How to remove the Alureon trojan

I’ve recently had a struggle trying to remove some viruses from a laptop. It was initially presenting with a pop-up advising that the security software was out of date and that it was necessary to purchase the latest version – all designed to look like an official Windows warning. I was able to remove this with Malwarebytes’ Anti-Malware, but Avast was still alerting about something trying to access a malicious URL.

After unsuccessfully scanning with various programs, I next tried using Radix Anti-Rootkit.

Radix Anti-Rootkit in action

Radix Anti-Rootkit in action

This gave warnings about several processes that had been ‘hooked’, including Windows Live Messenger and ATI’s Catalyst Control Center. I uninstalled these (assuming that they had been infected) which cleared the warnings after scanning again, but there were still warnings which Radix couldn’t fix.

I tried scans with various other programs, but the one that finally did the trick was actually Microsoft’s Malicious Software Removal Tool, which after downloading and running gave the information that the laptop was infected with Alureon, and that it had been partially removed. Whilst not completely clearing the problem, knowing the cause of it was very helpful.

I finally removed Alureon using Kasperky’s TDSSKiller. This tool performed a scan then removed Alureon completely.

Kaspersky's TDSSKiller

Kaspersky's TDSSKiller

After rebooting, the laptop was finally clear of viruses. All that remained was to update everything to the latest version to try and prevent future exploits. I believe the cause was a dodgy PDF file – the laptop only had Adobe Reader 7 installed, but I’ve now updated this to version 10/X. I’ve also updated Flash and Java. Since then everything has been running smoothly!

This entry was posted in Virus, Windows. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*