Anti-Spyware Forums


Reply
Thread Tools Display Modes

Microsoft Security Essentials unable to remove Alureon!

 
 
ET
Guest
Posts: n/a

 
      28-08-2009, 07:54 PM
Hi All,

With all the conversation above I understand that there is a rootkit present
in the computer.

If you do not intend to do a clean install and if you need a resoltion, I
might ask for a ntbtlog file.

Enable the boot log from the msconfig->boot.ini. Restart the computer you
might find the log in c:\windows

Paste it here.

ET
PSS
MICROSOFT PARTNERS
--
My Ear goes mute when I hear the word Impossible.


"chris" wrote:

> Wow, that was painful! Here's how I finally removed it:
>
> 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
> computer (both are free programs). The virus was smart enough to prevent me
> from visiting their web sites.
>
> 2) Copy the executables over to infected XP laptop. Rename executables
> (virus also prevented me from launching them unless renamed).
>
> 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
> and UPDATE definitions of all 3
>
> 4) reboot to Windows SAFE mode without networking
>
> 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
>
> 6) Clean all instances of malware found (all 3 products found different
> counts of various items)
>
> 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
> here)
>
> 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
> dlls were found in here, all named UAC<something>.dll). Also delete
> UACwbojwygitk.db that was in here ... no software identified it but name was
> suspicious so I removed it.
>
> 9) Clean out all user's Temporary Internet Files & \Temp directories, since
> a few items were identified in here. Example:
>
> C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
> \Temp
>
> "PA Bear [MS MVP]" wrote:
>
> > Go away, Paddy! (Do they let you out on weekends or what?)
> >
> > What's the "real truth" about pcbutts1? Read on...
> >
> > • Is he an MS MVP? No!
> > cf. http://mvp.support.microsoft.com/communities/mvp.aspx
> >
> > • If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
> > link to begin with?
> >
> > • Is he a proven thief? Yes!
> > cf.
> > http://groups.google.com/group/micro...e6c02dbc6279ad
> > cf.
> > http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
> > cf.
> > http://groups.google.com/group/micro...3247814fb4d61e
> > cf.
> > http://groups.google.com/group/micro...9fce884897662f
> >
> > • What do real experts have to say about him? It ain't pretty.
> >
> > http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
> >
> > http://www.digg.com/security/PCButts1_Under_Attack
> >
> > http://www.siteadvisor.com/sites/pcbutts1.com
> >
> > http://bughunter.it-mate.co.uk/PCBUTTS.TXT
> >
> > http://www.mywot.com/en/scorecard/pcbutts1.com
> >
> > http://www.mywot.com/en/scorecard/www.ms-mvp.org
> >
> > • Does he have all his marbles?
> > cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
> >
> > Ignore this MVP imposter!
> > --
> > ~Robear Dyer
> > MS MVP-IE, Mail, Security, Windows Client
> > https://mvp.support.microsoft.com/de...le/robear.dyer
> >
> >
> > The Real Truth MVP wrote:
> > > By default MSE sends that info to Microsoft Spynet and they update pretty
> > > often so do an update in a few days and see if it will then remove it.
> > > Remember it is still in Beta.

> >
> >

 
Reply With Quote
 
 
 
 
chris
Guest
Posts: n/a

 
      28-08-2009, 08:36 PM
ET, did you not catch the part about it being solved already? My last post
explains how I removed it.

"ET" wrote:

> Hi All,
>
> With all the conversation above I understand that there is a rootkit present
> in the computer.
>
> If you do not intend to do a clean install and if you need a resoltion, I
> might ask for a ntbtlog file.
>
> Enable the boot log from the msconfig->boot.ini. Restart the computer you
> might find the log in c:\windows
>
> Paste it here.
>
> ET
> PSS
> MICROSOFT PARTNERS
> --
> My Ear goes mute when I hear the word Impossible.
>
>
> "chris" wrote:
>
> > Wow, that was painful! Here's how I finally removed it:
> >
> > 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
> > computer (both are free programs). The virus was smart enough to prevent me
> > from visiting their web sites.
> >
> > 2) Copy the executables over to infected XP laptop. Rename executables
> > (virus also prevented me from launching them unless renamed).
> >
> > 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
> > and UPDATE definitions of all 3
> >
> > 4) reboot to Windows SAFE mode without networking
> >
> > 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
> >
> > 6) Clean all instances of malware found (all 3 products found different
> > counts of various items)
> >
> > 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
> > here)
> >
> > 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
> > dlls were found in here, all named UAC<something>.dll). Also delete
> > UACwbojwygitk.db that was in here ... no software identified it but name was
> > suspicious so I removed it.
> >
> > 9) Clean out all user's Temporary Internet Files & \Temp directories, since
> > a few items were identified in here. Example:
> >
> > C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
> > \Temp
> >
> > "PA Bear [MS MVP]" wrote:
> >
> > > Go away, Paddy! (Do they let you out on weekends or what?)
> > >
> > > What's the "real truth" about pcbutts1? Read on...
> > >
> > > • Is he an MS MVP? No!
> > > cf. http://mvp.support.microsoft.com/communities/mvp.aspx
> > >
> > > • If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
> > > link to begin with?
> > >
> > > • Is he a proven thief? Yes!
> > > cf.
> > > http://groups.google.com/group/micro...e6c02dbc6279ad
> > > cf.
> > > http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
> > > cf.
> > > http://groups.google.com/group/micro...3247814fb4d61e
> > > cf.
> > > http://groups.google.com/group/micro...9fce884897662f
> > >
> > > • What do real experts have to say about him? It ain't pretty.
> > >
> > > http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
> > >
> > > http://www.digg.com/security/PCButts1_Under_Attack
> > >
> > > http://www.siteadvisor.com/sites/pcbutts1.com
> > >
> > > http://bughunter.it-mate.co.uk/PCBUTTS.TXT
> > >
> > > http://www.mywot.com/en/scorecard/pcbutts1.com
> > >
> > > http://www.mywot.com/en/scorecard/www.ms-mvp.org
> > >
> > > • Does he have all his marbles?
> > > cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
> > >
> > > Ignore this MVP imposter!
> > > --
> > > ~Robear Dyer
> > > MS MVP-IE, Mail, Security, Windows Client
> > > https://mvp.support.microsoft.com/de...le/robear.dyer
> > >
> > >
> > > The Real Truth MVP wrote:
> > > > By default MSE sends that info to Microsoft Spynet and they update pretty
> > > > often so do an update in a few days and see if it will then remove it.
> > > > Remember it is still in Beta.
> > >
> > >

 
Reply With Quote
 
 
 
 
ET
Guest
Posts: n/a

 
      28-08-2009, 09:20 PM
I missed that part as the thread was not closed yet I thought the issue is
not solved yet.

ET
PSS
MICROSOFT PARTNERS
--
My Ear goes mute when I hear the word Impossible.


"chris" wrote:

> ET, did you not catch the part about it being solved already? My last post
> explains how I removed it.
>
> "ET" wrote:
>
> > Hi All,
> >
> > With all the conversation above I understand that there is a rootkit present
> > in the computer.
> >
> > If you do not intend to do a clean install and if you need a resoltion, I
> > might ask for a ntbtlog file.
> >
> > Enable the boot log from the msconfig->boot.ini. Restart the computer you
> > might find the log in c:\windows
> >
> > Paste it here.
> >
> > ET
> > PSS
> > MICROSOFT PARTNERS
> > --
> > My Ear goes mute when I hear the word Impossible.
> >
> >
> > "chris" wrote:
> >
> > > Wow, that was painful! Here's how I finally removed it:
> > >
> > > 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
> > > computer (both are free programs). The virus was smart enough to prevent me
> > > from visiting their web sites.
> > >
> > > 2) Copy the executables over to infected XP laptop. Rename executables
> > > (virus also prevented me from launching them unless renamed).
> > >
> > > 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
> > > and UPDATE definitions of all 3
> > >
> > > 4) reboot to Windows SAFE mode without networking
> > >
> > > 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
> > >
> > > 6) Clean all instances of malware found (all 3 products found different
> > > counts of various items)
> > >
> > > 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
> > > here)
> > >
> > > 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
> > > dlls were found in here, all named UAC<something>.dll). Also delete
> > > UACwbojwygitk.db that was in here ... no software identified it but name was
> > > suspicious so I removed it.
> > >
> > > 9) Clean out all user's Temporary Internet Files & \Temp directories, since
> > > a few items were identified in here. Example:
> > >
> > > C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
> > > \Temp
> > >
> > > "PA Bear [MS MVP]" wrote:
> > >
> > > > Go away, Paddy! (Do they let you out on weekends or what?)
> > > >
> > > > What's the "real truth" about pcbutts1? Read on...
> > > >
> > > > • Is he an MS MVP? No!
> > > > cf. http://mvp.support.microsoft.com/communities/mvp.aspx
> > > >
> > > > • If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
> > > > link to begin with?
> > > >
> > > > • Is he a proven thief? Yes!
> > > > cf.
> > > > http://groups.google.com/group/micro...e6c02dbc6279ad
> > > > cf.
> > > > http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
> > > > cf.
> > > > http://groups.google.com/group/micro...3247814fb4d61e
> > > > cf.
> > > > http://groups.google.com/group/micro...9fce884897662f
> > > >
> > > > • What do real experts have to say about him? It ain't pretty.
> > > >
> > > > http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
> > > >
> > > > http://www.digg.com/security/PCButts1_Under_Attack
> > > >
> > > > http://www.siteadvisor.com/sites/pcbutts1.com
> > > >
> > > > http://bughunter.it-mate.co.uk/PCBUTTS.TXT
> > > >
> > > > http://www.mywot.com/en/scorecard/pcbutts1.com
> > > >
> > > > http://www.mywot.com/en/scorecard/www.ms-mvp.org
> > > >
> > > > • Does he have all his marbles?
> > > > cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
> > > >
> > > > Ignore this MVP imposter!
> > > > --
> > > > ~Robear Dyer
> > > > MS MVP-IE, Mail, Security, Windows Client
> > > > https://mvp.support.microsoft.com/de...le/robear.dyer
> > > >
> > > >
> > > > The Real Truth MVP wrote:
> > > > > By default MSE sends that info to Microsoft Spynet and they update pretty
> > > > > often so do an update in a few days and see if it will then remove it.
> > > > > Remember it is still in Beta.
> > > >
> > > >

 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a

 
      29-08-2009, 02:00 AM
There is no closure here, one can (and at least one indeed did) post a
reply to a three year's stagnant old thread.

"ET" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I missed that part as the thread was not closed yet I thought the issue
>is
> not solved yet.
>
> ET
> PSS
> MICROSOFT PARTNERS
> --
> My Ear goes mute when I hear the word Impossible.
>
>
> "chris" wrote:
>
>> ET, did you not catch the part about it being solved already? My last
>> post
>> explains how I removed it.
>>
>> "ET" wrote:
>>
>> > Hi All,
>> >
>> > With all the conversation above I understand that there is a
>> > rootkit present
>> > in the computer.
>> >
>> > If you do not intend to do a clean install and if you need a
>> > resoltion, I
>> > might ask for a ntbtlog file.
>> >
>> > Enable the boot log from the msconfig->boot.ini. Restart the
>> > computer you
>> > might find the log in c:\windows
>> >
>> > Paste it here.
>> >
>> > ET
>> > PSS
>> > MICROSOFT PARTNERS
>> > --
>> > My Ear goes mute when I hear the word Impossible.
>> >
>> >
>> > "chris" wrote:
>> >
>> > > Wow, that was painful! Here's how I finally removed it:
>> > >
>> > > 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a
>> > > different
>> > > computer (both are free programs). The virus was smart enough to
>> > > prevent me
>> > > from visiting their web sites.
>> > >
>> > > 2) Copy the executables over to infected XP laptop. Rename
>> > > executables
>> > > (virus also prevented me from launching them unless renamed).
>> > >
>> > > 3) Launch Microsoft Security Essentials, Malwarebytes, &
>> > > SUPERAntiSpyware
>> > > and UPDATE definitions of all 3
>> > >
>> > > 4) reboot to Windows SAFE mode without networking
>> > >
>> > > 5) Run all 3 programs with FULL scans (this takes about 7 or 8
>> > > hours)
>> > >
>> > > 6) Clean all instances of malware found (all 3 products found
>> > > different
>> > > counts of various items)
>> > >
>> > > 7) Clean out Windows\Temp folder (since a few of infected dlls
>> > > were found in
>> > > here)
>> > >
>> > > 8) Clean out filnames starting with UAC in Windows\System32 (7 or
>> > > 8 infected
>> > > dlls were found in here, all named UAC<something>.dll). Also
>> > > delete
>> > > UACwbojwygitk.db that was in here ... no software identified it
>> > > but name was
>> > > suspicious so I removed it.
>> > >
>> > > 9) Clean out all user's Temporary Internet Files & \Temp
>> > > directories, since
>> > > a few items were identified in here. Example:
>> > >
>> > > C:\Documents and Settings\userA\Local Settings\Temporary Internet
>> > > Files &
>> > > \Temp
>> > >
>> > > "PA Bear [MS MVP]" wrote:
>> > >
>> > > > Go away, Paddy! (Do they let you out on weekends or what?)
>> > > >
>> > > > What's the "real truth" about pcbutts1? Read on...
>> > > >
>> > > > . Is he an MS MVP? No!
>> > > > cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>> > > >
>> > > > . If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't
>> > > > he post that
>> > > > link to begin with?
>> > > >
>> > > > . Is he a proven thief? Yes!
>> > > > cf.
>> > > > http://groups.google.com/group/micro...e6c02dbc6279ad
>> > > > cf.
>> > > > http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
>> > > > cf.
>> > > > http://groups.google.com/group/micro...3247814fb4d61e
>> > > > cf.
>> > > > http://groups.google.com/group/micro...9fce884897662f
>> > > >
>> > > > . What do real experts have to say about him? It ain't pretty.
>> > > >
>> > > > http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>> > > >
>> > > > http://www.digg.com/security/PCButts1_Under_Attack
>> > > >
>> > > > http://www.siteadvisor.com/sites/pcbutts1.com
>> > > >
>> > > > http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>> > > >
>> > > > http://www.mywot.com/en/scorecard/pcbutts1.com
>> > > >
>> > > > http://www.mywot.com/en/scorecard/www.ms-mvp.org
>> > > >
>> > > > . Does he have all his marbles?
>> > > > cf.
>> > > > http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>> > > >
>> > > > Ignore this MVP imposter!
>> > > > --
>> > > > ~Robear Dyer
>> > > > MS MVP-IE, Mail, Security, Windows Client
>> > > > https://mvp.support.microsoft.com/de...le/robear.dyer
>> > > >
>> > > >
>> > > > The Real Truth MVP wrote:
>> > > > > By default MSE sends that info to Microsoft Spynet and they
>> > > > > update pretty
>> > > > > often so do an update in a few days and see if it will then
>> > > > > remove it.
>> > > > > Remember it is still in Beta.
>> > > >
>> > > >



 
Reply With Quote
 
ANTHONY MAW
Guest
Posts: n/a

 
      13-03-2011, 09:13 PM
Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.

> On Friday, August 21, 2009 1:46 PM chris wrote:


> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting, cleaning
> out windows/temp folder, also running MSE from XP safe mode without network
> .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!



>> On Friday, August 21, 2009 4:00 PM chris wrote:


>> Also tried running MSFT's Malicous Software Removal Tool to no avail. It
>> does not even detect the darned things.
>>
>> "chris" wrote:



>>> On Friday, August 21, 2009 5:09 PM Malke wrote:


>>> chris wrote:
>>>
>>>
>>> Go through these general malware removal steps systematically -
>>> http://www.elephantboycomputers.com/...moving_Malware
>>>
>>> Include scanning with David Lipman's Multi_AV and follow instructions to do
>>> all scans in Safe Mode. Please see the special Notes regarding using
>>> Multi_AV in Vista.
>>>
>>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>>> http://tinyurl.com/yoeru3 - download link and more instructions
>>>
>>> When all else fails, get guided help. Choose one of the specialty forums
>>> listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
>>> POST LOGS IN THE MS NEWSGROUPS.
>>>
>>> If you cannot do the work yourself (and there is no shame in admitting this
>>> is not your cup of tea), take the machine to a professional computer repair
>>> shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
>>> aware that not all local shops are skilled at removing malware and even if
>>> they are, your computer may be so infested that Windows will need to be
>>> clean-installed. If possible, have all your data backed up before you take
>>> the machine into a shop.
>>>
>>> Malke
>>> --
>>> MS-MVP
>>> Elephant Boy Computers - Don't Panic!
>>> http://www.elephantboycomputers.com/#FAQ



>>>> On Friday, August 21, 2009 5:26 PM PA Bear [MS MVP] wrote:


>>>> How did you obtain MSE? What anti-virus application was installed before
>>>> you installed MSE?
>>>>
>>>> If you are enrolled in the MSE beta, you can obtain assistance here:
>>>> http://social.answers.microsoft.com/...sescan/threads
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>> www.banthecheck.com
>>>>
>>>>
>>>>
>>>> chris wrote:



>>>>> On Friday, August 21, 2009 6:05 PM chris wrote:


>>>>> I downloaded MSE from softpedia I think. it is a friend's computer and I do not
>>>>> think there was ANY legitimate anti-virus software running before. Plenty of
>>>>> fake anti-virus crap though.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:



>>>>>> On Friday, August 21, 2009 7:04 PM Malke wrote:


>>>>>> chris wrote:
>>>>>>
>>>>>>
>>>>>> Then the best thing you can do is back up his data and do a clean install of
>>>>>> the operating system.
>>>>>>
>>>>>> Malke
>>>>>> --
>>>>>> MS-MVP
>>>>>> Elephant Boy Computers - Don't Panic!
>>>>>> http://www.elephantboycomputers.com/#FAQ



>>>>>>> On Friday, August 21, 2009 7:09 PM The Real Truth MVP wrote:


>>>>>>> By default MSE sends that info to Microsoft Spynet and they update pretty
>>>>>>> often so do an update in a few days and see if it will then remove it.
>>>>>>> Remember it is still in Beta.
>>>>>>>
>>>>>>> --
>>>>>>> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
>>>>>>> *WARNING* Do NOT follow any advice given by the people listed below.
>>>>>>> They do NOT have the expertise or knowledge to fix your issue. Do not waste
>>>>>>> your time.
>>>>>>> David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.



>>>>>>>> On Friday, August 21, 2009 7:27 PM StephenB wrote:


>>>>>>>> Even if you downloaded from an unauthorized source, you can still contact
>>>>>>>> support for help with malware removal. Since MSE cannot remove the malware, they
>>>>>>>> may want to grab some data for analysis.
>>>>>>>> To open an email support case, click on the Get Help Now link on this page:
>>>>>>>> http://answers.microsoft.com/en-us/p.../dd891073.aspx
>>>>>>>>
>>>>>>>> -steve
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Stephen Boots
>>>>>>>> MVP Windows Live
>>>>>>>> Windows Live OneCare/Live Mesh/MSE Forums Moderator
>>>>>>>> (E-Mail Removed)



>>>>>>>>> On Friday, August 21, 2009 7:44 PM PA Bear [MS MVP] wrote:


>>>>>>>>> Go away, Paddy! (Do they let you out on weekends or what?)
>>>>>>>>>
>>>>>>>>> What's the "real truth" about pcbutts1? Read on...
>>>>>>>>>
>>>>>>>>> ??? Is he an MS MVP? No!
>>>>>>>>> cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>>>>>>>>>
>>>>>>>>> ??? If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why did not he post that
>>>>>>>>> link to begin with?
>>>>>>>>>
>>>>>>>>> ??? Is he a proven thief? Yes!
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...e6c02dbc6279ad
>>>>>>>>> cf.
>>>>>>>>> http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...3247814fb4d61e
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...9fce884897662f
>>>>>>>>>
>>>>>>>>> ??? What do real experts have to say about him? It ain't pretty.
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>>>>>>>>>
>>>>>>>>> http://www.digg.com/security/PCButts1_Under_Attack
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/www.ms-mvp.org
>>>>>>>>>
>>>>>>>>> ??? Does he have all his marbles?
>>>>>>>>> cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>>>>>>>>>
>>>>>>>>> Ignore this MVP imposter!
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client
>>>>>>>>> https://mvp.support.microsoft.com/de...le/robear.dyer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The Real Truth MVP wrote:



>>>>>>>>>> On Friday, August 21, 2009 7:45 PM PA Bear [MS MVP] wrote:


>>>>>>>>>> Format the HDD then do a clean install of Windows. Please note that a
>>>>>>>>>> Repair Install (AKA in-place upgrade) will NOT fix this!
>>>>>>>>>>
>>>>>>>>>> cf. http://michaelstevenstech.com/cleanxpinstall.html#steps
>>>>>>>>>>
>>>>>>>>>> After the clean install, you will have the equivalent of a "new computer" so
>>>>>>>>>> take care of everything on the following page before otherwise connecting
>>>>>>>>>> the machine to the internet or a network and before using a USB key that
>>>>>>>>>> is not brand-new or has not been freshly formatted:
>>>>>>>>>>
>>>>>>>>>> 5 steps to help protect your new computer before you go online
>>>>>>>>>> http://www.microsoft.com/protect/com...nced/xppc.mspx
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
>>>>>>>>>> (after a clean install)
>>>>>>>>>> http://groups.google.com/group/micro...5afa8ed33e121c
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
>>>>>>>>>> clean install)
>>>>>>>>>> http://groups.google.com/group/micro...66ae41add7dd2b
>>>>>>>>>>
>>>>>>>>>> Also see:
>>>>>>>>>>
>>>>>>>>>> Steps To Help Prevent Spyware
>>>>>>>>>> http://www.microsoft.com/protect/com...e/prevent.mspx
>>>>>>>>>>
>>>>>>>>>> Rogue Security Software - Microsoft Security:
>>>>>>>>>> http://www.microsoft.com/protect/com...ses/rogue.mspx
>>>>>>>>>> --
>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>>>>>> www.banthecheck.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> chris wrote:



>>>>>>>>>>> On Tuesday, August 25, 2009 4:19 PM chris wrote:


>>>>>>>>>>> Wow, that was painful! Here is how I finally removed it:
>>>>>>>>>>>
>>>>>>>>>>> 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
>>>>>>>>>>> computer (both are free programs). The virus was smart enough to prevent me
>>>>>>>>>>> from visiting their web sites.
>>>>>>>>>>>
>>>>>>>>>>> 2) Copy the executables over to infected XP laptop. Rename executables
>>>>>>>>>>> (virus also prevented me from launching them unless renamed).
>>>>>>>>>>>
>>>>>>>>>>> 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
>>>>>>>>>>> and UPDATE definitions of all 3
>>>>>>>>>>>
>>>>>>>>>>> 4) reboot to Windows SAFE mode without networking
>>>>>>>>>>>
>>>>>>>>>>> 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
>>>>>>>>>>>
>>>>>>>>>>> 6) Clean all instances of malware found (all 3 products found different
>>>>>>>>>>> counts of various items)
>>>>>>>>>>>
>>>>>>>>>>> 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
>>>>>>>>>>> dlls were found in here, all named UAC<something>.dll). Also delete
>>>>>>>>>>> UACwbojwygitk.db that was in here ... no software identified it but name was
>>>>>>>>>>> suspicious so I removed it.
>>>>>>>>>>>
>>>>>>>>>>> 9) Clean out all user's Temporary Internet Files & \Temp directories, since
>>>>>>>>>>> a few items were identified in here. Example:
>>>>>>>>>>>
>>>>>>>>>>> C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
>>>>>>>>>>> \Temp
>>>>>>>>>>>
>>>>>>>>>>> "PA Bear [MS MVP]" wrote:



>>>>>>>>>>>> On Friday, August 28, 2009 3:54 PM ET wrote:


>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> With all the conversation above I understand that there is a rootkit present
>>>>>>>>>>>> in the computer.
>>>>>>>>>>>>
>>>>>>>>>>>> If you do not intend to do a clean install and if you need a resoltion, I
>>>>>>>>>>>> might ask for a ntbtlog file.
>>>>>>>>>>>>
>>>>>>>>>>>> Enable the boot log from the msconfig->boot.ini. Restart the computer you
>>>>>>>>>>>> might find the log in c:\windows
>>>>>>>>>>>>
>>>>>>>>>>>> Paste it here.
>>>>>>>>>>>>
>>>>>>>>>>>> ET
>>>>>>>>>>>> PSS
>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>> --
>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>> On Friday, August 28, 2009 4:36 PM chris wrote:


>>>>>>>>>>>>> ET, did you not catch the part about it being solved already? My last post
>>>>>>>>>>>>> explains how I removed it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "ET" wrote:



>>>>>>>>>>>>>> On Friday, August 28, 2009 5:20 PM ET wrote:


>>>>>>>>>>>>>> I missed that part as the thread was not closed yet I thought the issue is
>>>>>>>>>>>>>> not solved yet.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ET
>>>>>>>>>>>>>> PSS
>>>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>>>> On Friday, August 28, 2009 10:00 PM FromTheRafters wrote:


>>>>>>>>>>>>>>> There is no closure here, one can (and at least one indeed did) post a
>>>>>>>>>>>>>>> reply to a three year's stagnant old thread.



>>>>>>>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>>>>>>>> ASP.NET JSON Cookies and Excel
>>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials...and-excel.aspx

 
Reply With Quote
 
ANTHONY MAW
Guest
Posts: n/a

 
      13-03-2011, 09:14 PM
Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.

> On Friday, August 21, 2009 1:46 PM chris wrote:


> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting, cleaning
> out windows/temp folder, also running MSE from XP safe mode without network
> .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!



>> On Friday, August 21, 2009 4:00 PM chris wrote:


>> Also tried running MSFT's Malicous Software Removal Tool to no avail. It
>> does not even detect the darned things.
>>
>> "chris" wrote:



>>> On Friday, August 21, 2009 5:09 PM Malke wrote:


>>> chris wrote:
>>>
>>>
>>> Go through these general malware removal steps systematically -
>>> http://www.elephantboycomputers.com/...moving_Malware
>>>
>>> Include scanning with David Lipman's Multi_AV and follow instructions to do
>>> all scans in Safe Mode. Please see the special Notes regarding using
>>> Multi_AV in Vista.
>>>
>>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>>> http://tinyurl.com/yoeru3 - download link and more instructions
>>>
>>> When all else fails, get guided help. Choose one of the specialty forums
>>> listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
>>> POST LOGS IN THE MS NEWSGROUPS.
>>>
>>> If you cannot do the work yourself (and there is no shame in admitting this
>>> is not your cup of tea), take the machine to a professional computer repair
>>> shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
>>> aware that not all local shops are skilled at removing malware and even if
>>> they are, your computer may be so infested that Windows will need to be
>>> clean-installed. If possible, have all your data backed up before you take
>>> the machine into a shop.
>>>
>>> Malke
>>> --
>>> MS-MVP
>>> Elephant Boy Computers - Don't Panic!
>>> http://www.elephantboycomputers.com/#FAQ



>>>> On Friday, August 21, 2009 5:26 PM PA Bear [MS MVP] wrote:


>>>> How did you obtain MSE? What anti-virus application was installed before
>>>> you installed MSE?
>>>>
>>>> If you are enrolled in the MSE beta, you can obtain assistance here:
>>>> http://social.answers.microsoft.com/...sescan/threads
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>> www.banthecheck.com
>>>>
>>>>
>>>>
>>>> chris wrote:



>>>>> On Friday, August 21, 2009 6:05 PM chris wrote:


>>>>> I downloaded MSE from softpedia I think. it is a friend's computer and I do not
>>>>> think there was ANY legitimate anti-virus software running before. Plenty of
>>>>> fake anti-virus crap though.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:



>>>>>> On Friday, August 21, 2009 7:04 PM Malke wrote:


>>>>>> chris wrote:
>>>>>>
>>>>>>
>>>>>> Then the best thing you can do is back up his data and do a clean install of
>>>>>> the operating system.
>>>>>>
>>>>>> Malke
>>>>>> --
>>>>>> MS-MVP
>>>>>> Elephant Boy Computers - Don't Panic!
>>>>>> http://www.elephantboycomputers.com/#FAQ



>>>>>>> On Friday, August 21, 2009 7:09 PM The Real Truth MVP wrote:


>>>>>>> By default MSE sends that info to Microsoft Spynet and they update pretty
>>>>>>> often so do an update in a few days and see if it will then remove it.
>>>>>>> Remember it is still in Beta.
>>>>>>>
>>>>>>> --
>>>>>>> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
>>>>>>> *WARNING* Do NOT follow any advice given by the people listed below.
>>>>>>> They do NOT have the expertise or knowledge to fix your issue. Do not waste
>>>>>>> your time.
>>>>>>> David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.



>>>>>>>> On Friday, August 21, 2009 7:27 PM StephenB wrote:


>>>>>>>> Even if you downloaded from an unauthorized source, you can still contact
>>>>>>>> support for help with malware removal. Since MSE cannot remove the malware, they
>>>>>>>> may want to grab some data for analysis.
>>>>>>>> To open an email support case, click on the Get Help Now link on this page:
>>>>>>>> http://answers.microsoft.com/en-us/p.../dd891073.aspx
>>>>>>>>
>>>>>>>> -steve
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Stephen Boots
>>>>>>>> MVP Windows Live
>>>>>>>> Windows Live OneCare/Live Mesh/MSE Forums Moderator
>>>>>>>> (E-Mail Removed)



>>>>>>>>> On Friday, August 21, 2009 7:44 PM PA Bear [MS MVP] wrote:


>>>>>>>>> Go away, Paddy! (Do they let you out on weekends or what?)
>>>>>>>>>
>>>>>>>>> What's the "real truth" about pcbutts1? Read on...
>>>>>>>>>
>>>>>>>>> ??? Is he an MS MVP? No!
>>>>>>>>> cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>>>>>>>>>
>>>>>>>>> ??? If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why did not he post that
>>>>>>>>> link to begin with?
>>>>>>>>>
>>>>>>>>> ??? Is he a proven thief? Yes!
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...e6c02dbc6279ad
>>>>>>>>> cf.
>>>>>>>>> http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...3247814fb4d61e
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...9fce884897662f
>>>>>>>>>
>>>>>>>>> ??? What do real experts have to say about him? It ain't pretty.
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>>>>>>>>>
>>>>>>>>> http://www.digg.com/security/PCButts1_Under_Attack
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/www.ms-mvp.org
>>>>>>>>>
>>>>>>>>> ??? Does he have all his marbles?
>>>>>>>>> cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>>>>>>>>>
>>>>>>>>> Ignore this MVP imposter!
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client
>>>>>>>>> https://mvp.support.microsoft.com/de...le/robear.dyer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The Real Truth MVP wrote:



>>>>>>>>>> On Friday, August 21, 2009 7:45 PM PA Bear [MS MVP] wrote:


>>>>>>>>>> Format the HDD then do a clean install of Windows. Please note that a
>>>>>>>>>> Repair Install (AKA in-place upgrade) will NOT fix this!
>>>>>>>>>>
>>>>>>>>>> cf. http://michaelstevenstech.com/cleanxpinstall.html#steps
>>>>>>>>>>
>>>>>>>>>> After the clean install, you will have the equivalent of a "new computer" so
>>>>>>>>>> take care of everything on the following page before otherwise connecting
>>>>>>>>>> the machine to the internet or a network and before using a USB key that
>>>>>>>>>> is not brand-new or has not been freshly formatted:
>>>>>>>>>>
>>>>>>>>>> 5 steps to help protect your new computer before you go online
>>>>>>>>>> http://www.microsoft.com/protect/com...nced/xppc.mspx
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
>>>>>>>>>> (after a clean install)
>>>>>>>>>> http://groups.google.com/group/micro...5afa8ed33e121c
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
>>>>>>>>>> clean install)
>>>>>>>>>> http://groups.google.com/group/micro...66ae41add7dd2b
>>>>>>>>>>
>>>>>>>>>> Also see:
>>>>>>>>>>
>>>>>>>>>> Steps To Help Prevent Spyware
>>>>>>>>>> http://www.microsoft.com/protect/com...e/prevent.mspx
>>>>>>>>>>
>>>>>>>>>> Rogue Security Software - Microsoft Security:
>>>>>>>>>> http://www.microsoft.com/protect/com...ses/rogue.mspx
>>>>>>>>>> --
>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>>>>>> www.banthecheck.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> chris wrote:



>>>>>>>>>>> On Tuesday, August 25, 2009 4:19 PM chris wrote:


>>>>>>>>>>> Wow, that was painful! Here is how I finally removed it:
>>>>>>>>>>>
>>>>>>>>>>> 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
>>>>>>>>>>> computer (both are free programs). The virus was smart enough to prevent me
>>>>>>>>>>> from visiting their web sites.
>>>>>>>>>>>
>>>>>>>>>>> 2) Copy the executables over to infected XP laptop. Rename executables
>>>>>>>>>>> (virus also prevented me from launching them unless renamed).
>>>>>>>>>>>
>>>>>>>>>>> 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
>>>>>>>>>>> and UPDATE definitions of all 3
>>>>>>>>>>>
>>>>>>>>>>> 4) reboot to Windows SAFE mode without networking
>>>>>>>>>>>
>>>>>>>>>>> 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
>>>>>>>>>>>
>>>>>>>>>>> 6) Clean all instances of malware found (all 3 products found different
>>>>>>>>>>> counts of various items)
>>>>>>>>>>>
>>>>>>>>>>> 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
>>>>>>>>>>> dlls were found in here, all named UAC<something>.dll). Also delete
>>>>>>>>>>> UACwbojwygitk.db that was in here ... no software identified it but name was
>>>>>>>>>>> suspicious so I removed it.
>>>>>>>>>>>
>>>>>>>>>>> 9) Clean out all user's Temporary Internet Files & \Temp directories, since
>>>>>>>>>>> a few items were identified in here. Example:
>>>>>>>>>>>
>>>>>>>>>>> C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
>>>>>>>>>>> \Temp
>>>>>>>>>>>
>>>>>>>>>>> "PA Bear [MS MVP]" wrote:



>>>>>>>>>>>> On Friday, August 28, 2009 3:54 PM ET wrote:


>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> With all the conversation above I understand that there is a rootkit present
>>>>>>>>>>>> in the computer.
>>>>>>>>>>>>
>>>>>>>>>>>> If you do not intend to do a clean install and if you need a resoltion, I
>>>>>>>>>>>> might ask for a ntbtlog file.
>>>>>>>>>>>>
>>>>>>>>>>>> Enable the boot log from the msconfig->boot.ini. Restart the computer you
>>>>>>>>>>>> might find the log in c:\windows
>>>>>>>>>>>>
>>>>>>>>>>>> Paste it here.
>>>>>>>>>>>>
>>>>>>>>>>>> ET
>>>>>>>>>>>> PSS
>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>> --
>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>> On Friday, August 28, 2009 4:36 PM chris wrote:


>>>>>>>>>>>>> ET, did you not catch the part about it being solved already? My last post
>>>>>>>>>>>>> explains how I removed it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "ET" wrote:



>>>>>>>>>>>>>> On Friday, August 28, 2009 5:20 PM ET wrote:


>>>>>>>>>>>>>> I missed that part as the thread was not closed yet I thought the issue is
>>>>>>>>>>>>>> not solved yet.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ET
>>>>>>>>>>>>>> PSS
>>>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>>>> On Friday, August 28, 2009 10:00 PM FromTheRafters wrote:


>>>>>>>>>>>>>>> There is no closure here, one can (and at least one indeed did) post a
>>>>>>>>>>>>>>> reply to a three year's stagnant old thread.



>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>>>>>>>>> .NET Windows Services - Timer, Debugging, and Installation
>>>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials...tallation.aspx

 
Reply With Quote
 
ANTHONY MAW
Guest
Posts: n/a

 
      13-03-2011, 09:14 PM
Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.

> On Friday, August 21, 2009 1:46 PM chris wrote:


> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting, cleaning
> out windows/temp folder, also running MSE from XP safe mode without network
> .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!



>> On Friday, August 21, 2009 4:00 PM chris wrote:


>> Also tried running MSFT's Malicous Software Removal Tool to no avail. It
>> does not even detect the darned things.
>>
>> "chris" wrote:



>>> On Friday, August 21, 2009 5:09 PM Malke wrote:


>>> chris wrote:
>>>
>>>
>>> Go through these general malware removal steps systematically -
>>> http://www.elephantboycomputers.com/...moving_Malware
>>>
>>> Include scanning with David Lipman's Multi_AV and follow instructions to do
>>> all scans in Safe Mode. Please see the special Notes regarding using
>>> Multi_AV in Vista.
>>>
>>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>>> http://tinyurl.com/yoeru3 - download link and more instructions
>>>
>>> When all else fails, get guided help. Choose one of the specialty forums
>>> listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
>>> POST LOGS IN THE MS NEWSGROUPS.
>>>
>>> If you cannot do the work yourself (and there is no shame in admitting this
>>> is not your cup of tea), take the machine to a professional computer repair
>>> shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
>>> aware that not all local shops are skilled at removing malware and even if
>>> they are, your computer may be so infested that Windows will need to be
>>> clean-installed. If possible, have all your data backed up before you take
>>> the machine into a shop.
>>>
>>> Malke
>>> --
>>> MS-MVP
>>> Elephant Boy Computers - Don't Panic!
>>> http://www.elephantboycomputers.com/#FAQ



>>>> On Friday, August 21, 2009 5:26 PM PA Bear [MS MVP] wrote:


>>>> How did you obtain MSE? What anti-virus application was installed before
>>>> you installed MSE?
>>>>
>>>> If you are enrolled in the MSE beta, you can obtain assistance here:
>>>> http://social.answers.microsoft.com/...sescan/threads
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>> www.banthecheck.com
>>>>
>>>>
>>>>
>>>> chris wrote:



>>>>> On Friday, August 21, 2009 6:05 PM chris wrote:


>>>>> I downloaded MSE from softpedia I think. it is a friend's computer and I do not
>>>>> think there was ANY legitimate anti-virus software running before. Plenty of
>>>>> fake anti-virus crap though.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:



>>>>>> On Friday, August 21, 2009 7:04 PM Malke wrote:


>>>>>> chris wrote:
>>>>>>
>>>>>>
>>>>>> Then the best thing you can do is back up his data and do a clean install of
>>>>>> the operating system.
>>>>>>
>>>>>> Malke
>>>>>> --
>>>>>> MS-MVP
>>>>>> Elephant Boy Computers - Don't Panic!
>>>>>> http://www.elephantboycomputers.com/#FAQ



>>>>>>> On Friday, August 21, 2009 7:09 PM The Real Truth MVP wrote:


>>>>>>> By default MSE sends that info to Microsoft Spynet and they update pretty
>>>>>>> often so do an update in a few days and see if it will then remove it.
>>>>>>> Remember it is still in Beta.
>>>>>>>
>>>>>>> --
>>>>>>> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
>>>>>>> *WARNING* Do NOT follow any advice given by the people listed below.
>>>>>>> They do NOT have the expertise or knowledge to fix your issue. Do not waste
>>>>>>> your time.
>>>>>>> David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.



>>>>>>>> On Friday, August 21, 2009 7:27 PM StephenB wrote:


>>>>>>>> Even if you downloaded from an unauthorized source, you can still contact
>>>>>>>> support for help with malware removal. Since MSE cannot remove the malware, they
>>>>>>>> may want to grab some data for analysis.
>>>>>>>> To open an email support case, click on the Get Help Now link on this page:
>>>>>>>> http://answers.microsoft.com/en-us/p.../dd891073.aspx
>>>>>>>>
>>>>>>>> -steve
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Stephen Boots
>>>>>>>> MVP Windows Live
>>>>>>>> Windows Live OneCare/Live Mesh/MSE Forums Moderator
>>>>>>>> (E-Mail Removed)



>>>>>>>>> On Friday, August 21, 2009 7:44 PM PA Bear [MS MVP] wrote:


>>>>>>>>> Go away, Paddy! (Do they let you out on weekends or what?)
>>>>>>>>>
>>>>>>>>> What's the "real truth" about pcbutts1? Read on...
>>>>>>>>>
>>>>>>>>> ??? Is he an MS MVP? No!
>>>>>>>>> cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>>>>>>>>>
>>>>>>>>> ??? If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why did not he post that
>>>>>>>>> link to begin with?
>>>>>>>>>
>>>>>>>>> ??? Is he a proven thief? Yes!
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...e6c02dbc6279ad
>>>>>>>>> cf.
>>>>>>>>> http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...3247814fb4d61e
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...9fce884897662f
>>>>>>>>>
>>>>>>>>> ??? What do real experts have to say about him? It ain't pretty.
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>>>>>>>>>
>>>>>>>>> http://www.digg.com/security/PCButts1_Under_Attack
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/www.ms-mvp.org
>>>>>>>>>
>>>>>>>>> ??? Does he have all his marbles?
>>>>>>>>> cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>>>>>>>>>
>>>>>>>>> Ignore this MVP imposter!
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client
>>>>>>>>> https://mvp.support.microsoft.com/de...le/robear.dyer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The Real Truth MVP wrote:



>>>>>>>>>> On Friday, August 21, 2009 7:45 PM PA Bear [MS MVP] wrote:


>>>>>>>>>> Format the HDD then do a clean install of Windows. Please note that a
>>>>>>>>>> Repair Install (AKA in-place upgrade) will NOT fix this!
>>>>>>>>>>
>>>>>>>>>> cf. http://michaelstevenstech.com/cleanxpinstall.html#steps
>>>>>>>>>>
>>>>>>>>>> After the clean install, you will have the equivalent of a "new computer" so
>>>>>>>>>> take care of everything on the following page before otherwise connecting
>>>>>>>>>> the machine to the internet or a network and before using a USB key that
>>>>>>>>>> is not brand-new or has not been freshly formatted:
>>>>>>>>>>
>>>>>>>>>> 5 steps to help protect your new computer before you go online
>>>>>>>>>> http://www.microsoft.com/protect/com...nced/xppc.mspx
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
>>>>>>>>>> (after a clean install)
>>>>>>>>>> http://groups.google.com/group/micro...5afa8ed33e121c
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
>>>>>>>>>> clean install)
>>>>>>>>>> http://groups.google.com/group/micro...66ae41add7dd2b
>>>>>>>>>>
>>>>>>>>>> Also see:
>>>>>>>>>>
>>>>>>>>>> Steps To Help Prevent Spyware
>>>>>>>>>> http://www.microsoft.com/protect/com...e/prevent.mspx
>>>>>>>>>>
>>>>>>>>>> Rogue Security Software - Microsoft Security:
>>>>>>>>>> http://www.microsoft.com/protect/com...ses/rogue.mspx
>>>>>>>>>> --
>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>>>>>> www.banthecheck.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> chris wrote:



>>>>>>>>>>> On Tuesday, August 25, 2009 4:19 PM chris wrote:


>>>>>>>>>>> Wow, that was painful! Here is how I finally removed it:
>>>>>>>>>>>
>>>>>>>>>>> 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
>>>>>>>>>>> computer (both are free programs). The virus was smart enough to prevent me
>>>>>>>>>>> from visiting their web sites.
>>>>>>>>>>>
>>>>>>>>>>> 2) Copy the executables over to infected XP laptop. Rename executables
>>>>>>>>>>> (virus also prevented me from launching them unless renamed).
>>>>>>>>>>>
>>>>>>>>>>> 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
>>>>>>>>>>> and UPDATE definitions of all 3
>>>>>>>>>>>
>>>>>>>>>>> 4) reboot to Windows SAFE mode without networking
>>>>>>>>>>>
>>>>>>>>>>> 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
>>>>>>>>>>>
>>>>>>>>>>> 6) Clean all instances of malware found (all 3 products found different
>>>>>>>>>>> counts of various items)
>>>>>>>>>>>
>>>>>>>>>>> 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
>>>>>>>>>>> dlls were found in here, all named UAC<something>.dll). Also delete
>>>>>>>>>>> UACwbojwygitk.db that was in here ... no software identified it but name was
>>>>>>>>>>> suspicious so I removed it.
>>>>>>>>>>>
>>>>>>>>>>> 9) Clean out all user's Temporary Internet Files & \Temp directories, since
>>>>>>>>>>> a few items were identified in here. Example:
>>>>>>>>>>>
>>>>>>>>>>> C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
>>>>>>>>>>> \Temp
>>>>>>>>>>>
>>>>>>>>>>> "PA Bear [MS MVP]" wrote:



>>>>>>>>>>>> On Friday, August 28, 2009 3:54 PM ET wrote:


>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> With all the conversation above I understand that there is a rootkit present
>>>>>>>>>>>> in the computer.
>>>>>>>>>>>>
>>>>>>>>>>>> If you do not intend to do a clean install and if you need a resoltion, I
>>>>>>>>>>>> might ask for a ntbtlog file.
>>>>>>>>>>>>
>>>>>>>>>>>> Enable the boot log from the msconfig->boot.ini. Restart the computer you
>>>>>>>>>>>> might find the log in c:\windows
>>>>>>>>>>>>
>>>>>>>>>>>> Paste it here.
>>>>>>>>>>>>
>>>>>>>>>>>> ET
>>>>>>>>>>>> PSS
>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>> --
>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>> On Friday, August 28, 2009 4:36 PM chris wrote:


>>>>>>>>>>>>> ET, did you not catch the part about it being solved already? My last post
>>>>>>>>>>>>> explains how I removed it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "ET" wrote:



>>>>>>>>>>>>>> On Friday, August 28, 2009 5:20 PM ET wrote:


>>>>>>>>>>>>>> I missed that part as the thread was not closed yet I thought the issue is
>>>>>>>>>>>>>> not solved yet.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ET
>>>>>>>>>>>>>> PSS
>>>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>>>> On Friday, August 28, 2009 10:00 PM FromTheRafters wrote:


>>>>>>>>>>>>>>> There is no closure here, one can (and at least one indeed did) post a
>>>>>>>>>>>>>>> reply to a three year's stagnant old thread.



>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>>>>>>>>>> Pass Values Between Windows Forms
>>>>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials...ows-forms.aspx

 
Reply With Quote
 
ANTHONY MAW
Guest
Posts: n/a

 
      13-03-2011, 09:15 PM
Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.

> On Friday, August 21, 2009 1:46 PM chris wrote:


> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting, cleaning
> out windows/temp folder, also running MSE from XP safe mode without network
> .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!



>> On Friday, August 21, 2009 4:00 PM chris wrote:


>> Also tried running MSFT's Malicous Software Removal Tool to no avail. It
>> does not even detect the darned things.
>>
>> "chris" wrote:



>>> On Friday, August 21, 2009 5:09 PM Malke wrote:


>>> chris wrote:
>>>
>>>
>>> Go through these general malware removal steps systematically -
>>> http://www.elephantboycomputers.com/...moving_Malware
>>>
>>> Include scanning with David Lipman's Multi_AV and follow instructions to do
>>> all scans in Safe Mode. Please see the special Notes regarding using
>>> Multi_AV in Vista.
>>>
>>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>>> http://tinyurl.com/yoeru3 - download link and more instructions
>>>
>>> When all else fails, get guided help. Choose one of the specialty forums
>>> listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
>>> POST LOGS IN THE MS NEWSGROUPS.
>>>
>>> If you cannot do the work yourself (and there is no shame in admitting this
>>> is not your cup of tea), take the machine to a professional computer repair
>>> shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
>>> aware that not all local shops are skilled at removing malware and even if
>>> they are, your computer may be so infested that Windows will need to be
>>> clean-installed. If possible, have all your data backed up before you take
>>> the machine into a shop.
>>>
>>> Malke
>>> --
>>> MS-MVP
>>> Elephant Boy Computers - Don't Panic!
>>> http://www.elephantboycomputers.com/#FAQ



>>>> On Friday, August 21, 2009 5:26 PM PA Bear [MS MVP] wrote:


>>>> How did you obtain MSE? What anti-virus application was installed before
>>>> you installed MSE?
>>>>
>>>> If you are enrolled in the MSE beta, you can obtain assistance here:
>>>> http://social.answers.microsoft.com/...sescan/threads
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>> www.banthecheck.com
>>>>
>>>>
>>>>
>>>> chris wrote:



>>>>> On Friday, August 21, 2009 6:05 PM chris wrote:


>>>>> I downloaded MSE from softpedia I think. it is a friend's computer and I do not
>>>>> think there was ANY legitimate anti-virus software running before. Plenty of
>>>>> fake anti-virus crap though.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:



>>>>>> On Friday, August 21, 2009 7:04 PM Malke wrote:


>>>>>> chris wrote:
>>>>>>
>>>>>>
>>>>>> Then the best thing you can do is back up his data and do a clean install of
>>>>>> the operating system.
>>>>>>
>>>>>> Malke
>>>>>> --
>>>>>> MS-MVP
>>>>>> Elephant Boy Computers - Don't Panic!
>>>>>> http://www.elephantboycomputers.com/#FAQ



>>>>>>> On Friday, August 21, 2009 7:09 PM The Real Truth MVP wrote:


>>>>>>> By default MSE sends that info to Microsoft Spynet and they update pretty
>>>>>>> often so do an update in a few days and see if it will then remove it.
>>>>>>> Remember it is still in Beta.
>>>>>>>
>>>>>>> --
>>>>>>> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
>>>>>>> *WARNING* Do NOT follow any advice given by the people listed below.
>>>>>>> They do NOT have the expertise or knowledge to fix your issue. Do not waste
>>>>>>> your time.
>>>>>>> David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.



>>>>>>>> On Friday, August 21, 2009 7:27 PM StephenB wrote:


>>>>>>>> Even if you downloaded from an unauthorized source, you can still contact
>>>>>>>> support for help with malware removal. Since MSE cannot remove the malware, they
>>>>>>>> may want to grab some data for analysis.
>>>>>>>> To open an email support case, click on the Get Help Now link on this page:
>>>>>>>> http://answers.microsoft.com/en-us/p.../dd891073.aspx
>>>>>>>>
>>>>>>>> -steve
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Stephen Boots
>>>>>>>> MVP Windows Live
>>>>>>>> Windows Live OneCare/Live Mesh/MSE Forums Moderator
>>>>>>>> (E-Mail Removed)



>>>>>>>>> On Friday, August 21, 2009 7:44 PM PA Bear [MS MVP] wrote:


>>>>>>>>> Go away, Paddy! (Do they let you out on weekends or what?)
>>>>>>>>>
>>>>>>>>> What's the "real truth" about pcbutts1? Read on...
>>>>>>>>>
>>>>>>>>> ??? Is he an MS MVP? No!
>>>>>>>>> cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>>>>>>>>>
>>>>>>>>> ??? If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why did not he post that
>>>>>>>>> link to begin with?
>>>>>>>>>
>>>>>>>>> ??? Is he a proven thief? Yes!
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...e6c02dbc6279ad
>>>>>>>>> cf.
>>>>>>>>> http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...3247814fb4d61e
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...9fce884897662f
>>>>>>>>>
>>>>>>>>> ??? What do real experts have to say about him? It ain't pretty.
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>>>>>>>>>
>>>>>>>>> http://www.digg.com/security/PCButts1_Under_Attack
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/www.ms-mvp.org
>>>>>>>>>
>>>>>>>>> ??? Does he have all his marbles?
>>>>>>>>> cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>>>>>>>>>
>>>>>>>>> Ignore this MVP imposter!
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client
>>>>>>>>> https://mvp.support.microsoft.com/de...le/robear.dyer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The Real Truth MVP wrote:



>>>>>>>>>> On Friday, August 21, 2009 7:45 PM PA Bear [MS MVP] wrote:


>>>>>>>>>> Format the HDD then do a clean install of Windows. Please note that a
>>>>>>>>>> Repair Install (AKA in-place upgrade) will NOT fix this!
>>>>>>>>>>
>>>>>>>>>> cf. http://michaelstevenstech.com/cleanxpinstall.html#steps
>>>>>>>>>>
>>>>>>>>>> After the clean install, you will have the equivalent of a "new computer" so
>>>>>>>>>> take care of everything on the following page before otherwise connecting
>>>>>>>>>> the machine to the internet or a network and before using a USB key that
>>>>>>>>>> is not brand-new or has not been freshly formatted:
>>>>>>>>>>
>>>>>>>>>> 5 steps to help protect your new computer before you go online
>>>>>>>>>> http://www.microsoft.com/protect/com...nced/xppc.mspx
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
>>>>>>>>>> (after a clean install)
>>>>>>>>>> http://groups.google.com/group/micro...5afa8ed33e121c
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
>>>>>>>>>> clean install)
>>>>>>>>>> http://groups.google.com/group/micro...66ae41add7dd2b
>>>>>>>>>>
>>>>>>>>>> Also see:
>>>>>>>>>>
>>>>>>>>>> Steps To Help Prevent Spyware
>>>>>>>>>> http://www.microsoft.com/protect/com...e/prevent.mspx
>>>>>>>>>>
>>>>>>>>>> Rogue Security Software - Microsoft Security:
>>>>>>>>>> http://www.microsoft.com/protect/com...ses/rogue.mspx
>>>>>>>>>> --
>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>>>>>> www.banthecheck.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> chris wrote:



>>>>>>>>>>> On Tuesday, August 25, 2009 4:19 PM chris wrote:


>>>>>>>>>>> Wow, that was painful! Here is how I finally removed it:
>>>>>>>>>>>
>>>>>>>>>>> 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
>>>>>>>>>>> computer (both are free programs). The virus was smart enough to prevent me
>>>>>>>>>>> from visiting their web sites.
>>>>>>>>>>>
>>>>>>>>>>> 2) Copy the executables over to infected XP laptop. Rename executables
>>>>>>>>>>> (virus also prevented me from launching them unless renamed).
>>>>>>>>>>>
>>>>>>>>>>> 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
>>>>>>>>>>> and UPDATE definitions of all 3
>>>>>>>>>>>
>>>>>>>>>>> 4) reboot to Windows SAFE mode without networking
>>>>>>>>>>>
>>>>>>>>>>> 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
>>>>>>>>>>>
>>>>>>>>>>> 6) Clean all instances of malware found (all 3 products found different
>>>>>>>>>>> counts of various items)
>>>>>>>>>>>
>>>>>>>>>>> 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
>>>>>>>>>>> dlls were found in here, all named UAC<something>.dll). Also delete
>>>>>>>>>>> UACwbojwygitk.db that was in here ... no software identified it but name was
>>>>>>>>>>> suspicious so I removed it.
>>>>>>>>>>>
>>>>>>>>>>> 9) Clean out all user's Temporary Internet Files & \Temp directories, since
>>>>>>>>>>> a few items were identified in here. Example:
>>>>>>>>>>>
>>>>>>>>>>> C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
>>>>>>>>>>> \Temp
>>>>>>>>>>>
>>>>>>>>>>> "PA Bear [MS MVP]" wrote:



>>>>>>>>>>>> On Friday, August 28, 2009 3:54 PM ET wrote:


>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> With all the conversation above I understand that there is a rootkit present
>>>>>>>>>>>> in the computer.
>>>>>>>>>>>>
>>>>>>>>>>>> If you do not intend to do a clean install and if you need a resoltion, I
>>>>>>>>>>>> might ask for a ntbtlog file.
>>>>>>>>>>>>
>>>>>>>>>>>> Enable the boot log from the msconfig->boot.ini. Restart the computer you
>>>>>>>>>>>> might find the log in c:\windows
>>>>>>>>>>>>
>>>>>>>>>>>> Paste it here.
>>>>>>>>>>>>
>>>>>>>>>>>> ET
>>>>>>>>>>>> PSS
>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>> --
>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>> On Friday, August 28, 2009 4:36 PM chris wrote:


>>>>>>>>>>>>> ET, did you not catch the part about it being solved already? My last post
>>>>>>>>>>>>> explains how I removed it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "ET" wrote:



>>>>>>>>>>>>>> On Friday, August 28, 2009 5:20 PM ET wrote:


>>>>>>>>>>>>>> I missed that part as the thread was not closed yet I thought the issue is
>>>>>>>>>>>>>> not solved yet.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ET
>>>>>>>>>>>>>> PSS
>>>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>>>> On Friday, August 28, 2009 10:00 PM FromTheRafters wrote:


>>>>>>>>>>>>>>> There is no closure here, one can (and at least one indeed did) post a
>>>>>>>>>>>>>>> reply to a three year's stagnant old thread.



>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:14 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>>>>>>>>>>> C# Dynamic XElement wrapper
>>>>>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials...t-wrapper.aspx

 
Reply With Quote
 
ANTHONY MAW
Guest
Posts: n/a

 
      13-03-2011, 09:16 PM
Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.

> On Friday, August 21, 2009 1:46 PM chris wrote:


> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting, cleaning
> out windows/temp folder, also running MSE from XP safe mode without network
> .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!



>> On Friday, August 21, 2009 4:00 PM chris wrote:


>> Also tried running MSFT's Malicous Software Removal Tool to no avail. It
>> does not even detect the darned things.
>>
>> "chris" wrote:



>>> On Friday, August 21, 2009 5:09 PM Malke wrote:


>>> chris wrote:
>>>
>>>
>>> Go through these general malware removal steps systematically -
>>> http://www.elephantboycomputers.com/...moving_Malware
>>>
>>> Include scanning with David Lipman's Multi_AV and follow instructions to do
>>> all scans in Safe Mode. Please see the special Notes regarding using
>>> Multi_AV in Vista.
>>>
>>> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>>> http://tinyurl.com/yoeru3 - download link and more instructions
>>>
>>> When all else fails, get guided help. Choose one of the specialty forums
>>> listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
>>> POST LOGS IN THE MS NEWSGROUPS.
>>>
>>> If you cannot do the work yourself (and there is no shame in admitting this
>>> is not your cup of tea), take the machine to a professional computer repair
>>> shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
>>> aware that not all local shops are skilled at removing malware and even if
>>> they are, your computer may be so infested that Windows will need to be
>>> clean-installed. If possible, have all your data backed up before you take
>>> the machine into a shop.
>>>
>>> Malke
>>> --
>>> MS-MVP
>>> Elephant Boy Computers - Don't Panic!
>>> http://www.elephantboycomputers.com/#FAQ



>>>> On Friday, August 21, 2009 5:26 PM PA Bear [MS MVP] wrote:


>>>> How did you obtain MSE? What anti-virus application was installed before
>>>> you installed MSE?
>>>>
>>>> If you are enrolled in the MSE beta, you can obtain assistance here:
>>>> http://social.answers.microsoft.com/...sescan/threads
>>>> --
>>>> ~Robear Dyer (PA Bear)
>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>> www.banthecheck.com
>>>>
>>>>
>>>>
>>>> chris wrote:



>>>>> On Friday, August 21, 2009 6:05 PM chris wrote:


>>>>> I downloaded MSE from softpedia I think. it is a friend's computer and I do not
>>>>> think there was ANY legitimate anti-virus software running before. Plenty of
>>>>> fake anti-virus crap though.
>>>>>
>>>>> "PA Bear [MS MVP]" wrote:



>>>>>> On Friday, August 21, 2009 7:04 PM Malke wrote:


>>>>>> chris wrote:
>>>>>>
>>>>>>
>>>>>> Then the best thing you can do is back up his data and do a clean install of
>>>>>> the operating system.
>>>>>>
>>>>>> Malke
>>>>>> --
>>>>>> MS-MVP
>>>>>> Elephant Boy Computers - Don't Panic!
>>>>>> http://www.elephantboycomputers.com/#FAQ



>>>>>>> On Friday, August 21, 2009 7:09 PM The Real Truth MVP wrote:


>>>>>>> By default MSE sends that info to Microsoft Spynet and they update pretty
>>>>>>> often so do an update in a few days and see if it will then remove it.
>>>>>>> Remember it is still in Beta.
>>>>>>>
>>>>>>> --
>>>>>>> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
>>>>>>> *WARNING* Do NOT follow any advice given by the people listed below.
>>>>>>> They do NOT have the expertise or knowledge to fix your issue. Do not waste
>>>>>>> your time.
>>>>>>> David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.



>>>>>>>> On Friday, August 21, 2009 7:27 PM StephenB wrote:


>>>>>>>> Even if you downloaded from an unauthorized source, you can still contact
>>>>>>>> support for help with malware removal. Since MSE cannot remove the malware, they
>>>>>>>> may want to grab some data for analysis.
>>>>>>>> To open an email support case, click on the Get Help Now link on this page:
>>>>>>>> http://answers.microsoft.com/en-us/p.../dd891073.aspx
>>>>>>>>
>>>>>>>> -steve
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Stephen Boots
>>>>>>>> MVP Windows Live
>>>>>>>> Windows Live OneCare/Live Mesh/MSE Forums Moderator
>>>>>>>> (E-Mail Removed)



>>>>>>>>> On Friday, August 21, 2009 7:44 PM PA Bear [MS MVP] wrote:


>>>>>>>>> Go away, Paddy! (Do they let you out on weekends or what?)
>>>>>>>>>
>>>>>>>>> What's the "real truth" about pcbutts1? Read on...
>>>>>>>>>
>>>>>>>>> ??? Is he an MS MVP? No!
>>>>>>>>> cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>>>>>>>>>
>>>>>>>>> ??? If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why did not he post that
>>>>>>>>> link to begin with?
>>>>>>>>>
>>>>>>>>> ??? Is he a proven thief? Yes!
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...e6c02dbc6279ad
>>>>>>>>> cf.
>>>>>>>>> http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...3247814fb4d61e
>>>>>>>>> cf.
>>>>>>>>> http://groups.google.com/group/micro...9fce884897662f
>>>>>>>>>
>>>>>>>>> ??? What do real experts have to say about him? It ain't pretty.
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>>>>>>>>>
>>>>>>>>> http://www.digg.com/security/PCButts1_Under_Attack
>>>>>>>>>
>>>>>>>>> http://www.siteadvisor.com/sites/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/pcbutts1.com
>>>>>>>>>
>>>>>>>>> http://www.mywot.com/en/scorecard/www.ms-mvp.org
>>>>>>>>>
>>>>>>>>> ??? Does he have all his marbles?
>>>>>>>>> cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>>>>>>>>>
>>>>>>>>> Ignore this MVP imposter!
>>>>>>>>> --
>>>>>>>>> ~Robear Dyer
>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client
>>>>>>>>> https://mvp.support.microsoft.com/de...le/robear.dyer
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The Real Truth MVP wrote:



>>>>>>>>>> On Friday, August 21, 2009 7:45 PM PA Bear [MS MVP] wrote:


>>>>>>>>>> Format the HDD then do a clean install of Windows. Please note that a
>>>>>>>>>> Repair Install (AKA in-place upgrade) will NOT fix this!
>>>>>>>>>>
>>>>>>>>>> cf. http://michaelstevenstech.com/cleanxpinstall.html#steps
>>>>>>>>>>
>>>>>>>>>> After the clean install, you will have the equivalent of a "new computer" so
>>>>>>>>>> take care of everything on the following page before otherwise connecting
>>>>>>>>>> the machine to the internet or a network and before using a USB key that
>>>>>>>>>> is not brand-new or has not been freshly formatted:
>>>>>>>>>>
>>>>>>>>>> 5 steps to help protect your new computer before you go online
>>>>>>>>>> http://www.microsoft.com/protect/com...nced/xppc.mspx
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
>>>>>>>>>> (after a clean install)
>>>>>>>>>> http://groups.google.com/group/micro...5afa8ed33e121c
>>>>>>>>>>
>>>>>>>>>> HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
>>>>>>>>>> clean install)
>>>>>>>>>> http://groups.google.com/group/micro...66ae41add7dd2b
>>>>>>>>>>
>>>>>>>>>> Also see:
>>>>>>>>>>
>>>>>>>>>> Steps To Help Prevent Spyware
>>>>>>>>>> http://www.microsoft.com/protect/com...e/prevent.mspx
>>>>>>>>>>
>>>>>>>>>> Rogue Security Software - Microsoft Security:
>>>>>>>>>> http://www.microsoft.com/protect/com...ses/rogue.mspx
>>>>>>>>>> --
>>>>>>>>>> ~Robear Dyer (PA Bear)
>>>>>>>>>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>>>>>>>>>> www.banthecheck.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> chris wrote:



>>>>>>>>>>> On Tuesday, August 25, 2009 4:19 PM chris wrote:


>>>>>>>>>>> Wow, that was painful! Here is how I finally removed it:
>>>>>>>>>>>
>>>>>>>>>>> 1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
>>>>>>>>>>> computer (both are free programs). The virus was smart enough to prevent me
>>>>>>>>>>> from visiting their web sites.
>>>>>>>>>>>
>>>>>>>>>>> 2) Copy the executables over to infected XP laptop. Rename executables
>>>>>>>>>>> (virus also prevented me from launching them unless renamed).
>>>>>>>>>>>
>>>>>>>>>>> 3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
>>>>>>>>>>> and UPDATE definitions of all 3
>>>>>>>>>>>
>>>>>>>>>>> 4) reboot to Windows SAFE mode without networking
>>>>>>>>>>>
>>>>>>>>>>> 5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)
>>>>>>>>>>>
>>>>>>>>>>> 6) Clean all instances of malware found (all 3 products found different
>>>>>>>>>>> counts of various items)
>>>>>>>>>>>
>>>>>>>>>>> 7) Clean out Windows\Temp folder (since a few of infected dlls were found in
>>>>>>>>>>> here)
>>>>>>>>>>>
>>>>>>>>>>> 8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
>>>>>>>>>>> dlls were found in here, all named UAC<something>.dll). Also delete
>>>>>>>>>>> UACwbojwygitk.db that was in here ... no software identified it but name was
>>>>>>>>>>> suspicious so I removed it.
>>>>>>>>>>>
>>>>>>>>>>> 9) Clean out all user's Temporary Internet Files & \Temp directories, since
>>>>>>>>>>> a few items were identified in here. Example:
>>>>>>>>>>>
>>>>>>>>>>> C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
>>>>>>>>>>> \Temp
>>>>>>>>>>>
>>>>>>>>>>> "PA Bear [MS MVP]" wrote:



>>>>>>>>>>>> On Friday, August 28, 2009 3:54 PM ET wrote:


>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> With all the conversation above I understand that there is a rootkit present
>>>>>>>>>>>> in the computer.
>>>>>>>>>>>>
>>>>>>>>>>>> If you do not intend to do a clean install and if you need a resoltion, I
>>>>>>>>>>>> might ask for a ntbtlog file.
>>>>>>>>>>>>
>>>>>>>>>>>> Enable the boot log from the msconfig->boot.ini. Restart the computer you
>>>>>>>>>>>> might find the log in c:\windows
>>>>>>>>>>>>
>>>>>>>>>>>> Paste it here.
>>>>>>>>>>>>
>>>>>>>>>>>> ET
>>>>>>>>>>>> PSS
>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>> --
>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>> On Friday, August 28, 2009 4:36 PM chris wrote:


>>>>>>>>>>>>> ET, did you not catch the part about it being solved already? My last post
>>>>>>>>>>>>> explains how I removed it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> "ET" wrote:



>>>>>>>>>>>>>> On Friday, August 28, 2009 5:20 PM ET wrote:


>>>>>>>>>>>>>> I missed that part as the thread was not closed yet I thought the issue is
>>>>>>>>>>>>>> not solved yet.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ET
>>>>>>>>>>>>>> PSS
>>>>>>>>>>>>>> MICROSOFT PARTNERS
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> My Ear goes mute when I hear the word Impossible.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> "chris" wrote:



>>>>>>>>>>>>>>> On Friday, August 28, 2009 10:00 PM FromTheRafters wrote:


>>>>>>>>>>>>>>> There is no closure here, one can (and at least one indeed did) post a
>>>>>>>>>>>>>>> reply to a three year's stagnant old thread.



>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:13 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:14 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>>>> On Sunday, March 13, 2011 5:15 PM ANTHONY MAW wrote:


>>>>>>>>>>>>>>>>>>> Yeah I had the same experience. I have a laptop hard drive infected with Alureon.A. I pulled the drive from the laptop and slaved it to a PC using a USB adapter. As soon as I plug it in, Microsoft Security Essentials *detects* it and prompts to clean it but then it stupidly fails with the error message: "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." and tells you to reboot. Of course rebooting does absolutely nothing other than you get nagged again that the drive is infected. I don't know what the dudheads at Microsoft are doing but this seems to be another case of one department not talking to another. Fail.



>>>>>>>>>>>>>>>>>>> Submitted via EggHeadCafe
>>>>>>>>>>>>>>>>>>> LINQ executed in Parallel (PLINQ)
>>>>>>>>>>>>>>>>>>> http://www.eggheadcafe.com/tutorials...lel-plinq.aspx

 
Reply With Quote
 
FromTheRafters
Guest
Posts: n/a

 
      13-03-2011, 10:00 PM

Maybe after a few more posts from an egghead, and a couple more *years*,
they'll figure it out.
 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: MICROSOFT SECURITY ESSENTIALS FromTheRafters Computer Security 6 24-07-2009 04:42 AM
Re: MICROSOFT SECURITY ESSENTIALS ---Fitz--- Computer Security 0 19-07-2009 05:27 PM
Re: MICROSOFT SECURITY ESSENTIALS Sunny Computer Security 0 19-07-2009 05:42 AM
Microsoft Security Essentials gets good review Richard Urban Computer Security 1 03-07-2009 04:20 PM
Microsoft Security Essentials * Beta * Launched SJL Spyware 2 25-06-2009 04:33 AM


All times are GMT. The time now is 06:26 PM.