Win32/Alureon; virus; removal; slow" />

Knowledge Base

Trojan:DOS/Alureon.E Removal


Article Summary: Trojan:DOS/Alureon.E is the detection name for infected Volume Boot Records (VBR) produced by certain variants of the Win32/Alureon rootkit family. The rootkit infects 32-bit and 64-bit systems.


Table of Contents:
  1. Fix for Trojan:DOS/Alureon.E Removal



Issue 1.

Some anti-virus program can detect this (Especially awsMBR and MSE) but will not be able to remove it easily. The AV program will prompt for a restart to complete the cleaning process, but after reboots, it will appear that the threat is not removed and it will yet again prompt for another restart


The threat is a rootkit that creates a new partition. This partition will be hidden from Disk Management. It will be visible though in the Command Prompt. Reformatting the OS partition may not be the solution since the rootkit is located on a separate partition.

Solution:
Delete the partition created by the rootkit via elevated command prompt. Here’s how:
1) Open elevated command prompt (Run CMD as Administrator)
2) Type ‘DISKPART’
3) Select the hard drive by typing ‘SELECT DISK N’ (N is the number assigned to the drive that needs to be fixed)
a. Example: SELECT DISK 0
b. If you are not sure what number to select, type ‘LIST DISK’
4) Type ‘LIST PARTITION’ to see all partitions from that drive. Normally, you would only see three paritions: The OS partition, Recovery partition, and the OEM or System Reserved Partition. The fourth partition with less than 1GB will be more likely the partition created by the rootkit.
5) Delete the suspicious partition using the following commands
a. Select the partition by typing ‘SELECT PARTITION n’ (N is the number assigned to the said partition)
b. Type ‘DELETE PARTITION’ to delete the volume.
6) Type ‘EXIT’ to exit out.




References: http://www.microsoft.com; http://www.bleepingcomputer.com

1. Dell Confidential Information. This information is provided pursuant to the terms of your Dell Non-Disclosure Agreement. Do not share confidential information with third parties or customers. 2. No personally-identifying information can be exchanged via this forum. Information or content including but not limited to images and documentation submitted to Dell or exchanged via this forum may not contain any Personally Identifiable Information. Unless applicable local law provides otherwise, Personally Identifiable Information - or PII means data or information that alone or together with any other information identifies a natural person or data considered to be personal data or any other type or personal data that may be subject to privacy laws or regulations. Do not submit or publish anything that contains Personally Identifiable Information. 3. Content authored by you will be shared. The intent of this forum is for public audiences. Everything written in this forum is intended for possible public consumption and is also an open-exchange among Dell and its support partner community for the benefit of Dell customers. Accordingly, do not publish anything which you dont wish to be shared with the external community. Your content can and will be shared and share accordingly for an external audience. The content that is written in this forum is Dell IP. 4. You grant Dell free, unlimited license to use any content authored by you in this forum. Please note that by publishing content on this website, to the extent that Dell is not already due to applicable local law the rightful owner of any intellectual property right related to such articles, you grant to Dell the unconditional and perpetual right, license and consent to reproduce, store, copy, transmit, publish, post, broadcast, display, and exhibit your article or content in any media throughout the world in relation with providing support to Dell customers, without limitation, and without additional review, compensation, or approval from you or any other party. Dell is authorized to use your name in connection with your participation. By submitting an article or document, you further agree not to instigate, support, maintain, or authorize any action, claim, or lawsuit against Dell on the grounds that Dells use of your article set forth in these terms and conditions infringes any of your rights, including, without limitation, copyrights, patent rights, trademark rights, or moral rights - droit moral. 


Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Artikel-ID: SLN186158

Datum der letzten Änderung: 06/10/2013 12:00 AM


Diesen Artikel bewerten

Präzise
Nützlich
Leicht verständlich
War dieser Artikel hilfreich?
Ja Nein
Schicken Sie uns Ihr Feedback.
Die folgenden Sonderzeichen dürfen in Kommentaren nicht verwendet werden: <>()\
Derzeit ist kein Zugriff auf das Feedbacksystem möglich. Bitte versuchen Sie es später erneut.

Vielen Dank für Ihr Feedback.