Alureon Description

Alureon is one of the most dangerous malware infections. The Alureon Trojan and rootkit can search a computer system's network traffic and extract account information, passwords, online banking data and credit card information. The Alureon Trojan is responsible for several well-publicized attacks on computer systems using Windows operating systems. Microsoft has released several patches for their operating system, in order to undo some of the effects of this dangerous malware invader. According to PC security researchers, as of 2010, Alureon was responsible for the second-largest botnet and a host of spam email and DDoS attacks.

A Timeline of the Alureon Rootkit

According to PC security researchers, the first infections of the Alureon rootkit were first detected in 2006. Most computer systems become infected with the Alureon malware threat after downloading and installing a Trojan included with rogue security programs. Clones of Security Essentials 2010, a fairly typical fake security application, have been known to infect a computer system with Alureon. Once this Trojan enters a computer system, Alureon takes over the spoolsv.exe Windows service and injects a malicious code into the infected computer. It can then corrupt system drivers, such as atapi.sys, in order to carry out its rootkit implementation. Once the computer system is infected with the Alureon Trojan and rootkit, this malware threat will often cause browser redirects and lead its victims to malicious fake search engine websites. The Alureon rootkit has also been known to block automatic Windows updates and to prevent its victim from launching known anti-malware applications.

Detecting and Removing Alureon

The Alureon Trojan and rootkit caught the attention of PC security researchers, when Alureon was responsible for extensive crashes on Windows systems after the security update MS10-015. Since then, Microsoft has altered their update to prevent its installation, in case of an Alureon infection. However, the criminals behind this malware threat have also fixed this bug. As of 2010, malware analysts have reported that Alureon can now bypass the kernel-mode driver signing the requirement that is characteristic of the Windows 7 operating system. This makes Alureon particularly difficult to remove through normal means. The Alureon rootkit can remain undetected indefinitely. However, examining the infected computer's network traffic can show its presence. A specialized rootkit-removal tool may be necessary, before a legitimate anti-malware program is able to find and remove the Alureon infection.

Aliases: W32/Daws.BOLW!tr [Fortinet], Trojan.WinNT.Alureon [Ikarus], a variant of Win32/Kryptik.AYKH, Trojan:WinNT/Alureon [Microsoft],, Gen:Variant.Symmi.17638 (B), Heuristic.BehavesLike.Win32.ModifiedUPX.C [McAfee-GW-Edition], TR/Symmi.17638.8 [AntiVir], Gen:Variant.Symmi.17638 [BitDefender], Trojan-Dropper.Win32.Daws.bolw [Kaspersky], Win32:Kryptik-LJL [Trj] [Avast], TROJ_GEN.RCBCDDA, Troj_Generic.JXOLZ, WS.Reputation.1 [Symantec] and Trojan.Agent.ED.

Do You Suspect Your PC May Be Infected with Alureon & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Alureon as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Alureon creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\system32\config\systemprofile\AppData\Local\komitaw.dll 10,752 d823c950238ef9afa45cdc509f04a05c 24
2 %TEMP%win4036e0.dat 101,376 6884f687736d2fb972c904e2e1d5a59b 16
3 %TEMP%thpm3895857826689602663.tmp 121,344 46675e831a2b30d0457c8fa21ee527e9 12
4 %TEMP%win403700.dat 103,936 c97844bdc7793ae395bdcd345decbca8 7
5 \\.\globalroot\Device\HarddiskVolume3\Users\Jeff\AppData\Local\Temp\thpm7697982094124185074.tmp 86,016 1ee5efbdfc7c9c77e3737da1e1374fa1 1
6 %TEMP%thpm5973560001937761939.tmp 103,424 d458c6eb75444101d6d27c8eca66d3f8 1
7 %TEMP%thpm549920895322861909.tmp 102,400 aee5779422e12b1a874ec5911897e9bf 1
8 %TEMP%:winupd.exe 133,632 1ffd2c773aaf54bf2f6329c091ffdee3 1
9 %SystemDrive%\Users\matthew\AppData\Local\Temp\0.20486604276581433 131,584 27939705590a4974edb156ea339dca85 1
10 mfo.exe 184,324 dce3dc305736a27ab33cb13b4f49b21a 0
11 winhbt.exe 38,400 5283b1dff46814166a75a4b52ef34f0b 0
12 winlogon.exe 28,672 2dd4320d4d63febe95febd9fa0eec1a3 0
13 wow64main.exe 1,253,376 227ef1a68b0bbeaa4ffe2fd70ccecc1c 0
14 geyekrxnrwowrd.dll 20,480 39fbb470fe4ccf16e050765b15d1729a 0
15 tempo-139671.tmp 14,848 c776a1cc39ba2f07473640e31d01f5c6 0
16 dmgmi.exe 47,104 dc3db45bc4a374558ef68a81b778ed27 0
17 senekaovrgoend.sys 67,584 c1cf34e2585abad18a912ee59535ebbf 0
18 00195d36.exe 40,448 fb42eeab698100873bf979d5ba0f0661 0
19 richtx64.exe 671,744 68ba7355d861d924f721720d4b64bb06 0
20 kernel64xp.dll 298,496 c1f8d3c96f8ce34de36e1ef9ccc1d5ca 0
More files

Registry Details

Alureon creates the following registry entry or registry entries:
File name without path
Run keys

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.