Go Back   TechArena Community > Technology > Networking & Security
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

Networking & Security


Reply
 
Thread Tools Search this Thread
  #1  
Old 15-05-2010
Member
 
Join Date: Dec 2009
Posts: 42
Trojan:Win32/Alureon.CO SUGGESTED REMOVAL
  

Windows Defender is installed on my system and it detects Trojan:Win32/Alureon.CO whenever i open internet Explorer. A number of websites are opened randomly on my browser. I tried closing them a number of times but these websites always gets opened once again. what is happening on my system can anybody explain me also tell me how can i remove Trojan:Win32/Alureon.CO

Reply With Quote
  #2  
Old 15-05-2010
Member
 
Join Date: Apr 2008
Posts: 3,426
Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

Trojan:Win32/Alureon.CO as the name itself suggest it is kind of trojan which downloads and executes arbitrary files. Some malwares detected with the same name may also be able to spread to removable drives. Whenever this is executed, Trojan:Win32/Alureon.CO creates an event '\\TDKP' to make it sure that only a single instance of the trojan runs at a time. To get rid of this you will have to make use of a good antivirus application on your system.
Reply With Quote
  #3  
Old 15-05-2010
Member
 
Join Date: May 2008
Posts: 3,524
Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

You can make sure whether your system is infected by the trojan by checking the following system changes.

In subkey: HKLM\SOFTWARE\Classes\msqpdxvx
Adds value: "msqpdxrun"
With data: "g"

To subkey: HKLM\SOFTWARE\Classes\extravideo\CLSID
Sets value: "(default)"
With data: "{6bf52a52-394a-11d3-b153-00c04f79faa6}"

To subkey: HKLM\SOFTWARE\Classes\msqpdxvx
Sets value: "msqpdxpff"
With data: <randomly generated letter or number> e.g. "k"

If you notice the above changes then this clearly indicates an infection of your system if not, then i would suggest you to remove the browser defender application and check whether your problem is solved.
Reply With Quote
  #4  
Old 15-05-2010
Member
 
Join Date: Jan 2006
Posts: 3,779
Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

Trojan:Win32/Alureon.CO injects code into <system folder>spoolsv.exe, with the help of which it is spreaded. This code attempts to copy Trojan:Win32/Alureon.CO to all accessible drives as <drive>\resycled\boot.com.

An autorun file is also generated - autorun.inf (detected as Trojan:Win32/Alureon!inf) - in the root of each targeted drive. Both of these files are hidden. The autorun file, <drive>\autorun.inf, points to the copy of Alureon.CO, <drive>\resycled\boot.com.

When the removable or networked drive is accessed from another machine supporting the Autorun feature, the malware is launched automatically. Try using Microsoft Security Essential application to remove this trojan
Reply With Quote
  #5  
Old 15-05-2010
Member
 
Join Date: Jan 2006
Posts: 4,233
Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

Do you know how to remove the trojan Win32: Alureon-BX with free software. It has infected the memory of my computer running with windows XP. C:\windows\system32\drivers\UACpsxfqueo.sys C: \ windows \ system32 \ drivers \ UACpsxfqueo.sys . I checked the subkeys which are mentioned above and they are changed. But it could not help me to get rid of it.
Reply With Quote
  #6  
Old 18-05-2010
Member
 
Join Date: Apr 2008
Posts: 3,344
Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

To implement a solution to this topic i will need a log file so it would be better if you can post your log file here i have mentioned the method for posting the log file.
  • Download RSIT.exe on your machine.
  • Click Continue to display Disclaimer.
  • If the tool HijackThis (current version) is not present or not detected on your computer, download the RSIT (allows access in your firewall, if requested) and you must accept the license.
  • When the scan is complete, two text files will appear.
  • Post the contents of log.txt as well as info.txt .

Note: The reports are saved in the folder C: \ RSiT
Reply With Quote
  #7  
Old 19-05-2010
Member
 
Join Date: May 2008
Posts: 2,950
Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

Download the Microsoft security Essential application on your system and install it update the virus definition and scan your system to remove the trojan. In future you can prevent such infection on your machine by following the steps which are mentioned below:
  • Turn on the Firewall on your system.
  • Always keep the Microsoft Security Essential application updated.
  • Use caution while opening attachments and accepting file transfers.
  • Use caution whenever you click on links to Web pages.
Reply With Quote
Reply

  TechArena Community > Technology > Networking & Security
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Trojan:Win32/Alureon.CO SUGGESTED REMOVAL"
Thread Thread Starter Forum Replies Last Post
How to remove Trojan: win32/fakesysdef and trojan@winnt/alureon.s. Barnard Networking & Security 8 28-08-2011 09:50 AM
Remove Trojan.win32.alureon.ct by Microsoft Security Essential TanmayKishan Networking & Security 5 30-10-2010 03:54 AM
Trojan: Win32/Alureon.CT on Dell Studio KAMANA Networking & Security 6 26-11-2009 11:18 PM
Removal Instructions for Trojan:Win32/FakeScanti Rutajit Networking & Security 3 03-11-2009 11:33 AM


All times are GMT +5.5. The time now is 09:50 PM.