==== Event Viewer Messages From Past Week ========
.
2/14/2015 5:16:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/14/2015 4:29:54 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 9:12:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 9:12:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 8:28:29 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: System Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 8:17:34 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureCommand with the following error: Access is denied.
2/13/2015 8:17:12 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
2/13/2015 8:10:23 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 8:10:23 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 8:07:48 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 8:07:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070005 Error description: Access is denied. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
2/13/2015 7:42:35 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: System Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4779.0, AS: 1.191.4779.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 7:31:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4779.0, AS: 1.191.4779.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 7:21:38 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4779.0, AS: 1.191.4779.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 7:19:32 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.191.4779.0, AS: 1.191.4779.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 7:19:31 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\King Richard Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4779.0, AS: 1.191.4779.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 7:15:56 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4779.0, AS: 1.191.4779.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 7:15:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070005 Error description: Access is denied. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
2/13/2015 5:36:55 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 4:58:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\;boot:_\\.\PHYSICALDRIVE0\Partition3 (Type 17) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 4:56:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\Isa Process Name: C:\Windows\System32\svchost.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x80070032 Error description: The request is not supported. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 4:56:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid= ... 2147650952 Name: Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume4;boot:_\Device\HarddiskVolume4\ Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: LindseyTowers\Isa Process Name: C:\Windows\System32\svchost.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. To finish removing malware and other potentially unwanted software, you need to run an offline scan. For information about scanning options, see Help and Support. Error Code: 0x8007065b Error description: Function failed during execution. Signature Version: AV: 1.191.4858.0, AS: 1.191.4858.0, NIS: 113.69.0.0 Engine Version: AM: 1.1.11302.0, NIS: 2.1.11005.0
2/13/2015 4:07:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/13/2015 4:07:59 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/13/2015 4:07:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
RGreyeagle
Active Member
 
Posts: 2
Joined: February 14th, 2015, 9:07 am
Advertisement
Register to Remove

Re: Trojan: DOS/Alureon.E

Unread postby Gary R » February 15th, 2015, 2:28 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan: DOS/Alureon.E

Unread postby Gary R » February 15th, 2015, 2:33 am

I need to have a look at your Partition Table, so could you please do the following for me ...


  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan: DOS/Alureon.E

Unread postby RGreyeagle » February 15th, 2015, 2:36 am

I appreciate it. please don't refer me to a pay for service link. I've had enough of that garbage! thank you
RGreyeagle
Active Member
 
Posts: 2
Joined: February 14th, 2015, 9:07 am

Re: Trojan: DOS/Alureon.E

Unread postby Gary R » February 15th, 2015, 2:46 am

The link I've linked you to in my last post should only connect you to a free download of the tool ListParts at Bleeping Computer.com which is the site that hosts the tool, if you are getting anything else please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan: DOS/Alureon.E

Unread postby Gary R » February 17th, 2015, 2:03 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 65 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware