Trojan:DOS/Alureon.A – Removal
Trojan:DOS/Alureon.A is the detection for a variant of the Alureon malware family that infects the Master Boot Record (MBR).
Recently came across this Trojan:DOS/Alureon. A rootkit on a customers laptop. Customers laptop was badly infected with 168 virus and malware. All viruses & malwarte removed clean with the exception of this Trojan:DOS/Alureon. I tried several programs, including 3 boot rescue cd’s. All of them detected the remaining infection but failed at fixing or removing the rootkit. HitMan Pro also detected a Master Boot Record infection. I was hesitant on removing these 2 remaining infections before contacting the customer on a very possible reload of the operating system. After explaining what I had here, and the possiblity of ending up with a non boot computer, customer gave me the ok on wiping it clean if I had to.
So, I took a shot at this Trojan:DOS/Alureon.A rootkit with Kaspersky TDSSKiller. First time I ran Kaspersky’s TDSSKiller, it detected the rootkit and I used the “copy to quarentine” function, rebooted and re-scanned and rootkit was still there. Ran Kaspersky’s TDSSKiller one more time and used the “Cure” function……. rootkit gone. Computer booted up fine, ran all scans thru again nothing remaining.
NOTE: As always maintaining backups of all important data at all times is very important. These type MBR infections could result in disaster for the average user with a non boot computer even after removal. This particular one removed or “cured” clean with no boot problems afterwards. Perform at your own risk.
Followed up and checked with MBRCheck, all good
“MBRCheck hecks the legitimacy of the Master Boot Record (MBR) code of the hard drives on the computer.
So to summarize how this Trojan:DOS/Alureon was removed:
- Download Kaspersky TDSSKiller
- Run Kaspersky’s TDSSKiller with Administrator rights – Right Click – Run As Administrator
- When scan is complete, make sure to use the “Cure” function
- Reboot and rescan system, Trojan:DOS/Alureon should be gone
Followup to check the MBR with MBRCheck
Follow up scans with your regular security tools. HitmanPro is a good one to run thru, it is retail with a 30 day trial, but you ne able to get some good results. It is portable and a fast virus scanner, uses the “Cloud” utilizing several anti virus vendors. “Hitman Pro 3 combines a variety of anti malware programs without installing software on your PC. Hitman Pro 3 will not slow down your PC as it is using cloud technologyfor malware detection.”
I personally ran into this Trojan Alureon virus that my Eset Nod32 AntiVirus alerted me to. Would you like to know where? On 2 separate occasions, about 2 weeks a part watching an old tv show on Hulu. About 20 minutes into watching a tv show on Hulu, Eset Nod32 AntiVirus 5 blocked the virus. YES Hulu, I do not go there anymore! Eset Nod32 Anti Virus 5 blocked it both times!
Highly Recommended Anti Virus – Eset Nod32 Anti Virus 5