Alureon.A Trojan
November 10, 2010 5:04 PM Subscribe
My neighbor's computer seems to be infected with a rootkit trojan, Alureon.A. can anyone recommend a way to get rid of it? I have found some sites referenced from Wikipedia, but it seems pretty complicated. I am open to suggestions.
Seems like mainly a dirty copy of atapi.sys.
Here's a method, and another simpler one.
posted by senterstyle at 5:26 PM on November 10, 2010
Here's a method, and another simpler one.
posted by senterstyle at 5:26 PM on November 10, 2010
I take the "nuke it from orbit" approach and reinstall the operating system (backing up important data first, of course). It's a hassle, but it's thorough.
posted by kprincehouse at 6:46 PM on November 10, 2010 [4 favorites]
posted by kprincehouse at 6:46 PM on November 10, 2010 [4 favorites]
Check my profile for the virus/spyware fighting toolkit.
posted by deezil at 7:01 PM on November 10, 2010 [3 favorites]
posted by deezil at 7:01 PM on November 10, 2010 [3 favorites]
I was going to suggest Combofix but Jmnugent beat me to it.
posted by Kid Charlemagne at 9:25 PM on November 10, 2010
posted by Kid Charlemagne at 9:25 PM on November 10, 2010
Best answer: Aleuron is also known as TDSS; it's a bit of a bugger to get clean, as it downloads and installs other nasties.
Kasperksy have a specific tool to remove this rootkit here, called TDSSKiller. Basically, download it, unzip it and run on the infected PC.
I would also recommend running a sweep with all of combofix, spybot search and destroy, panda activescan and adaware free to check to see if any other nasties came along for the ride.
posted by ArkhanJG at 4:41 AM on November 11, 2010 [1 favorite]
Kasperksy have a specific tool to remove this rootkit here, called TDSSKiller. Basically, download it, unzip it and run on the infected PC.
I would also recommend running a sweep with all of combofix, spybot search and destroy, panda activescan and adaware free to check to see if any other nasties came along for the ride.
posted by ArkhanJG at 4:41 AM on November 11, 2010 [1 favorite]
Response by poster: We ran TDSSKiller and it was fast and easy. It freed up IE and Microsoft Security Essentials, both of which we completely blocked by the virus. I ran Super Anti Spyware, MalwareBytes and MSE and it came out clean.
I will look at the other anti-virus apps listed here too. My poor neighbor is completely horrified by the computer now. She's 83 and struggles with it a bit, but is quite a trooper, using FireFox, doing banking online and more. Now she's afraid that these nasties have stolen her info.
Thanks all for the suggestions!
posted by Red58 at 10:39 AM on November 11, 2010
I will look at the other anti-virus apps listed here too. My poor neighbor is completely horrified by the computer now. She's 83 and struggles with it a bit, but is quite a trooper, using FireFox, doing banking online and more. Now she's afraid that these nasties have stolen her info.
Thanks all for the suggestions!
posted by Red58 at 10:39 AM on November 11, 2010
I take the "nuke it from orbit" approach and reinstall the operating system (backing up important data first, of course). It's a hassle, but it's thorough.
I always just thought of it as the “Kill it with fire” approach.
posted by thsmchnekllsfascists at 11:58 AM on November 11, 2010
I always just thought of it as the “Kill it with fire” approach.
posted by thsmchnekllsfascists at 11:58 AM on November 11, 2010
This thread is closed to new comments.
posted by jmnugent at 5:25 PM on November 10, 2010 [1 favorite]