Topic: One of the worst Trojans you will ever deal with, be aware of the name!

[Alexander]

I thought I would post this here, since it seems the best place to make people aware of a particularly nasty little bugger of a virus. The name is called TR/Alureon, and it comes in several variations...

More to the point, what this Trojan does, or did to me rather, was that every time I tried to open a .Exe file, typically my PC games, or web browsers, it would delete the exe icon, even if its just a shortcut, and infect it somehow with its own little devices that would prevent you form being able to open it, under its little message "<insert name of EXE file here> Is corrupt, and the process will be terminated to safeguard your computer"

Seeing this, I ran my virus scanner, Avira the free edition. The kicker was, it found nothing. Notta, Zip. So I ran it again, and then restarted my computer. Thinking it may have just been a corrupt file, I went into the main program files folder, and attempted to start it from there. It infected the whole file after that, and rendered it completely unusable. Doing a little searching on the web afterward on another computer, I found out that this little bastard was quite a nuisance elsewhere for others, and was directed to the god of Malware removing software. Malwarebytes.

I had to download it to a flashdrive in order to get it to work, because the virus didnt seem able to infect .exe files not on my hard drive, and ran it, it found so much that my Antivirus software couldnt it was breathtaking.

Just a word out if you ever see it on your computer, because the scanners will 'detect' it, but they cannot remove it unless you have one hell of a good Antivirus, or Malware removing software. I hope that none of you have to deal with it, because even after I got rid of it, so many of my files and programs were damaged I had to restore everything from backups. ><

[Lypiphera]

Gah :( sounds horrible!

Glad to hear you managed to shift it without loosing too much!

[Oreo]

Any idea how you picked it up in the first place Alexander?

[Mithlomwen]

You know what.....I think I have that Trojan on my old computer.  I can't open any .exe files at all....therefore I can't download any malware programs because they will download, and then I can't open them in order to run a scan on the computer to try and find it. 

It sounds similar to what you had Alexander.  So I'm wondering if I download malwarebytes to a flash drive and trying it that way will work.  *ponders* 

[Oniya]

It should, if it's the same thing.

[Alexander]

There are different variations of the trojan, classified by Avira's website as A, B, and C for the three known types. But yeah, if you run a .exe from your flash drive it should work.

@Mith: For me it came from simply downloading an update for my video card from a 3rd party site instead of ATI's own software support site, so that was totally my fault. Im much more careful about that now. <.<

[Chevalier des Poissons]

Malwarebytes + combofix.

You will have to reinstall every softwares that had at least one file corrupted by that trojan, but it is better than keeping it in your pc.

[Remiel]

Just got leveled with one of the worst trojans I've seen so far. Jesus.

I got it, curiously enough, when I was browsing Google imagesearch through Firefox for a new Christmas avatar for Elliquiy (not the one I'm currently using now, don't worry) and must have landed on the wrong site.  Next thing I knew, I got a popup in Firefox saying spyware was detected on my computer, and asked if I would like to scan.  Naturally, I said no (which might have been my mistake clicking on anything in the popup) and next thing I knew, my registry was hosed.  The malware changed the server settings for both Firefox and IE to use a proxy server that would not let me connect to anything but a legitimate-looking website that advertised anti-spyware software; an application was installed that continuously warned me that malware was on my system and directed me to the same website.  I could not open any application on my computer--not even Task manager; I would get a message saying "the application is corrupt." 

Only by restarting, and then quickly running Malwarebytes (thank you, Esoteric Myobi!) could I scan for and identify the threats before the application could start up and hose everything:

 


I'm amazed at the sheer audacity of the worm, how gullible its creators must think people are that they'd actually try to buy their "software".