Trojan keeps returning

September 22, 2009 at 02:25:50
Specs: Windows XP, 1.728 GHz / 1015 MB

Trojan Win32/Alureon.gen!U keeps coming back. Windows LiveOneCare finds and removes it, but it returns. How can I keep it from coming back? Thanks.


See More: Trojan keeps returning

Report •


#1
September 22, 2009 at 02:52:45

Hello and welcome to the Forums ,

MBAM should clear up your problem d\l from the link , update and run the quick scan remove all it finds and reboot ,
You may need to shut down and restart system restore as this will tend to put the Trojan\rootkit back on again , this maybe the problem you are experiencing but give MBAN a chance to do it's stuff .

http://www.malwarebytes.org/mbam.php


..............


Report •

#2
September 22, 2009 at 05:15:12

This did find 22 infected files. Then, it said to restart to clean up the last one. However, my computer is in an infinite loop of CHKDSK even if I use safe mode.

I was able to get back in using last known good configuration.


Report •

#3
September 22, 2009 at 15:53:30

This is very strange Iv'e never known a machine to go into chkdsk on it's own after MBAM or anything else , it must be asked for . Are you still getting the Trojan alert ? .

Report •

Related Solutions

#4
September 22, 2009 at 17:38:04

So far today, it has been working fine. I will send a reply if it comes up soon again. Thank you for your help.

Report •

#5
September 22, 2009 at 17:44:12

Your welcome thanks for getting back to us as your feedback will help others .
If it does return it may be system restore that's to blame .

Report •

#6
September 23, 2009 at 04:48:43

It came back this morning. My Internet connection was not working. I ran OneCare and it found the same virus. Should I do the following steps:

1) Turn off System Restore (in my computer, check the stop system restore box)
2) Run MBAM
3) Restart the computer
4) Turn System Restore back on

Something I should do to make sure that blue screen with CHKDSK loop does not come back again? It would go from that to show Windows was starting up and back to that again.

If I shut off System Restore and the loop happens again, will I prevented from using Last Known Good Configuration?

Thanks.


Report •

#7
September 23, 2009 at 10:37:28

Well yes to most of that and it may very well effect your last known good but it needs to be done .
what I do after MBAM has done it's stuff is shut down , I do this to clear memory but it is good practice .
To restore your faith , which must have been shaken a bit , do an MBAM scan shut down and re-start to see if this loop returns , As I said before I don't remember anybody reporting this behaviour on the Malwarebyte's forum .

Report •

#8
September 23, 2009 at 14:59:23

I reran MBAM, the loop happened again so I used "Last known configuration" to get back into my computer. Is there a way to prevent CHKDSK from automatically starting...if so how? Do you recommend I do this or have any other suggestions?

Report •

#9
September 23, 2009 at 16:36:16

Try the free 30 day trial of Unhackme , It is said to be very good .

http://www.greatis.com/unhackme/dow...

I don't know why MBAM is behaving like this , very strange , Run Unhackme If the malware , returns then clean it again and if all is well turn off system restore wait a minuet and turn it back on again , Run Unhackme one last time .

.........


Report •

#10
September 29, 2009 at 15:59:51

When I run MBAM in Safe Mode, Rootkit comes up as deleted, but upon reboot, the Alureon comes back.

I ran Unhackme, and aimleecv and gasfkyuirallee are coming up in the system32\drivers as keys and it says Unknown Rootkit. Do I click on each one of these and click Stop?

Thanks.


Report •

#11
September 29, 2009 at 17:29:11

Inasmuch as both of those are not legitimate files and they must be part of the rootkit , you don't want them .
MBAM should be run in normal mode if possible .

Report •

#12
October 4, 2009 at 09:52:37

My computer went into chkdsk while running. When restarting, even in last known good configuration, went into chkdsk. Fortunately, it did not get stuck in a loop and did go into Windows.

Should I be setting the computer so chkdsk can not run automatically at startup?

After deleting another key that unhack me found and running MBAM again, the computer restarted in normal mode without going through the chkdsk. I did not have to do last known good configuration. Also, after running Windows One Care, for the first time in several weeks, the Alurean Trojan was not found to be running! Will see if this good news continues.

Thank you very much for all your help.


Report •

#13
October 5, 2009 at 03:06:59

Hi,

It might be cause of registry problems.You should Try out with a

registry cleaner. If it doesn't work,That means your system has

been affected by malware.You can quarantine that in safe mode

by using anti -malware software. Block Spyware


Report •

#14
October 22, 2009 at 02:43:20

Disabling system restore before running a virus scan and general nasties cleaning out etc., and then rebooting (after scan completed etc.) means that if anything nasty is found and cleared... it won't be "restored" by system restore. Safe-mode scanning is usually considered/preferable too - again with system restore diasbled.

Also if anything is found and quarantined... delete the quarantined files - before reboooting and then re-enabling system restore.. Otherwise there's always the chance that a given nasty will escape from quarantine and the rest is history all over again?

Personally I reboot twice before re-enabling system restore.

Also if you go safe-mode etc. with networking and go on-line... you can run a freebie on-line scan too. (Trend housecall is my favourite there.) It can sometimes be that a given virus util doesn't find everything at any given time; may miss what another finds and visa-versa... Thus a freebie on-line and your own local util is a good combination?

Others will occasionally use a Linux CD (Knoppix/Uuntu?) to go on-line etc... This approach allows everything to be checked and again system restore will not be involved in anyway...

If you decide to run any form of registry cleaner... First back up (as in copy to optical-media etc.) "all those important files etc. you wouldn't wish to lose access to... There are accounts of folks finding a registry-cleaner "fixing" things so they couldn't boot up again/log-in etc... Were that to happen and if your files were elsewhere, at least they are safe; and recovery/repair of the OS etc. can go ahead with less concern about losing data?


Report •

#15
October 22, 2009 at 08:31:50

what happens if you let the CHKDSK scan complete? That may stop it from starting up when you reboot.

Did you run all the scans in unhackme till the PC was clean?
A good free registry cleaner is Ccleaner Slim (no toolbar)
I would suggest running that and clean out all it finds.

You may also want to run Avast free and allow it to do a bootscan on reboot. Just google the questionable finds and then move them to the chest if they are not part of the operating system.

Live One Care is not very good.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •


Ask Question