Alureon

Posted: February 23, 2009
Threat Metric
Threat Level: 9/10
Infected PCs 204

Alureon Description

Alureon is a subgroup of rootkits and Trojans that often consist of multiple components and use sophisticated techniques to steal private information (such as online bank data or account passwords). Specific members of the Alureon gang include the TDL4 rootkit, TDL3 rootkit, Win32/Alureon, Rootkit.Win32.TDSS.bj, Trojan.Win32.Menti.hvdp and TDSS rootkit, all of which have advanced features to evade detection and cripple your computer's security functions. SpywareRemove.com malware analysts have noted that attacks by Alureon rootkits have also acquired infamy by installing additional types of malicious software and by redirecting web browsers to harmful websites. Because Trojans and rootkits from the Alureon family are notoriously-difficult to find or delete, it's strongly recommended that you use powerful anti-malware software to remove Alureon from your PC if you think that you have an Alureon infection.

Alureon – A Complex but Powerful Plan to Bilk Your PC Out of Everything

Direct symptoms of Alureon activities are a rare occurrence, since Alureon, like all Trojans and rootkits, will take steps to hide itself from ready detection. However, you may be able to notice Alureon due to unusual network activity, malfunctions in security software or browser redirect attacks. Alureon infections are often composed of multiple components, including a 'dropper' Trojan that installs the rest of the Alureon rootkit, as well as a 'payload' Trojan that coordinates Alureon's attacks. Typical Alureon-related risks that SpywareRemove.com malware analysts have found include:

  • The installation of other forms of harmful software with varying degrees of visibility. Some programs, such as rogue security applications, may be very visible, while others, such as keyloggers, may be difficult or impossible to detect without some form of anti-malware program.
  • Browser hijacks that redirect your online searches to unusual websites. Websites that are promoted by Alureon are, of course, utterly unsafe for your PC, even if they might appear to be a trustworthy search engine or software website.
  • Loss of personal information due to spyware-related activities that Alureon may be configured to use against your PC. This can include taking screenshots, keylogging and even recording webcam data.
  • Infection of Internet Explorer processes.
  • The inclusion of a DNSChanger component that attacks your Domain Name Server settings. This allows Alureon to intercept information that you send through the Internet (or receive from it).

Other attacks may also vary, depending on the variant of Alureon as well as any instructions that Alureon receives from an outside command server.

How to Get Rid of Alureon and Insure That It will not Be Back

Improper removal of Alureon can easily allow Alureon to regenerate itself and resume its attacks. SpywareRemove.com malware researchers have noted that the most common way for this to occur is for Alureon to restore itself from an infected system backup file. If you find it necessary to replace damaged Windows components, it's recommended that you reinstall the files from a clean source instead of trying to restore them from an on-board backup.

New versions of Alureon rootkits have also been found to corrupt certain drivers to the point of making them unusable; common Alureon victims include atapi.sys, iastorv.sys, idechndr.sys, nvata.sys, nvstor.sys, nvstor32.sys, nvatabus.sys, nvgts.sys, iastor.sys and sisraid.sys. As noted above, the standard precaution against using backups still applies. You may also need to restore other types of system settings, such as your DNS settings, from any changes that Alureon may have made. Failure to do this, even after you've deleted Alureon, may result in exposure to sites that reinfect your PC with Alureon or related PC threats.

Aliases


W32/Daws.BOLW!tr [Fortinet]Trojan.WinNT.Alureon [Ikarus]a variant of Win32/Kryptik.AYKHTrojan:WinNT/Alureon [Microsoft]Win32.Troj.Daws.bo.(kcloud)Gen:Variant.Symmi.17638 (B)Heuristic.BehavesLike.Win32.ModifiedUPX.C [McAfee-GW-Edition]TR/Symmi.17638.8 [AntiVir]Gen:Variant.Symmi.17638 [BitDefender]Trojan-Dropper.Win32.Daws.bolw [Kaspersky]Win32:Kryptik-LJL [Trj] [Avast]TROJ_GEN.RCBCDDATroj_Generic.JXOLZWS.Reputation.1 [Symantec]Trojan.Agent.ED
More aliases (326)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Alureon may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



wow64main.exe File name: wow64main.exe
Size: 1.25 MB (1253376 bytes)
MD5: 227ef1a68b0bbeaa4ffe2fd70ccecc1c
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
00195d36.exe File name: 00195d36.exe
Size: 40.44 KB (40448 bytes)
MD5: fb42eeab698100873bf979d5ba0f0661
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
richtx64.exe File name: richtx64.exe
Size: 671.74 KB (671744 bytes)
MD5: 68ba7355d861d924f721720d4b64bb06
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010
tempo-139671.tmp File name: tempo-139671.tmp
Size: 14.84 KB (14848 bytes)
MD5: c776a1cc39ba2f07473640e31d01f5c6
Detection count: 63
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Last Updated: December 11, 2009
%SystemDrive%\Users\matthew\AppData\Local\Temp\0.20486604276581433 File name: 0.20486604276581433
Size: 131.58 KB (131584 bytes)
MD5: 27939705590a4974edb156ea339dca85
Detection count: 62
Mime Type: unknown/20486604276581433
Path: %SystemDrive%\Users\matthew\AppData\Local\Temp\
Group: Malware file
Last Updated: March 29, 2013
%WINDIR%\system32\config\systemprofile\AppData\Local\komitaw.dll File name: komitaw.dll
Size: 10.75 KB (10752 bytes)
MD5: d823c950238ef9afa45cdc509f04a05c
Detection count: 56
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\config\systemprofile\AppData\Local\
Group: Malware file
Last Updated: December 18, 2012
kernel64xp.dll File name: kernel64xp.dll
Size: 298.49 KB (298496 bytes)
MD5: c1f8d3c96f8ce34de36e1ef9ccc1d5ca
Detection count: 46
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: June 8, 2010
geyekrxnrwowrd.dll File name: geyekrxnrwowrd.dll
Size: 20.48 KB (20480 bytes)
MD5: 39fbb470fe4ccf16e050765b15d1729a
Detection count: 45
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
mfo.exe File name: mfo.exe
Size: 184.32 KB (184324 bytes)
MD5: dce3dc305736a27ab33cb13b4f49b21a
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
dmgmi.exe File name: dmgmi.exe
Size: 47.1 KB (47104 bytes)
MD5: dc3db45bc4a374558ef68a81b778ed27
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
%TEMP%thpm3895857826689602663.tmp File name: thpm3895857826689602663.tmp
Size: 121.34 KB (121344 bytes)
MD5: 46675e831a2b30d0457c8fa21ee527e9
Detection count: 28
File type: Temporary File
Mime Type: unknown/tmp
Path: %TEMP%
Group: Malware file
Last Updated: September 26, 2011
%TEMP%thpm5973560001937761939.tmp File name: thpm5973560001937761939.tmp
Size: 103.42 KB (103424 bytes)
MD5: d458c6eb75444101d6d27c8eca66d3f8
Detection count: 25
File type: Temporary File
Mime Type: unknown/tmp
Path: %TEMP%
Group: Malware file
Last Updated: September 8, 2011
senekaovrgoend.sys File name: senekaovrgoend.sys
Size: 67.58 KB (67584 bytes)
MD5: c1cf34e2585abad18a912ee59535ebbf
Detection count: 24
File type: System file
Mime Type: unknown/sys
Group: Malware file
Last Updated: December 11, 2009
\\.\globalroot\Device\HarddiskVolume3\Users\Jeff\AppData\Local\Temp\thpm7697982094124185074.tmp File name: thpm7697982094124185074.tmp
Size: 86.01 KB (86016 bytes)
MD5: 1ee5efbdfc7c9c77e3737da1e1374fa1
Detection count: 24
File type: Temporary File
Mime Type: unknown/tmp
Path: \\.\globalroot\Device\HarddiskVolume3\Users\Jeff\AppData\Local\Temp\
Group: Malware file
Last Updated: August 25, 2011
%TEMP%win403700.dat File name: win403700.dat
Size: 103.93 KB (103936 bytes)
MD5: c97844bdc7793ae395bdcd345decbca8
Detection count: 16
File type: Data file
Mime Type: unknown/dat
Path: %TEMP%
Group: Malware file
Last Updated: September 5, 2011
%TEMP%:winupd.exe File name: %TEMP%:winupd.exe
Size: 133.63 KB (133632 bytes)
MD5: 1ffd2c773aaf54bf2f6329c091ffdee3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 10, 2012
winlogon.exe File name: winlogon.exe
Size: 28.67 KB (28672 bytes)
MD5: 2dd4320d4d63febe95febd9fa0eec1a3
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

More files

Related Posts

2 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.