any suggestions how to exterminate this thing?
I've not had any success so far.
Running windows 7 64bit, Windows security essentials finds it and says to use Windows Defender Offline to get rid of it, but I've done that about five times with no luck.

searching around I'm not finding any solid solutions, so thought I'd ask around here.
according to MS this thing is in the MBR, master boot record.
thanks

Had it about eighteen months ago and the only solution was a complete reformat.

Despite multiple software's showing that MBR had been cleaned.

Run Hitman Pro in safe mode.

http://www.surfright.nl/en/hitmanpro/

As long as it's in the mbr, it will continue to come back.

This is just about the worst thing you can get.

See the last part of this link


http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Trojan%3ADOS%2FAlureon.A

I have got to warn you, if the boot record is damaged enough, and you repair it, or replace it, you might lose a ton if not all of the data on the drive.

Check this out

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/trojandosalureona/31bbf5d6-17c5-42d8-a553-4b1d2471f9c5

This thing can reside in multiple computers on the network. You must disconnect them from the network and fix them one at a time. If you have more than one on the same net, it's a pain.

More graphically oriented related stuff
http://www.sevenforums.com/tutorials/20864-mbr-restore-windows-7-master-boot-record.html

Good luck. Keep us advised

Had it about eighteen months ago and the only solution was a complete reformat.

Despite multiple software's showing that MBR had been cleaned.

A reformat alone won't clean it. You have to replace the mbr or kill the whole damn partition.

Make sure you identify where you got it. Or you will be repeating it over again

thanks guys, you've given me some things to look at and more or less confirmed the conclusion I came to last night which was that I'm screwed.

Ralph I don't remember where I got it, hit me 2-3 days ago. I have a laptop on the network too, but it is checking clean so far. I'll keep it off the network for now, until this is straightened out.

I think I'm okay as far as all my data being backed up and not infected. but I'm not going to assume anything. I'll report back whatever I learn
thanks again

Run Hitman Pro in safe mode.

http://www.surfright.nl/en/hitmanpro/

Mack,
I ran Hitman Pro (safe mode), Avira and MS Malicious on this, each at separate sessions.
Each detected the MBR and claimed it was resolved, however after rebooting and reconnecting to the www, the thing came back instantly.

A reformat alone won't clean it. You have to replace the mbr or kill the whole damn partition.

Ralph,
All data was removed and the entire hard drive was reformatted.
I've not had a bit of trouble since, with the exception of re-installing non-system software's after the reformat.


Make sure you identify where you got it. Or you will be repeating it over again

It was one of those Duh moments!
Just as soon as I clicked, I thought, why'd I do that!

Is this a virus or spyware, what exactly is it? Will Norton detect it?
What might be the best way to avoid it?
Thanks.

Is this a virus or spyware, what exactly is it? Will Norton detect it?
What might be the best way to avoid it?
Thanks.

Alureon.A (http://www.google.com/search?sclient=psy-ab&hl=en&site=&source=hp&q=Alureon.A&btnK=Google+Search)


1) Use a firewall
2) a solid AV software regularly
4) don't visit non-reputable websites, which includes music and gamer sites.
5) don't be click happy; learn what types of files are safe.
or
6) unplug your internet connection and give your computer to your neighbor.
7) buy a Mac or one of the new devices which are immune to such things.

It is claimed on a wiki page that Windows Defender Offline will remove this root kit.

You would have to download the software, burn it to a CD and boot the computer from the newly burned CD...

Here is the link: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Worth a shot I suppose...

It is claimed on a wiki page that Windows Defender Offline will remove this root kit.

You would have to download the software, burn it to a CD and boot the computer from the newly burned CD...

Here is the link: http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

Worth a shot I suppose...
it didn't work for me, I tried over and over, same result.

it didn't work for me, I tried over and over, same result.Yeah, I should learn to read better...I now notice you mentioned that in your initial post.

I'm afraid that, as usual, Ralph is spot on, and this thing is a nightmare.

Is this infection easily recognized by all the major freebie anti-virus programs (Hitman, Malwarebytes, MSE, Defender)?

I'm not sure if they all detect it, probably. I'm just not sure yet which if any of them can remove it.

my first step is to ensure that my laptop is safe and clean, and the same for my data. then I'll get into the issue of this Alureon.A on my desktop.

I guess if nothing else I'll learn a lot from this ordeal.

How did you know you were infected? Did it pop up some fake anti-virus notice?

Late Friday night I was running a very long spreadsheet calculation.
I dozed off before it finished. the computer went in to sleep mode after 30 minutes I believe.
When I woke up in the morning I woke up the computer there was some crazy stuff going on. It might have been those fake windows, I'm not sure.
I tried to shut it down but it was not so easy. I think I had to do a hard boot to shut down.
Eventually it came back up but I was not sure if I had just experienced some type of hardware issue or a threat, but things were running okay, so of course I didn't worry anymore.

until yesterday evening windows security essentials starting giving me a pop up window saying that I had a security threat which needed immediate removal, and ever since I've been working on trying to recover.

Any anti virus can detect it because it resides in the mbr. That's very easy to detect at the lowest level. They can detect it, killling it is the real problem. Most can't tell you what is until you run a full scan, but they can tell you there's a problem right away

Back in the day you could detect an mbr infection just by running a basic 'chkdsk' command . For the life of me i can't remember how to do it now. Getting old

Back in the day you could detect an mbr infection just by running a basic 'chkdsk' command . For the life of me i can't remember how to do it now. Getting old

Perhaps this is it Ralph?

The only foolproof way to determine that a virus is present is for an expert to analyze the assembly code contained in all programs and system areas, but this is usually impracticable. Virus scanners go some way towards that by looking in that code for known viruses; some will even try to use heuristic means to spot viral code, but this is not always reliable. It is wise to arm yourself with the latest anti-viral software, but also to pay close attention to your system; look particularly for any change in the memory map or configuration as soon as you start the computer. For users of DOS 5.0, the MEM program with the /C switch is very handy for this. If you have DRDOS, use MEM with the /A switch; if you have an earlier version, use CHKDSK or the commonly-available PMAP or MAPMEM utilities. You don't have to know what all the numbers mean, only that they change.

1) Use a firewall
2) a solid AV software regularly
4) don't visit non-reputable websites, which includes music and gamer sites.
5) don't be click happy; learn what types of files are safe.
or
6) unplug your internet connection and give your computer to your neighbor.
7) buy a Mac or one of the new devices which are immune to such things.8) Install and run Linux Mint (very solid and easy to use).
9) Boot from a live CD/DVD (can't infect an optical disk).
10) Boot from a Linux distro that uses archived system files (very difficult to corrupt).

Run Hitman Pro in safe mode.

http://www.surfright.nl/en/hitmanpro/
damn mack, the hitman did it.:ThmbUp: :ThmbUp:

thanks.

after running hitmanpro which fixed the boot record issue, I've ran three other scan services and they're all coming up green now!

damn mack, the hitman did it.:ThmbUp: :ThmbUp:

thanks.

after running hitmanpro which fixed the boot record issue, I've ran three other scan services and they're all coming up green now!
Hallelujah, Brother. :ThmbUp:

I'll be, if that HMP ain't one tough SOB. It took me over a week of wrangling with a bug I had a few years back before I discovered it.

Happy it worked out well for ya. :jump:

yep HMP is a keeper.
and it didn't cost me anything to repair either, but went ahead and purchased it for both my machines anyway. I figure I owe them that much for eliminating this 48 hour headache.

Stay vigilante. That thing can live on your network. Laying in wait

damn mack, the hitman did it.:ThmbUp: :ThmbUp:

thanks.

after running hitmanpro which fixed the boot record issue, I've ran three other scan services and they're all coming up green now!HitManPro is without a doubt the single greatest piece of anti-virus anti-spybot anti-spam ever invented. I too took the free trial and have been gladly paying for the past couple of years...it is one of the few things out there that is worth more than you pay for...

Glad it seems to have worked out. All hail bigmack for being the first person to mention HitMan on this board.

I agree completely PA. HMP is a very nice piece of software, and their approach seems to be unique and fast. If you read their blurb they use a type of profiling to quickly identify threats, it's quite impressive. They made a believer out of me and from now on I will always have it running on my machines as a secondary security measure.

I got better advice from the PA computer section than I did from Microsoft.:lol: