PCMech Forums - View Single Post - Removing another pest -- Alureon.E

**Panama Red** · 03-15-2012, 08:37 AM

Yesterday, I had the thrill of disinfecting an XP machine. Once Malwarebytes came up clean, I rebooted and MS Security Essentials came up red to notify me that it had detected Alureon.E. As is the case with so many of these Alureon varieties, MSSE detects it and says it removes the threat but when you reboot, it's still there. Internet research revealed no easy solution for removal and the most reliable sites were offereing "log posting" assistance to those seeking help. Some sites were offering an "Automatic Removal Tool" but the sites weren't ones I was familiar with. That's when I decided to find my own way of removing this pest.
If you use the "Show Details" options in MSSE, you'll probably notice that Alureon.E is residing in "boot/xxxx/HardDisk3" or I'd suspect HardDisk2 if your pc doesn't have a Recovery partition. The HP I was cleaning did have the Recovery partition. The HP only showed 2 partitions in My Computer but Disk Management showed a small, 2mb area behind the Recovery Partition. Now, here's the "how to remove" part.
Download and install the Free Easus Partition Manager. Open the program and the graphic should reveal a Hidden patition on the end of the drive. Select that Hidden partition from the list of partitions and select Delete Partition. Click on Apply and the offending partition will magically disappear. In my case, it was added to the adjacent Recovery Partition.
Next, get your XP Home or XP Pro installation disk (you can use XP Pro disk for XP Media Center) and boot to the disk. When you get the options to Install Windows XP or Press "R" for Recovery Console, press R. The command prompt will start. Select your boot partition, typically C, and press Enter without entering a password when asked for the Administrator password (unless you've installed one previously). At the C: prompt, type "fixmbr" and say Yes to the change. Then type "fixboot" and also say Yes. Both commands are done without the "-". Reboot your computer and the pest should be gone!
The fixmbr and fixboot operations are a bit different in Vista and Windows 7 since those OS's use Windows Recovery instead of the older Recovery Console. Here's an article on how to use the Bootrec command in Windows Recovery.
Keep in mind, the actual removal of Alureon.E was done AFTER the computer was thoroughly cleaned using RKill, TDSSkiller, Malwarebytes and MS Security Essentials. I hope this helps others remove this pest but I make no guarantees. You still need a good understanding of how to run the previously mentioned antimalware tools.

03-15-2012, 08:37 AM	#1
Panama Red Served with Pride Staff Premium Member Join Date: Apr 2003 Location: near the left coast of Michigan Posts: 14,657	Removing another pest -- Alureon.E Yesterday, I had the thrill of disinfecting an XP machine. Once Malwarebytes came up clean, I rebooted and MS Security Essentials came up red to notify me that it had detected Alureon.E. As is the case with so many of these Alureon varieties, MSSE detects it and says it removes the threat but when you reboot, it's still there. Internet research revealed no easy solution for removal and the most reliable sites were offereing "log posting" assistance to those seeking help. Some sites were offering an "Automatic Removal Tool" but the sites weren't ones I was familiar with. That's when I decided to find my own way of removing this pest. If you use the "Show Details" options in MSSE, you'll probably notice that Alureon.E is residing in "boot/xxxx/HardDisk3" or I'd suspect HardDisk2 if your pc doesn't have a Recovery partition. The HP I was cleaning did have the Recovery partition. The HP only showed 2 partitions in My Computer but Disk Management showed a small, 2mb area behind the Recovery Partition. Now, here's the "how to remove" part. Download and install the Free Easus Partition Manager. Open the program and the graphic should reveal a Hidden patition on the end of the drive. Select that Hidden partition from the list of partitions and select Delete Partition. Click on Apply and the offending partition will magically disappear. In my case, it was added to the adjacent Recovery Partition. Next, get your XP Home or XP Pro installation disk (you can use XP Pro disk for XP Media Center) and boot to the disk. When you get the options to Install Windows XP or Press "R" for Recovery Console, press R. The command prompt will start. Select your boot partition, typically C, and press Enter without entering a password when asked for the Administrator password (unless you've installed one previously). At the C: prompt, type "fixmbr" and say Yes to the change. Then type "fixboot" and also say Yes. Both commands are done without the "-". Reboot your computer and the pest should be gone! The fixmbr and fixboot operations are a bit different in Vista and Windows 7 since those OS's use Windows Recovery instead of the older Recovery Console. Here's an article on how to use the Bootrec command in Windows Recovery. Keep in mind, the actual removal of Alureon.E was done AFTER the computer was thoroughly cleaned using RKill, TDSSkiller, Malwarebytes and MS Security Essentials. I hope this helps others remove this pest but I make no guarantees. You still need a good understanding of how to run the previously mentioned antimalware tools. __________________ Getting old is not for sissies!