Trojan:DOS/Alureon.A threat, MSE unable to remove

I have a severe threat from Trojan:DOS/Alureon.A but when I click on take action MSE status says error encountered and requests to restart computer. The threat window appears again and the same error message. I have tried this several times now so it seams like MSE can’t get rid of it. I believe the threat is responsible for my Firefox redirect problem I am having. How do I get rid of the threat?

 

Question Info


Last updated February 14, 2019 Views 29,170 Applies to:
Answer
Answer

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2FAlureon

Alureon is difficult to remove, is considered a rootkit (it may morph and change identity on your OS) and many IT professionals recommend a reinstall of the OS to ensure the rootkit is removed. You can try some steps that may remove Alureon from your computer and then make a decision as to whether you need to reinstall.

Your safest option is to seek assistance from MS Support and I recommend you let them advise you in this matter:

Since you are using Microsoft Security Essentials, you can get help with malware removal here: https://support.microsoftsecurityessentials.com/ Then select “I think my computer is infected”. From there, select the email or phone option. You can also usehttps://consumersecuritysupport.microsoft.com/eform.aspx?productKey=pcsafetymalware&ct=eformts&supportLinkeformts=E-mail

If you are in North America, you can call MS Support at 866-727-2338 for help with virus and spyware infections.

For international information see your local subsidiary support site.

If you back up your files at this time, remember you might be also backing up Alureon so plan accordingly.

OR

Go to www.malwarebytes.org and download, install, update and run the free version – just follow the prompts. You may need to rename the installation file to 123.exe or something similar to prevent the malware from disabling/blocking the installation.

and/or

Try Hitman Pro:

http://www.surfright.nl/en/hitmanpro This is a 30 day trial version of a pay product; if the program works and you like the program and decide to purchase it, that is your option.

and/or

Try TDSS Killer: http://support.kaspersky.com/faq/?qid=208283363 TDSS Killer is probably a "weapon of choice" against Alureon and many users report success using this program.

If the above steps are not successful, you could also seek assistance at Virtual Doctor Forums - they are quite good at malware removal:http://discussions.virtualdr.com/forumdisplay.php?f=71

Good luck...

MVP Consumer Security 2014-2016
Windows Insider MVP 2016-2018

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Answer
Answer

Hi plt,

 

No, at this time MSE cannot handle complete removal of this threat.  I'm sure it will in time, but that time is not yet here.

 

Note there are many variants of Alureon and while most are similar, they sometimes differ enough that what works for one may not work (or only partially work) for another.  Also, sometimes the same variant can have a dozen or more different names which all refer to the same thing.  For example, here's a different entry than that listed above from the Microsoft Malware Encyclopedia specifically for DOS/Alureon.A: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aDOS%2fAlureon.A.

 

First, try the following programs if you haven't as they may do the trick: I recommend you download, install, update, and run full scans with Malwarebytes:http://www.malwarebytes.org/ and SuperAntiSpyware:http://superantispyware.com/ and then run a full Security Scan from Microsoft:http://www.microsoft.com/security/default.aspx.  You may need to rename the installation programs to something else to get them to install as this particular malware includes code that identifies attempts to install these programs and by renaming them, you can sometimes get past that defense by the malware.

 

If that doesn't work, try the somewhat manual (but mostly using a different program) methods suggested here:http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller.

 

But in truth, doing it yourself isn't entirely certain, so to be safe and sure, I recommend the following:

 

Please follow these recommendations compliments of JimR1 - MVP:

 

Start here - https://support.microsoftsecurityessentials.com/ and select the link that says - I think my computer is infected - and then select the support option for phone, chat or email (options will vary by Region).

 

If you are in North America, you can call 866-727-2338 for free help from Microsoft for virus and spyware infections.

 

If that doesn't work or they can't help, try one of the following malware-removal forums compliments of PA Bear - MVP:

 

I can recommend the expert assistance offered in these forums:http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,http://www.spywarewarrior.com/viewforum.php?f=5,http://www.dslreports.com/forum/cleanup,http://www.bluetack.co.uk/forums/index.php, andhttp://aumha.net/viewforum.php?f=30

 

I hope this helps.

 

Good luck!

MVP(7/2012-6/2015),MCSE,MCSA,MCC2011,xCMM,xCAM,A+,Net+,Security Expert, xInfluencer. See Profile.

W10Prox64 Fast 16299rs3; Ofc Insider 1710/8613.1000; Edge,IE11,Chrome.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.