Articles

how to remove Trojan:DOS/Alureon.A

May 10, 2011 at 04:42:53
Specs: Windows XP

mse has detected Trojan:DOS/Alureon.A and removed, but I rescanned and it reappears. What do I do?

See More: how to remove Trojan:DOS/Alureon.A

Report •


#1
May 10, 2011 at 05:00:31

Anti-virus and Anti-malware programs may prevent the tools we need to use from fixing an infected system. Please disable (temporarily) any Anti-virus and Anti-malware programs you have running: right click the program's Taskbar icon, or access each program through Start - Programs to disable.

Next, please download TDSSKiller from the following link:
http://support.kaspersky.com/downlo...
Save it to the Desktop.

If you cannot download the file, the malware may be blocking the attempt. You need to download the file to a clean computer and then transfer it to the infected one using a USB flash drive, or external media (an external drive or a CD) .

Once the file is on the Desktop, right-click on the TDSSKiller.exe icon and select: Rename.
Name it a random name with a .com extension. For example: jaws.com

Now, double-click on the renamed file to launch it. If you receive a warning from Publisher: Kaspersky Lab asking if you want to run the file, click on the Run button to allow TDSSKiller to run.

When TDSSKiller starts, it displays the welcome screen.
Click on the Start Scan button.

When the scan finishes it displays a results screen stating whether or not the infection was found on your computer.

To remove the infection, click on the Continue button. If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button. Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

When TDSSKiller finishes cleaning the infection, a report stating whether or not it was successful is shown.

If TDSSKiller requires a reboot to finish the cleaning process, click on: Reboot Now


Next, start the computer in Safe Mode with Networking by tapping the F8 key while it boots, and selecting this option

Maybe you will have better luck with Rkill if you do this:
Download one of these files: iExplore.exe or eXplorer.exe These files are renamed copies of RKill:
http://www.bleepingcomputer.com/dow...

Save the file selected to the Desktop, and double-click on it. (For Vista/Windows 7, select: Run as Administrator)
Ignore any messages, and allow the file to run until the command window closes.

Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program. (For Vista/Windows 7, select: Run as Administrator)

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.

>>Please post the TDSSKiller and the Malwarebytes logs in your reply so we can see where we are at, and plan any additional removal strategy, if necessary.<<


Report •

#2
Report •

#3
May 20, 2011 at 18:40:06

Thank you sooo much. This worked great! You're awesome:)

Report •

Related Solutions

#4
May 20, 2011 at 20:20:47


Report •

#5
May 20, 2011 at 20:23:26

dhroyse,

Glad you got your problem resolved!!

Would you mind telling us what worked for you, post #1 or post #2?

It helps to know.

Thanks!!


Report •

#6
May 20, 2011 at 20:48:42


Report •

#7
June 15, 2011 at 07:47:08

It worked can now download updates!

Report •

#8
July 3, 2011 at 14:04:53

This worked great for me too! No more unwanted redirects and installations. I used post #1 with TDSSKiller.exe.

Thanks a bunch!


Report •

#9
July 26, 2011 at 07:31:45

Worked great! not coming back after performing the tds killer. thanks!

Report •

#10
August 28, 2011 at 21:48:31

Used post 1 for TdssKiller:

\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
\Device\Harddisk0\DR0 - ok


Report •

#11
August 28, 2011 at 21:57:12

"LOL....it wasn't even the OP"

Why should he ask again, you asked the OP, he asked another reader who got a successful result.


Report •

#12
September 4, 2011 at 10:38:41

Thanks so much! I'm really sure it worked!!!!

Report •


Ask Question