To: Yosemitest
Where do I go/what do I search for to see if my pc has the trojan? Can’t I just look for a certain file rather than downloading a scanner?
25 posted on
04/07/2010 2:57:02 AM PDT by
chilltherats
(First, kill all the lawyers (now that they ARE the tyrants).......)
To: chilltherats
Where do I go/what do I search for to see if my pc has the trojan? Cant I just look for a certain file rather than downloading a scanner? Do a Google/Yahoo/Live search on "Win32/Alureon" and read the stuff available. For example, here's what one security vendor has to say:
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=50214
Also, I'd recommend using Malwarebytes' Anti-Malware. The personal version is free.
BUT DON'T JUST TAKE MY WORD and blithely follow my advice. Please research this yourself. For all you know, I could be someone trying to take advantage of you.
I specifically didn't make the URL to the CA website above a hyperlink so you'd have an opportunity NOT to click a link, but instead would have to copy and paste the URL into your browser. It's not a very good idea to be in the habit of clicking links served up by strangers.
Hope this helps.
32 posted on
04/07/2010 3:20:43 AM PDT by
Two-Shoes
(The Second Amendment exists to guarantee & give teeth to the First.)
To: chilltherats
"Spyware Terminator detected it,
and it's attempt to remove it wasn't successful."
I'd get either Spyware Terminator or Microsoft Security Essentials.
But let me warn you, Microsoft Security Essentials does NOT play well with others.
It wants to be the ONLY anti-virus HIPS firewall you have.
You can use it, IF you turn off ALL OTHER virus detectors you have. After you download it, and use it, I recommend you turn off its HIPS firewall, and turn on your other HIPS protection.
88 posted on
04/07/2010 10:41:29 AM PDT by
Yosemitest
(It's simple, fight or die.)
To: chilltherats
"Cant I just look for a certain file rather than downloading a scanner?"
I don't think so.
(From Technical Information (Analysis))
A third Trojan:Win32/Alureon.A component may perform the following operations: Gather URLs from the user's Web-browsing history.
Create a new registry value in subkey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
and place random data in that value.
Create a randomly named copy of itself under the Windows system folder
Modify the registry to cause the trojan copy to run automatically each time a user logs on:
Adds value: < name of trojan copy>
With data: < path to trojan copy>
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the following registry entries under subkey HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run:
The registry value whose name matches the name of the trojan file that is currently running.
The registry subkey whose name matches the name of the trojan file that is currently running.
Run Internet Explorer or the default Web browser and inject code into the corresponding new process. The injected code may take various actions, including changing DNS server settings on the host computer and downloading and running files from certain Web sites.
Run a new instance of explorer.exe and inject code into the corresponding new process. The injected code may take various actions, including deleting the Trojan:Win32/Alureon.A file that is running.
Some Trojan:Win32/Alureon.A components may disable or clear the existing Internet Explorer proxy settings.
In short, the malware rewrites one of your files, disguising itself, so that you can't see it, just by file name.
95 posted on
04/07/2010 11:23:49 AM PDT by
Yosemitest
(It's simple, fight or die.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson