Alureon DescriptionAlureon is one of the most dangerous malware infections. The Alureon Trojan and rootkit can search a computer system's network traffic and extract account information, passwords, online banking data and credit card information. The Alureon Trojan is responsible for several well-publicized attacks on computer systems using Windows operating systems. Microsoft has released several patches for their operating system, in order to undo some of the effects of this dangerous malware invader. According to PC security researchers, as of 2010, Alureon was responsible for the second-largest botnet and a host of spam email and DDoS attacks.
A Timeline of the Alureon Rootkit
According to PC security researchers, the first infections of the Alureon rootkit were first detected in 2006. Most computer systems become infected with the Alureon malware threat after downloading and installing a Trojan included with rogue security programs. Clones of Security Essentials 2010, a fairly typical fake security application, have been known to infect a computer system with Alureon. Once this Trojan enters a computer system, Alureon takes over the spoolsv.exe Windows service and injects a malicious code into the infected computer. It can then corrupt system drivers, such as atapi.sys, in order to carry out its rootkit implementation. Once the computer system is infected with the Alureon Trojan and rootkit, this malware threat will often cause browser redirects and lead its victims to malicious fake search engine websites. The Alureon rootkit has also been known to block automatic Windows updates and to prevent its victim from launching known anti-malware applications.
Detecting and Removing Alureon
The Alureon Trojan and rootkit caught the attention of PC security researchers, when Alureon was responsible for extensive crashes on Windows systems after the security update MS10-015. Since then, Microsoft has altered their update to prevent its installation, in case of an Alureon infection. However, the criminals behind this malware threat have also fixed this bug. As of 2010, malware analysts have reported that Alureon can now bypass the kernel-mode driver signing the requirement that is characteristic of the Windows 7 operating system. This makes Alureon particularly difficult to remove through normal means. The Alureon rootkit can remain undetected indefinitely. However, examining the infected computer's network traffic can show its presence. A specialized rootkit-removal tool may be necessary, before a legitimate anti-malware program is able to find and remove the Alureon infection.
Aliases: Win32:Kryptik-LJL [Trj] [Avast], Artemis!B0DD981293FF [McAfee], Trojan.Agent.ED [Malwarebytes], WS.Reputation.1 [Symantec], Troj_Generic.JXOLZ [Norman], TROJ_GEN.RCBCDDA [TrendMicro-HouseCall], W32/Daws.BOLW!tr [Fortinet], Trojan-Dropper.Win32.Daws.bolw [Kaspersky], Gen:Variant.Symmi.17638 [BitDefender], TR/Symmi.17638.8 [AntiVir], Trojan.WinNT.Alureon [Ikarus], a variant of Win32/Kryptik.AYKH [ESET-NOD32], Trojan:WinNT/Alureon [Microsoft], Win32.Troj.Daws.bo.(kcloud) [Kingsoft] and Gen:Variant.Symmi.17638 (B) [Emsisoft].
Infected with Alureon? Scan Your PC for FreeDownload SpyHunter’s Spyware Scanner
to Detect Alureon
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.
Our MalwareTracker shows malware activity across the world. Explore real-time data of Alureon outbreaks and other threats from global to local level.
File System Details
Alureon creates the following file(s):
|#||File Name||Size||MD5||Detection Count|
Alureon creates the following registry entry or registry entries: