Printable View
Windows Defender is installed on my system and it detects Trojan:Win32/Alureon.CO whenever i open internet Explorer. A number of websites are opened randomly on my browser. I tried closing them a number of times but these websites always gets opened once again. what is happening on my system can anybody explain me also tell me how can i remove Trojan:Win32/Alureon.CO
Trojan:Win32/Alureon.CO as the name itself suggest it is kind of trojan which downloads and executes arbitrary files. Some malwares detected with the same name may also be able to spread to removable drives. Whenever this is executed, Trojan:Win32/Alureon.CO creates an event '\\TDKP' to make it sure that only a single instance of the trojan runs at a time. To get rid of this you will have to make use of a good antivirus application on your system.
You can make sure whether your system is infected by the trojan by checking the following system changes.
In subkey: HKLM\SOFTWARE\Classes\msqpdxvx
Adds value: "msqpdxrun"
With data: "g"
To subkey: HKLM\SOFTWARE\Classes\extravideo\CLSID
Sets value: "(default)"
With data: "{6bf52a52-394a-11d3-b153-00c04f79faa6}"
To subkey: HKLM\SOFTWARE\Classes\msqpdxvx
Sets value: "msqpdxpff"
With data: <randomly generated letter or number> e.g. "k"
If you notice the above changes then this clearly indicates an infection of your system if not, then i would suggest you to remove the browser defender application and check whether your problem is solved.
Trojan:Win32/Alureon.CO injects code into <system folder>spoolsv.exe, with the help of which it is spreaded. This code attempts to copy Trojan:Win32/Alureon.CO to all accessible drives as <drive>\resycled\boot.com.
An autorun file is also generated - autorun.inf (detected as Trojan:Win32/Alureon!inf) - in the root of each targeted drive. Both of these files are hidden. The autorun file, <drive>\autorun.inf, points to the copy of Alureon.CO, <drive>\resycled\boot.com.
When the removable or networked drive is accessed from another machine supporting the Autorun feature, the malware is launched automatically. Try using Microsoft Security Essential application to remove this trojan
Do you know how to remove the trojan Win32: Alureon-BX with free software. It has infected the memory of my computer running with windows XP. C:\windows\system32\drivers\UACpsxfqueo.sys C: \ windows \ system32 \ drivers \ UACpsxfqueo.sys . I checked the subkeys which are mentioned above and they are changed. But it could not help me to get rid of it.
To implement a solution to this topic i will need a log file so it would be better if you can post your log file here i have mentioned the method for posting the log file.
- Download RSIT.exe on your machine.
- Click Continue to display Disclaimer.
- If the tool HijackThis (current version) is not present or not detected on your computer, download the RSIT (allows access in your firewall, if requested) and you must accept the license.
- When the scan is complete, two text files will appear.
- Post the contents of log.txt as well as info.txt .
Note: The reports are saved in the folder C: \ RSiT
Download the Microsoft security Essential application on your system and install it update the virus definition and scan your system to remove the trojan. In future you can prevent such infection on your machine by following the steps which are mentioned below:
- Turn on the Firewall on your system.
- Always keep the Microsoft Security Essential application updated.
- Use caution while opening attachments and accepting file transfers.
- Use caution whenever you click on links to Web pages.