Alureon
Alureon Description
Alureon is a subgroup of rootkits and Trojans that often consist of multiple components and use sophisticated techniques to steal private information (such as online bank data or account passwords). Specific members of the Alureon gang include the TDL4 rootkit, TDL3 rootkit, Win32/Alureon, Rootkit.Win32.TDSS.bj, Trojan.Win32.Menti.hvdp and TDSS rootkit, all of which have advanced features to evade detection and cripple your computer’s security functions.
Alureon – A Complex but Powerful Plan to Bilk Your PC Out of Everything
Direct symptoms of Alureon activities are a rare occurrence, since Alureon, like all Trojans and rootkits, will take steps to hide itself from ready detection. However, you may be able to notice Alureon due to unusual network activity, malfunctions in security software or browser redirect attacks. Alureon infections are often composed of multiple components, including a ‘dropper’ Trojan that installs the rest of the Alureon rootkit, as well as a ‘payload’ Trojan that coordinates Alureon’s attacks. Typical Alureon-related risks that SpywareRemove.com malware analysts have found include:
- The installation of other forms of harmful software with varying degrees of visibility. Some programs, such as rogue security applications, may be very visible, while others, such as keyloggers, may be difficult or impossible to detect without some form of anti-malware program.
- Browser hijacks that redirect your online searches to unusual websites. Websites that are promoted by Alureon are, of course, utterly unsafe for your PC, even if they might appear to be a trustworthy search engine or software website.
- Loss of personal information due to spyware-related activities that Alureon may be configured to use against your PC. This can include taking screenshots, keylogging and even recording webcam data.
- Infection of Internet Explorer processes.
- The inclusion of a DNSChanger component that attacks your Domain Name Server settings. This allows Alureon to intercept information that you send through the Internet (or receive from it).
Other attacks may also vary, depending on the variant of Alureon as well as any instructions that Alureon receives from an outside command server.
How to Get Rid of Alureon and Insure That It will not Be Back
Improper removal of Alureon can easily allow Alureon to regenerate itself and resume its attacks. SpywareRemove.com malware researchers have noted that the most common way for this to occur is for Alureon to restore itself from an infected system backup file. If you find it necessary to replace damaged Windows components, it’s recommended that you reinstall the files from a clean source instead of trying to restore them from an on-board backup.
New versions of Alureon rootkits have also been found to corrupt certain drivers to the point of making them unusable; common Alureon victims include atapi.sys, iastorv.sys, idechndr.sys, nvata.sys, nvstor.sys, nvstor32.sys, nvatabus.sys, nvgts.sys, iastor.sys and sisraid.sys. As noted above, the standard precaution against using backups still applies. You may also need to restore other types of system settings, such as your DNS settings, from any changes that Alureon may have made. Failure to do this, even after you’ve deleted Alureon, may result in exposure to sites that reinfect your PC with Alureon or related PC threats.
Aliases
W32/Daws.BOLW!tr [Fortinet]Trojan.WinNT.Alureon [Ikarus]a variant of Win32/Kryptik.AYKH [ESET-NOD32]Trojan:WinNT/Alureon [Microsoft]Win32.Troj.Daws.bo.(kcloud) [Kingsoft]Gen:Variant.Symmi.17638 (B) [Emsisoft]Heuristic.BehavesLike.Win32.ModifiedUPX.C [McAfee-GW-Edition]TR/Symmi.17638.8 [AntiVir]Gen:Variant.Symmi.17638 [BitDefender]Trojan-Dropper.Win32.Daws.bolw [Kaspersky]
More aliases (326)
Alureon Automatic Detection Tool (Recommended)
Is your PC infected with Alureon? To safely & quickly detect Alureon, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Alureon
What happens if Alureon does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
More files
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}richtx64.exe
Posted: February 23, 2009 | By SpywareRemove
MoreThreat Level: 9/10
(5 votes, average: 4.20 out of 5)
Loading ...Rate this article:
Detection Count: 11,884
i removed a traojn virus on my computer but my google toolbar and start menu looks differnet?please help, I got rid of the virus, it is the first time my computer has ever had a virus. And after I got rid of it, my windows start menu changed and it looks like a windows 98, and also my google toolbar and internet bars have changed. what happened, is my computer ok, should i worry?sorry guys, it was just my little sister messing with my computer >:S THANKS!
I am DYING to remove this program…does anyone know if it will come back after using spyhunter?
How convenient that all of the viruses they say are there come up at once (like, twenty at once) and are all in system 32, which they know everyone has. Can’t believe I fell for that… But I fixed it with a sys restore.