Cannot get rootkit off user's computer

claptonman

New Member
Hey guys, have a computer here with a bad rootkit. I've ran MBAM, Combofix in safe mode, and rkill, but MSE keeps finding this rootkit. Its called "trojan:DOS/Alureon.E." Tried running TDSSKiller, but it does not open. Tried downloading it again and running in safe mode, admin mode, and compatability mode. Any ideas?
 
Put the drive in a different system and then run tdsskiller. Open tdsskiller and click on change parameters, check tdlsf file system box then start scanning. I'm at work right now but can help you better when I get home.
 
Actually figured it out. It created a 3mb partition that I couldn't see until I got into disk management. Delete partition and all traces of it were gone.
 
Another note, when I deleted the partition and restarted, windows would not boot. "Boot device not found." Stuck a win7 disk in, repaired startup, and it worked fine.
 
Most of the times when you get a trojan, the best is to boot off a CD/DVD and remove the trojan. I use ERD Commander. Obviously, you need to identify where it is. And/Or use system restore.

Get a copy of ERD Commander or Bart PC disk. They are very handy
 
Back
Top