Anti-Spyware Forums


Reply
Thread Tools Display Modes

Microsoft Security Essentials unable to remove Alureon!

 
 
chris
Guest
Posts: n/a

 
      21-08-2009, 05:46 PM
I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
then rebooting, disconnecting internet then cleaning then rebooting, cleaning
out windows/temp folder, also running MSE from XP safe mode without network
..... but nothing seems to do it.

MSE keeps telling me if finds these:
Trojan:Win32/Alureon.BF
Trojan:Win32/Alureon.gen!R
Trojan:Win32/Alureon.BD
Trojan:Win32/Alureon.gen!C

Please help!
 
Reply With Quote
 
 
 
 
chris
Guest
Posts: n/a

 
      21-08-2009, 08:00 PM
Also tried running MSFT's Malicous Software Removal Tool to no avail. It
doesn't even detect the darned things.

"chris" wrote:

> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting, cleaning
> out windows/temp folder, also running MSE from XP safe mode without network
> .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!

 
Reply With Quote
 
 
 
 
Malke
Guest
Posts: n/a

 
      21-08-2009, 09:09 PM
chris wrote:

> Also tried running MSFT's Malicous Software Removal Tool to no avail. It
> doesn't even detect the darned things.
>
> "chris" wrote:
>
>> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
>> then rebooting, disconnecting internet then cleaning then rebooting,
>> cleaning out windows/temp folder, also running MSE from XP safe mode
>> without network .... but nothing seems to do it.
>>
>> MSE keeps telling me if finds these:
>> Trojan:Win32/Alureon.BF
>> Trojan:Win32/Alureon.gen!R
>> Trojan:Win32/Alureon.BD
>> Trojan:Win32/Alureon.gen!C


Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

If you can't do the work yourself (and there is no shame in admitting this
isn't your cup of tea), take the machine to a professional computer repair
shop (not your local equivalent of BigComputerStore/GeekSquad). Please be
aware that not all local shops are skilled at removing malware and even if
they are, your computer may be so infested that Windows will need to be
clean-installed. If possible, have all your data backed up before you take
the machine into a shop.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

 
Reply With Quote
 
PA Bear [MS MVP]
Guest
Posts: n/a

 
      21-08-2009, 09:26 PM
How did you obtain MSE? What anti-virus application was installed before
you installed MSE?

If you're enrolled in the MSE beta, you can obtain assistance here:
http://social.answers.microsoft.com/...sescan/threads
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com



chris wrote:
> I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> then rebooting, disconnecting internet then cleaning then rebooting,
> cleaning out windows/temp folder, also running MSE from XP safe mode
> without network .... but nothing seems to do it.
>
> MSE keeps telling me if finds these:
> Trojan:Win32/Alureon.BF
> Trojan:Win32/Alureon.gen!R
> Trojan:Win32/Alureon.BD
> Trojan:Win32/Alureon.gen!C
>
> Please help!


 
Reply With Quote
 
chris
Guest
Posts: n/a

 
      21-08-2009, 10:05 PM
I downloaded MSE from softpedia I think. It's a friend's computer and I don't
think there was ANY legitimate anti-virus software running before. Plenty of
fake anti-virus crap though.

"PA Bear [MS MVP]" wrote:

> How did you obtain MSE? What anti-virus application was installed before
> you installed MSE?
>
> If you're enrolled in the MSE beta, you can obtain assistance here:
> http://social.answers.microsoft.com/...sescan/threads
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Client - since 2002
> www.banthecheck.com
>
>
>
> chris wrote:
> > I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
> > then rebooting, disconnecting internet then cleaning then rebooting,
> > cleaning out windows/temp folder, also running MSE from XP safe mode
> > without network .... but nothing seems to do it.
> >
> > MSE keeps telling me if finds these:
> > Trojan:Win32/Alureon.BF
> > Trojan:Win32/Alureon.gen!R
> > Trojan:Win32/Alureon.BD
> > Trojan:Win32/Alureon.gen!C
> >
> > Please help!

>
>

 
Reply With Quote
 
Malke
Guest
Posts: n/a

 
      21-08-2009, 11:04 PM
chris wrote:

> I downloaded MSE from softpedia I think. It's a friend's computer and I
> don't think there was ANY legitimate anti-virus software running before.
> Plenty of fake anti-virus crap though.


Then the best thing you can do is back up his data and do a clean install of
the operating system.

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ

 
Reply With Quote
 
StephenB
Guest
Posts: n/a

 
      21-08-2009, 11:27 PM
Even if you downloaded from an unauthorized source, you can still contact
support for help with malware removal. Since MSE can't remove the malware, they
may want to grab some data for analysis.
To open an email support case, click on the Get Help Now link on this page:
http://answers.microsoft.com/en-us/p.../dd891073.aspx

-steve

chris <(E-Mail Removed)> wrote:

>I downloaded MSE from softpedia I think. It's a friend's computer and I don't
>think there was ANY legitimate anti-virus software running before. Plenty of
>fake anti-virus crap though.
>
>"PA Bear [MS MVP]" wrote:
>
>> How did you obtain MSE? What anti-virus application was installed before
>> you installed MSE?
>>
>> If you're enrolled in the MSE beta, you can obtain assistance here:
>> http://social.answers.microsoft.com/...sescan/threads
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>> www.banthecheck.com
>>
>>
>>
>> chris wrote:
>> > I have the latest MSE updates on an XP sp3 laptop and have tried cleaning
>> > then rebooting, disconnecting internet then cleaning then rebooting,
>> > cleaning out windows/temp folder, also running MSE from XP safe mode
>> > without network .... but nothing seems to do it.
>> >
>> > MSE keeps telling me if finds these:
>> > Trojan:Win32/Alureon.BF
>> > Trojan:Win32/Alureon.gen!R
>> > Trojan:Win32/Alureon.BD
>> > Trojan:Win32/Alureon.gen!C
>> >
>> > Please help!

>>
>>


--
Stephen Boots
MVP Windows Live
Windows Live OneCare/Live Mesh/MSE Forums Moderator
(E-Mail Removed)
 
Reply With Quote
 
PA Bear [MS MVP]
Guest
Posts: n/a

 
      21-08-2009, 11:44 PM
Go away, Paddy! (Do they let you out on weekends or what?)

What's the "real truth" about pcbutts1? Read on...

• Is he an MS MVP? No!
cf. http://mvp.support.microsoft.com/communities/mvp.aspx

• If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
link to begin with?

• Is he a proven thief? Yes!
cf.
http://groups.google.com/group/micro...e6c02dbc6279ad
cf.
http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
cf.
http://groups.google.com/group/micro...3247814fb4d61e
cf.
http://groups.google.com/group/micro...9fce884897662f

• What do real experts have to say about him? It ain't pretty.

http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)

http://www.digg.com/security/PCButts1_Under_Attack

http://www.siteadvisor.com/sites/pcbutts1.com

http://bughunter.it-mate.co.uk/PCBUTTS.TXT

http://www.mywot.com/en/scorecard/pcbutts1.com

http://www.mywot.com/en/scorecard/www.ms-mvp.org

• Does he have all his marbles?
cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain

Ignore this MVP imposter!
--
~Robear Dyer
MS MVP-IE, Mail, Security, Windows Client
https://mvp.support.microsoft.com/de...le/robear.dyer


The Real Truth MVP wrote:
> By default MSE sends that info to Microsoft Spynet and they update pretty
> often so do an update in a few days and see if it will then remove it.
> Remember it is still in Beta.


 
Reply With Quote
 
PA Bear [MS MVP]
Guest
Posts: n/a

 
      21-08-2009, 11:45 PM
Format the HDD then do a clean install of Windows. Please note that a
Repair Install (AKA in-place upgrade) will NOT fix this!

cf. http://michaelstevenstech.com/cleanxpinstall.html#steps

After the clean install, you'll have the equivalent of a "new computer" so
take care of everything on the following page before otherwise connecting
the machine to the internet or a network and before using a USB key that
isn't brand-new or hasn't been freshly formatted:

5 steps to help protect your new computer before you go online
http://www.microsoft.com/protect/com...nced/xppc.mspx

HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
(after a clean install)
http://groups.google.com/group/micro...5afa8ed33e121c

HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
clean install)
http://groups.google.com/group/micro...66ae41add7dd2b

Also see:

Steps To Help Prevent Spyware
http://www.microsoft.com/protect/com...e/prevent.mspx

Rogue Security Software - Microsoft Security:
http://www.microsoft.com/protect/com...ses/rogue.mspx
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com


chris wrote:
> I downloaded MSE from softpedia I think. It's a friend's computer and I
> don't think there was ANY legitimate anti-virus software running before.
> Plenty of fake anti-virus crap though.
>
> "PA Bear [MS MVP]" wrote:
>> How did you obtain MSE? What anti-virus application was installed before
>> you installed MSE?
>>
>> If you're enrolled in the MSE beta, you can obtain assistance here:
>> http://social.answers.microsoft.com/...sescan/threads
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-IE, Mail, Security, Windows Client - since 2002
>> www.banthecheck.com
>>
>> chris wrote:
>>> I have the latest MSE updates on an XP sp3 laptop and have tried
>>> cleaning
>>> then rebooting, disconnecting internet then cleaning then rebooting,
>>> cleaning out windows/temp folder, also running MSE from XP safe mode
>>> without network .... but nothing seems to do it.
>>>
>>> MSE keeps telling me if finds these:
>>> Trojan:Win32/Alureon.BF
>>> Trojan:Win32/Alureon.gen!R
>>> Trojan:Win32/Alureon.BD
>>> Trojan:Win32/Alureon.gen!C
>>>
>>> Please help!


 
Reply With Quote
 
chris
Guest
Posts: n/a

 
      25-08-2009, 08:19 PM
Wow, that was painful! Here's how I finally removed it:

1) download Malwarebyte's Anti-Malware & SUPERAntiSpyware on a different
computer (both are free programs). The virus was smart enough to prevent me
from visiting their web sites.

2) Copy the executables over to infected XP laptop. Rename executables
(virus also prevented me from launching them unless renamed).

3) Launch Microsoft Security Essentials, Malwarebytes, & SUPERAntiSpyware
and UPDATE definitions of all 3

4) reboot to Windows SAFE mode without networking

5) Run all 3 programs with FULL scans (this takes about 7 or 8 hours)

6) Clean all instances of malware found (all 3 products found different
counts of various items)

7) Clean out Windows\Temp folder (since a few of infected dlls were found in
here)

8) Clean out filnames starting with UAC in Windows\System32 (7 or 8 infected
dlls were found in here, all named UAC<something>.dll). Also delete
UACwbojwygitk.db that was in here ... no software identified it but name was
suspicious so I removed it.

9) Clean out all user's Temporary Internet Files & \Temp directories, since
a few items were identified in here. Example:

C:\Documents and Settings\userA\Local Settings\Temporary Internet Files &
\Temp

"PA Bear [MS MVP]" wrote:

> Go away, Paddy! (Do they let you out on weekends or what?)
>
> What's the "real truth" about pcbutts1? Read on...
>
> • Is he an MS MVP? No!
> cf. http://mvp.support.microsoft.com/communities/mvp.aspx
>
> • If xxx.ms-mvp.org redirects to xxx.pcbutts1.com, why didn't he post that
> link to begin with?
>
> • Is he a proven thief? Yes!
> cf.
> http://groups.google.com/group/micro...e6c02dbc6279ad
> cf.
> http://msmvps.com/blogs/hostsnews/ar...00__2E00_.aspx
> cf.
> http://groups.google.com/group/micro...3247814fb4d61e
> cf.
> http://groups.google.com/group/micro...9fce884897662f
>
> • What do real experts have to say about him? It ain't pretty.
>
> http://www.siteadvisor.com/sites/pcbutts1.com (Reviews)
>
> http://www.digg.com/security/PCButts1_Under_Attack
>
> http://www.siteadvisor.com/sites/pcbutts1.com
>
> http://bughunter.it-mate.co.uk/PCBUTTS.TXT
>
> http://www.mywot.com/en/scorecard/pcbutts1.com
>
> http://www.mywot.com/en/scorecard/www.ms-mvp.org
>
> • Does he have all his marbles?
> cf. http://en.wikinews.org/wiki/NASA_van...ornia_mountain
>
> Ignore this MVP imposter!
> --
> ~Robear Dyer
> MS MVP-IE, Mail, Security, Windows Client
> https://mvp.support.microsoft.com/de...le/robear.dyer
>
>
> The Real Truth MVP wrote:
> > By default MSE sends that info to Microsoft Spynet and they update pretty
> > often so do an update in a few days and see if it will then remove it.
> > Remember it is still in Beta.

>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: MICROSOFT SECURITY ESSENTIALS FromTheRafters Computer Security 6 24-07-2009 04:42 AM
Re: MICROSOFT SECURITY ESSENTIALS ---Fitz--- Computer Security 0 19-07-2009 05:27 PM
Re: MICROSOFT SECURITY ESSENTIALS Sunny Computer Security 0 19-07-2009 05:42 AM
Microsoft Security Essentials gets good review Richard Urban Computer Security 1 03-07-2009 04:20 PM
Microsoft Security Essentials * Beta * Launched SJL Spyware 2 25-06-2009 04:33 AM


All times are GMT. The time now is 07:22 AM.