Yay, Trojan Virus avoided!!

[Softball]

A virus scan found and removed this *sigh*:

Trojan:DOS/Alureon.A

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
rootkit:Alureon->Mbr::Alureon

[Tach Deneva]

Major Eekage!

Any idea from whence it came?

[Softball]

No clue, just appeared during a virus scan. I don't usually browse the web on this PC, only play games. But who knows, my wife may have jumped on the computer and went to some unsavy web site.

It appears I may not have got rid of it, still showing it's ugly head after a cleaning during a reboot. Might have to DL some offline scanner software. Blah.

[Hammer]

check to see if it created a hidden boot partition on your hard drive. i had that on an employee's computer not too long ago. the virus creates a small boot partition and makes it active instead of the regular one, that is how it kept getting into memory and back onto the hard drive after scanning/cleaning. you can delete that partition in disk manager, then make the correct one active.

[Softball]

It appears the rootkit attack succeeded and infected my MBR. I was able to do a system restore back to 4/6/12, and then ran Windows Defender Offline to remove the Rootkit and some other residual Trojan virus files. So far the system is clean, but the system restore resulted in some strange results. For example, all of the files/folders on my Data drive (D:) were labeled as HIDDEN, as well as several other random files on my C: drive. Also, I had to reinstall my Antivirus software after the system restore as it wasn't working correctly. I also found a User profile that should not be there, so I deleted the account and removed all files associated with it. I changed the password for my User account just to be on the safe side, and made sure that all other accounts were disabled.

I'm really stumped on how this virus got onto my computer and I am pretty security conscience and don't install untrusted software (cracks, keygens, etc...); I don't even read email on this computer. I ONLY play games and that is pretty much it. Very rarely do I browse the web and I keep the computer up to date and scan for viruses and malware religiously. Now, it is possible that another computer on my network infected it, but none of the other computers are having virus problems.

For now, the computer is stable. I'll be watching very closely for more strangeness. *Fingers Crossed*

I'm off to bed, night all.

[Tach Deneva]

Probably that crazy SWTOR pre-installing the Legacy System!



Heh, you never know. Quite a few people over at STO had their accounts hijacked recently and in at least some of those cases it was allegedly due to a trojan in an ad on the STOwiki site (which is not an official cryptic or PW site and is actually part of the Curse network which evidently hosts a lot of wikis for various games including the Darth Hater site which is a SWTOR wiki).

[Hammer]

youmight check your hdd again. look for partitions. use something like bootitng or a partition tool you boot from cd or usb drive. it does not sound like you actually got rid of it.

[Falker]

That makes allot of séance what you have said Hammer. Because every time I got a Trojan horse , than deleted it… it would eventually sneak back up on me again when I was using Windows XP. It’s the reason why I usually had to reformat more than usual. However nowadays , with Windows 7.. I simply restore to another date. So far , it’s has been working for me but , I’d still like to get a Symantec. program that works well with Windows 7.

P.S is there a web- link to check to and see if a virus has created a hidden boot partition on my hard drive. I think it may in MS-DOS prompt right? The command sequence would be helpful , thanks…

[Falker]

Okay check that , I’ll load up Partition Magic next time… Thanks for the info!

[Hammer]

restore does not get rid of the partition. it only sets the windows configuration to what it was at the date and time you select to restore from. that has nothing to do with partitions on the hard drive. so if it create a partition and sets that to active, it will load every time regardless of your restore. btw, winxp has restore too.

[Hudson]

http://fedoraproject.org/