One of the worst Trojans you will ever deal with, be aware of the name!

Started by Alexander, August 30, 2010, 06:06:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Alexander

August 30, 2010, 06:06:33 PM
I thought I would post this here, since it seems the best place to make people aware of a particularly nasty little bugger of a virus. The name is called TR/Alureon, and it comes in several variations...

More to the point, what this Trojan does, or did to me rather, was that every time I tried to open a .Exe file, typically my PC games, or web browsers, it would delete the exe icon, even if its just a shortcut, and infect it somehow with its own little devices that would prevent you form being able to open it, under its little message "<insert name of EXE file here> Is corrupt, and the process will be terminated to safeguard your computer"

Seeing this, I ran my virus scanner, Avira the free edition. The kicker was, it found nothing. Notta, Zip. So I ran it again, and then restarted my computer. Thinking it may have just been a corrupt file, I went into the main program files folder, and attempted to start it from there. It infected the whole file after that, and rendered it completely unusable. Doing a little searching on the web afterward on another computer, I found out that this little bastard was quite a nuisance elsewhere for others, and was directed to the god of Malware removing software. Malwarebytes.

I had to download it to a flashdrive in order to get it to work, because the virus didnt seem able to infect .exe files not on my hard drive, and ran it, it found so much that my Antivirus software couldnt it was breathtaking.

Just a word out if you ever see it on your computer, because the scanners will 'detect' it, but they cannot remove it unless you have one hell of a good Antivirus, or Malware removing software. I hope that none of you have to deal with it, because even after I got rid of it, so many of my files and programs were damaged I had to restore everything from backups. ><

Lypiphera

#1
August 30, 2010, 06:33:01 PM
Gah :( sounds horrible!

Glad to hear you managed to shift it without loosing too much!

Oreo

#2
August 31, 2010, 05:20:58 AM
Any idea how you picked it up in the first place Alexander?

She led me to safety in a forest of green, and showed my stale eyes some sights never seen.
She spins magic and moonlight in her meadows and streams, and seeks deep inside me,
and touches my dreams. - Harry Chapin

Mithlomwen

#3
August 31, 2010, 02:00:02 PM
You know what.....I think I have that Trojan on my old computer.  I can't open any .exe files at all....therefore I can't download any malware programs because they will download, and then I can't open them in order to run a scan on the computer to try and find it. 

It sounds similar to what you had Alexander.  So I'm wondering if I download malwarebytes to a flash drive and trying it that way will work.  *ponders* 
Baby, it's all I know,
that your half of the flesh and blood that makes me whole...
O/O  Stories  A/A

Oniya

#4
August 31, 2010, 02:08:16 PM
It should, if it's the same thing.
"Language was invented for one reason, boys - to woo women.~*~*~Don't think it's all been done before
And in that endeavor, laziness will not do." ~*~*~*~*~*~*~*~*~*~*~Don't think we're never gonna win this war
Robin Williams-Dead Poets Society ~*~*~*~*~*~*~*~*~*~*~*~*~*~Don't think your world's gonna fall apart
I do have a cause, though.  It's obscenity.  I'm for it.  - Tom Lehrer~*~All you need is your beautiful heart
O/O's Updated 5/11/21 - A/A's - Current Status! (Oct 31) - Writing a novel - all draws for Fool of Fire up! Requests closed

Alexander

#5
August 31, 2010, 03:43:13 PM
There are different variations of the trojan, classified by Avira's website as A, B, and C for the three known types. But yeah, if you run a .exe from your flash drive it should work.

@Mith: For me it came from simply downloading an update for my video card from a 3rd party site instead of ATI's own software support site, so that was totally my fault. Im much more careful about that now. <.<

Chevalier des Poissons

#6
August 31, 2010, 05:22:21 PM
Malwarebytes + combofix.

You will have to reinstall every softwares that had at least one file corrupted by that trojan, but it is better than keeping it in your pc.
-I have Maro's heart, and I promise to take good care of it-

A & A

Remiel

#7
December 11, 2010, 08:59:23 PM
Just got leveled with one of the worst trojans I've seen so far. Jesus.

I got it, curiously enough, when I was browsing Google imagesearch through Firefox for a new Christmas avatar for Elliquiy (not the one I'm currently using now, don't worry) and must have landed on the wrong site.  Next thing I knew, I got a popup in Firefox saying spyware was detected on my computer, and asked if I would like to scan.  Naturally, I said no (which might have been my mistake clicking on anything in the popup) and next thing I knew, my registry was hosed.  The malware changed the server settings for both Firefox and IE to use a proxy server that would not let me connect to anything but a legitimate-looking website that advertised anti-spyware software; an application was installed that continuously warned me that malware was on my system and directed me to the same website.  I could not open any application on my computer--not even Task manager; I would get a message saying "the application is corrupt." 

Only by restarting, and then quickly running Malwarebytes (thank you, Esoteric Myobi!) could I scan for and identify the threats before the application could start up and hose everything:

 


I'm amazed at the sheer audacity of the worm, how gullible its creators must think people are that they'd actually try to buy their "software".
Print
Go Up Pages1
User actions