Results 1 to 7 of 7

Thread: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

  1. #1
    Join Date
    Dec 2009

    Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    Windows Defender is installed on my system and it detects Trojan:Win32/Alureon.CO whenever i open internet Explorer. A number of websites are opened randomly on my browser. I tried closing them a number of times but these websites always gets opened once again. what is happening on my system can anybody explain me also tell me how can i remove Trojan:Win32/Alureon.CO

  2. #2
    Join Date
    Apr 2008

    Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    Trojan:Win32/Alureon.CO as the name itself suggest it is kind of trojan which downloads and executes arbitrary files. Some malwares detected with the same name may also be able to spread to removable drives. Whenever this is executed, Trojan:Win32/Alureon.CO creates an event '\\TDKP' to make it sure that only a single instance of the trojan runs at a time. To get rid of this you will have to make use of a good antivirus application on your system.

  3. #3
    Join Date
    May 2008

    Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    You can make sure whether your system is infected by the trojan by checking the following system changes.

    In subkey: HKLM\SOFTWARE\Classes\msqpdxvx
    Adds value: "msqpdxrun"
    With data: "g"

    To subkey: HKLM\SOFTWARE\Classes\extravideo\CLSID
    Sets value: "(default)"
    With data: "{6bf52a52-394a-11d3-b153-00c04f79faa6}"

    To subkey: HKLM\SOFTWARE\Classes\msqpdxvx
    Sets value: "msqpdxpff"
    With data: <randomly generated letter or number> e.g. "k"

    If you notice the above changes then this clearly indicates an infection of your system if not, then i would suggest you to remove the browser defender application and check whether your problem is solved.

  4. #4
    Join Date
    Jan 2006

    Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    Trojan:Win32/Alureon.CO injects code into <system folder>spoolsv.exe, with the help of which it is spreaded. This code attempts to copy Trojan:Win32/Alureon.CO to all accessible drives as <drive>\resycled\

    An autorun file is also generated - autorun.inf (detected as Trojan:Win32/Alureon!inf) - in the root of each targeted drive. Both of these files are hidden. The autorun file, <drive>\autorun.inf, points to the copy of Alureon.CO, <drive>\resycled\

    When the removable or networked drive is accessed from another machine supporting the Autorun feature, the malware is launched automatically. Try using Microsoft Security Essential application to remove this trojan

  5. #5
    Join Date
    Jan 2006

    Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    Do you know how to remove the trojan Win32: Alureon-BX with free software. It has infected the memory of my computer running with windows XP. C:\windows\system32\drivers\UACpsxfqueo.sys C: \ windows \ system32 \ drivers \ UACpsxfqueo.sys . I checked the subkeys which are mentioned above and they are changed. But it could not help me to get rid of it.

  6. #6
    Join Date
    Apr 2008

    Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    To implement a solution to this topic i will need a log file so it would be better if you can post your log file here i have mentioned the method for posting the log file.

    • Download RSIT.exe on your machine.
    • Click Continue to display Disclaimer.
    • If the tool HijackThis (current version) is not present or not detected on your computer, download the RSIT (allows access in your firewall, if requested) and you must accept the license.
    • When the scan is complete, two text files will appear.
    • Post the contents of log.txt as well as info.txt .

    Note: The reports are saved in the folder C: \ RSiT

  7. #7
    Join Date
    May 2008

    Re: Trojan:Win32/Alureon.CO SUGGESTED REMOVAL

    Download the Microsoft security Essential application on your system and install it update the virus definition and scan your system to remove the trojan. In future you can prevent such infection on your machine by following the steps which are mentioned below:

    • Turn on the Firewall on your system.
    • Always keep the Microsoft Security Essential application updated.
    • Use caution while opening attachments and accepting file transfers.
    • Use caution whenever you click on links to Web pages.

Similar Threads

  1. How to remove Trojan: win32/fakesysdef and trojan@winnt/alureon.s.
    By Barnard in forum Networking & Security
    Replies: 8
    Last Post: 28-08-2011, 10:50 AM
  2. Remove Trojan.win32.alureon.ct by Microsoft Security Essential
    By TanmayKishan in forum Networking & Security
    Replies: 5
    Last Post: 30-10-2010, 04:54 AM
  3. Trojan: Win32/Alureon.CT on Dell Studio
    By KAMANA in forum Networking & Security
    Replies: 6
    Last Post: 27-11-2009, 12:18 AM
  4. Removal Instructions for Trojan:Win32/FakeScanti
    By Rutajit in forum Networking & Security
    Replies: 3
    Last Post: 03-11-2009, 12:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts