Win32:Alureon-EJ [RTK]
Win32:Alureon-EJ is a Trojan that can hide its presence on the infected system by using a Rootkit techniques. Win32:Alureon-EJ will embed itself on legitimate Windows process so that only a copy of that process is visible on the system. This threat belongs to a family of Trojan that steals sensitive information from victim’s computer. The Trojan may also inject codes to various system drivers causing it to become corrupted and unusable. It greatly affects the overall performance of the computer and sometimes leads to instability and failure of the entire system.
Also Identified As:
Avira: TR/Dldr.DNSChanger
CA: Win32/Alureon
Dr. Web: Trojan.DnsChange
Ikarus: Trojan.Zlob
Kaspersky: Trojan-Downloader.Win32.Zlob
McAfee: DNSChanger
Sophos: Troj/Zlob
Sunbelt Software: Trojan-Downloader.Win32.Femad
Symantec: Trojan.Zlob
Trend Micro: TROJ_DNSCHAN
Damage Level: High
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
The Trojan steals sensitive information by intercepting inbound and outbound Internet traffic from the compromised system. User’s online credentials like user name and password, banking information and credit card data are at risk when Win32:Alureon-EJ [RTK] infiltrate a computer. It also modifies network configuration specifically DNS settings of the compromised PC to perform its tasks.
How to Remove Win32:Alureon-EJ [RTK]
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To identify even the most recent variant of Win32:Alureon-EJ [RTK] , open your antivirus application and update the virus definitions.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Additional virus removal tool like Norton Power Eraser provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.
5. Go to Norton Power Eraser web page and download the tool.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
10. Now click on Fix to start removing the threats including Win32:Alureon-EJ [RTK] remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.
robert
Nov 24, 2009 @ 15:10:36
I have the win32:alerion-ej and have tried malwarebytes, and avast but it did not get it.
avast detects it and I get the whole message thing and hit delete, but it must not be getting it out….
Help
Al
Dec 07, 2009 @ 11:13:33
I had the same virus. I’ve tried malwarebytes, super anti spyware, combo fix, deleted avast and tried antivira virus program, trend micro online scan, ESET online scan, Windows defender, reinstalled avast and deleted the other antivirus programs, but now it has come back as win32:Alureon-EN (not EJ)
Al
Dec 07, 2009 @ 14:05:18
Ok, I deleted Avast and downloaded Avg (30 day free trial), I believe it may have more options than just AVG free, in which I have the option to go to AVG free after 30 days. I did the rootkit scan and it found a hidden infection using rootkit techniques. (no name provided but the WIN 32-Alureon EJ uses these techniques). I then deleted it and restarted my computer but it was acting very, very slow. I then used Advance system care (free download) and the computer is back up to speed. Now doing a virus scan, if anything comes up I will post it.