Virus:Win32/Alureon.H (?)

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fAlureon.H



Microsoft reports this is probably from installing pirated software. It reports as malicious actions an array of hijacking of navigation severally and may install fake rogue security software. There is no real mention of password stealing and accounts as its intent. It apparently wants its infected machine like continually going to where it wants which in turn pays them - the search hijacking and browser hijacking. However, it most likely has done something that you need to take care of immediately and that is it most likely has installed a rootkit.



[This installation is kind of the mother of all adwares. There is no mention by the experts that private data is comprimised as by a keylogger etc. These are not part of the package although most likely is next step, take no chances]



Via the rootkit infection, you may think you have removed it. The entire infection will soon return and even in variants of it. The rootkit it installs will attempt to hide the actual infection which diturbingly ends here.... "Symptoms: There are no discernable symptoms that indicate the presence of this malware on an affected machine. " - which means it pretty much is not visible in behaviors to the naked eye to even suspect infection.



All in all with such a massive infection as opposed to say some minor infection of some adware installtion just running continual pop ups I would absolutely fire every anti-rootkit scanner/remover at it I could. I would definately want to be assured there is not a rootkit or other infection present and ONLY then begin to change all accounts. If there are finances involved as online accounts I would absolutely be on the phone about it.



The bottom line is this exact infection does indeed attempt to install a rootkit. Research that to understand what this does. The general recommendation is that you completely wipe the disk and reinstall Windows factory fresh when there is a rootkit infection present - as they will quickly propigate in the system and are able to hide from all known defense softwares.



Rootkit (definition)

http://en.wikipedia.org/wiki/Rootkit



Because of the most probable rootkit infection everyone is going to tell you to wipe it and reinstall. It is the only way to get rid of it and be sure. What's even worst than that is botnet infection. Their whole show might take the machine there next.



You may interpret any of this as I did here ---- >

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Virus%3aWin32%2fAlureon.H



That's what it says and I do amatuer forensics and botnet removals. Tip there for that activity is the DNS spoofing area (broadband). TRY ----> quick check;



Online Tool Developed to Check for Botnet Activity

BotnetChecker.Com

Go To: http://botnetchecker.com/

Install ---> RUBotted - Trend Micro USA

http://free.antivirus.com/rubotted/



That can help rule out or draw the line at the extent of the infection presently. Try a list of antirootkit scanners here.... about down to middle of my web here:

http://www.bluecollarpc.org/Spyware_Removal_Center.php (i m webbie master)



Again, best I could tell you ? You just got about a free 75-100 dollar security consultation and absolute advice to hunt hunt hunt first for any rootkit infection and work backwards to remove all or any threats present with QUALITY antivirus and antispyware. Since there apparently is not a lot of redirecting to sites you did not click, and all of a sudden your search assistant and chosen default search engines are not changed and there is not a fake rouge antivirus installed with fake warnings popping up -- it would seem you caught this creepware dead in its tracks before the real damage was done. Since it is a high stealth malware installation and intent - the only visible signs of infection should have absolutely been the redirecting of the browser and search engine usage which you are not reporting as needing help for. You had the name of the threat which shows me you must have been successfully able to run in the least a high quaklity antivirus program that apprently reported it quarantined and you deleted successfully. WATCH for any of the first symptoms returning - then it installed a rootkit which is going to keep installing crap and you have to keep removing it unless you can get rid of the rootkit. If you keep on getting infected and you know you ain;t doing it - then it is a rootkit infection like a downloader trojan does also.



Good luck. I am into free community help and I feel your pain and you indeed had a high stealth infection, not a run of the mill at all. Count your blessings if you caught it tout suit ! phew !

LOL



I love these people, ZOMG YOU SHOULD USE LINUX OR OSX



A secured windows box is for most intents and purposes just as safe. good firewalls, good AV and common sense is all you need no matter what OS you run. (i run both win7 and ubuntu) Now on to the questions.



1. Its a trojan so it could be from a dodgey website you've visited or it could be from dodgey software you've installed.



2. Yeap plenty of people have been infected by this, and the information is sent to the people responsible where it is most likely stored so they can view at their leisure.



3. POssibly, you should treat all accounts as possibly comprimised and change the passwords imediately. preferably from another machine. realisitically they want account details that will make them money easily so you probably will be ok



4. depends on how you cleaned up, most likely you arent, these type of trojans allow the controller to install all manner of malware without you knowing. the safest way is going to be a full rebuild of your PC.

Once a virus has hit a system it is compromised until the system has been wiped clean. You need to back up all essential data, scan it in a secure environment and re format your entire system. I suggest afterwords changing your passwords again as there could easily be a keylogger stealing all your data and going undetected by your anti virus...Personally I don't feel safe unless I am running in Linux or OSX



I suggest getting comodo for your firewall/sandboxing



Make those fixes and you should be find. I recommend moving to linux, but comodo + either AVAST!FREE or Norton or kaspersky should be good for windows security.

A Trojan virus is faulty computer program that can infect remote computers by changing the desktop or deleting important files. Generally called a Trojan Horse, it appears as a legitimate file or software from a trusted source, therefore tricking users into opening it or downloading it. Take action and protect your personal computer files by learning to delete this Trojan virus.

Here is more infomation and removal guide:

http://trojan-horses-killer.com

Read about this particular virus.