[DJSword]

HI,
OK, heres the deal! I have a Dell Opti Plex-MS Windows XP-Home Edition-Service Pk 2. I was having alot of problems with redirecting while on Internet Explorer. I decided to run a scan at windows Live. This informs me I have a win32/alureon.H. So I purchased Spyware Dr. and ran a scan and it claims to have removed the threat. I have Avg Free 9.0 so I ran another scan from this it claims there is a Trojan horse Adload_r.AKC and they are named C:\windows\system32\svchost.exe(1144):memory_001a0000 and marked inaccesable then this is repeated on the next line but only up to the number. Next one is C:\windows\explorerEXE.(3808):\memory_001a0000 and again repeated on the next line up to the number.
At this point I am no longer angry . . I am dissappointed in the abilities ofproducts to actually back their claims to solve issues. However the confusion over whelms my knowledge of what to do as I am somewhere between a beginner and intermediate depending on the subject when it comes to computers.
Hoping someone will help me with this and let me thank you right from the start.
DJSword

[CatByte]

Hi

Please do the following:



Please download MBRCheck.exe to your desktop.

• Be sure to disable your security programs
• Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A window will open on your desktop
• if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file.

NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

• Double click the exe file.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries