Alureon
Posted: February 23, 2009
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 208 |
First Seen: | July 24, 2009 |
---|---|
Last Seen: | December 25, 2020 |
OS(es) Affected: | Windows |
Alureon is a subgroup of rootkits and Trojans that often consist of multiple components and use sophisticated techniques to steal private information (such as online bank data or account passwords). Specific members of the Alureon gang include the TDL4 rootkit, TDL3 rootkit, Win32/Alureon, Rootkit.Win32.TDSS.bj, Trojan.Win32.Menti.hvdp and TDSS rootkit, all of which have advanced features to evade detection and cripple your computer's security functions. SpywareRemove.com malware analysts have noted that attacks by Alureon rootkits have also acquired infamy by installing additional types of malicious software and by redirecting web browsers to harmful websites. Because Trojans and rootkits from the Alureon family are notoriously-difficult to find or delete, it's strongly recommended that you use powerful anti-malware software to remove Alureon from your PC if you think that you have an Alureon infection.
Alureon – A Complex but Powerful Plan to Bilk Your PC Out of Everything
Direct symptoms of Alureon activities are a rare occurrence, since Alureon, like all Trojans and rootkits, will take steps to hide itself from ready detection. However, you may be able to notice Alureon due to unusual network activity, malfunctions in security software or browser redirect attacks. Alureon infections are often composed of multiple components, including a 'dropper' Trojan that installs the rest of the Alureon rootkit, as well as a 'payload' Trojan that coordinates Alureon's attacks. Typical Alureon-related risks that SpywareRemove.com malware analysts have found include:
- The installation of other forms of harmful software with varying degrees of visibility. Some programs, such as rogue security applications, may be very visible, while others, such as keyloggers, may be difficult or impossible to detect without some form of anti-malware program.
- Browser hijacks that redirect your online searches to unusual websites. Websites that are promoted by Alureon are, of course, utterly unsafe for your PC, even if they might appear to be a trustworthy search engine or software website.
- Loss of personal information due to spyware-related activities that Alureon may be configured to use against your PC. This can include taking screenshots, keylogging and even recording webcam data.
- Infection of Internet Explorer processes.
- The inclusion of a DNSChanger component that attacks your Domain Name Server settings. This allows Alureon to intercept information that you send through the Internet (or receive from it).
Other attacks may also vary, depending on the variant of Alureon as well as any instructions that Alureon receives from an outside command server.
How to Get Rid of Alureon and Insure That It will not Be Back
Improper removal of Alureon can easily allow Alureon to regenerate itself and resume its attacks. SpywareRemove.com malware researchers have noted that the most common way for this to occur is for Alureon to restore itself from an infected system backup file. If you find it necessary to replace damaged Windows components, it's recommended that you reinstall the files from a clean source instead of trying to restore them from an on-board backup.
New versions of Alureon rootkits have also been found to corrupt certain drivers to the point of making them unusable; common Alureon victims include atapi.sys, iastorv.sys, idechndr.sys, nvata.sys, nvstor.sys, nvstor32.sys, nvatabus.sys, nvgts.sys, iastor.sys and sisraid.sys. As noted above, the standard precaution against using backups still applies. You may also need to restore other types of system settings, such as your DNS settings, from any changes that Alureon may have made. Failure to do this, even after you've deleted Alureon, may result in exposure to sites that reinfect your PC with Alureon or related PC threats.
Aliases
More aliases (326)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:wow64main.exe
File name: wow64main.exeSize: 1.25 MB (1253376 bytes)
MD5: acedcadac22f048b3f8cbaf3b0d17729
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
richtx64.exe
File name: richtx64.exeSize: 716.8 KB (716800 bytes)
MD5: 9b3b7ed96e87fb7c22ee4e06dab9c994
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010
wow64main.exe
File name: wow64main.exeSize: 1.25 MB (1253376 bytes)
MD5: 839e68b258ca56a5693a47bd610415f5
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
richtx64.exe
File name: richtx64.exeSize: 675.84 KB (675840 bytes)
MD5: 0bb6c6eda62730fd75c7f119bd154cae
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010
wow64main.exe
File name: wow64main.exeSize: 1.25 MB (1253376 bytes)
MD5: 227ef1a68b0bbeaa4ffe2fd70ccecc1c
Detection count: 81
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
00195d36.exe
File name: 00195d36.exeSize: 40.44 KB (40448 bytes)
MD5: fb42eeab698100873bf979d5ba0f0661
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2010
richtx64.exe
File name: richtx64.exeSize: 671.74 KB (671744 bytes)
MD5: 68ba7355d861d924f721720d4b64bb06
Detection count: 66
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010
tempo-139671.tmp
File name: tempo-139671.tmpSize: 14.84 KB (14848 bytes)
MD5: c776a1cc39ba2f07473640e31d01f5c6
Detection count: 63
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
Last Updated: December 11, 2009
%SystemDrive%\Users\<username>\AppData\Local\Temp\0.20486604276581433
File name: 0.20486604276581433Size: 131.58 KB (131584 bytes)
MD5: 27939705590a4974edb156ea339dca85
Detection count: 62
Mime Type: unknown/20486604276581433
Path: %SystemDrive%\Users\<username>\AppData\Local\Temp
Group: Malware file
Last Updated: March 29, 2013
%WINDIR%\system32\config\systemprofile\AppData\Local\komitaw.dll
File name: komitaw.dllSize: 10.75 KB (10752 bytes)
MD5: d823c950238ef9afa45cdc509f04a05c
Detection count: 56
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32\config\systemprofile\AppData\Local
Group: Malware file
Last Updated: December 18, 2012
kernel64xp.dll
File name: kernel64xp.dllSize: 298.49 KB (298496 bytes)
MD5: c1f8d3c96f8ce34de36e1ef9ccc1d5ca
Detection count: 46
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: June 8, 2010
geyekrxnrwowrd.dll
File name: geyekrxnrwowrd.dllSize: 20.48 KB (20480 bytes)
MD5: 39fbb470fe4ccf16e050765b15d1729a
Detection count: 45
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
richtx64.exe
File name: richtx64.exeSize: 671.74 KB (671744 bytes)
MD5: c63cd2dac85d84eeb1cd377a1c893a54
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 8, 2010
dmgmi.exe
File name: dmgmi.exeSize: 47.1 KB (47104 bytes)
MD5: dc3db45bc4a374558ef68a81b778ed27
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
%TEMP%\thpm3895857826689602663.tmp
File name: thpm3895857826689602663.tmpSize: 121.34 KB (121344 bytes)
MD5: 46675e831a2b30d0457c8fa21ee527e9
Detection count: 28
File type: Temporary File
Mime Type: unknown/tmp
Path: %TEMP%
Group: Malware file
Last Updated: September 26, 2011
%TEMP%\thpm5973560001937761939.tmp
File name: thpm5973560001937761939.tmpSize: 103.42 KB (103424 bytes)
MD5: d458c6eb75444101d6d27c8eca66d3f8
Detection count: 25
File type: Temporary File
Mime Type: unknown/tmp
Path: %TEMP%
Group: Malware file
Last Updated: September 8, 2011
senekaovrgoend.sys
File name: senekaovrgoend.sysSize: 67.58 KB (67584 bytes)
MD5: c1cf34e2585abad18a912ee59535ebbf
Detection count: 24
File type: System file
Mime Type: unknown/sys
Group: Malware file
Last Updated: December 11, 2009
\\.\globalroot\Device\HarddiskVolume3\Users\<username>\AppData\Local\Temp\thpm7697982094124185074.tmp
File name: thpm7697982094124185074.tmpSize: 86.01 KB (86016 bytes)
MD5: 1ee5efbdfc7c9c77e3737da1e1374fa1
Detection count: 24
File type: Temporary File
Mime Type: unknown/tmp
Path: \\.\globalroot\Device\HarddiskVolume3\Users\<username>\AppData\Local\Temp
Group: Malware file
Last Updated: August 25, 2011
%TEMP%\win403700.dat
File name: win403700.datSize: 103.93 KB (103936 bytes)
MD5: c97844bdc7793ae395bdcd345decbca8
Detection count: 19
File type: Data file
Mime Type: unknown/dat
Path: %TEMP%
Group: Malware file
Last Updated: December 25, 2020
%TEMP%\win4036e0.dat
File name: win4036e0.datSize: 102.91 KB (102912 bytes)
MD5: 3bfe572d5600f77c8a2d9e81000e1e89
Detection count: 12
File type: Data file
Mime Type: unknown/dat
Path: %TEMP%
Group: Malware file
Last Updated: September 21, 2011
%TEMP%\win4036e0.dat
File name: win4036e0.datSize: 103.42 KB (103424 bytes)
MD5: 3cc43862518c71a5309590f835875703
Detection count: 5
File type: Data file
Mime Type: unknown/dat
Path: %TEMP%
Group: Malware file
Last Updated: November 28, 2011
%TEMP%:winupd.exe
File name: %TEMP%:winupd.exeSize: 133.63 KB (133632 bytes)
MD5: 1ffd2c773aaf54bf2f6329c091ffdee3
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 10, 2012
More files
Related Posts
- "Windows Detected ALUREON Attack" Fake Warning
- Trojan:DOS/Alureon.J
- Trojan.Alureon.FO
- Trojan.Alureon.GC
- Trojan.MBR.Alureon!IK
I am DYING to remove this program...does anyone know if it will come back after using spyhunter?
i removed a traojn virus on my computer but my google toolbar and start menu looks differnet?please help, I got rid of the virus, it is the first time my computer has ever had a virus. And after I got rid of it, my windows start menu changed and it looks like a windows 98, and also my google toolbar and internet bars have changed. what happened, is my computer ok, should i worry?sorry guys, it was just my little sister messing with my computer >:S THANKS!