Win32:Alureon-CE [Rtk]

If you are looking for ways to remove Win32:Alureon-CE [Rtk], then you can find it on this page. Free tools and removal procedure is also included to get rid of the Trojan instantly.

Win32:Alureon-CE [Rtk] is a rootkit Trojan that was obscured to remain hidden from antivirus programs. Computers infected with this Trojan may experience annoyances such as browser redirection, reduce in system performance and disabled security programs. This threat typically attacks a system by injecting a code on legitimate Windows driver files. Then, it will encrypt the affected file and hides the process and registry entries associated with it.

Alias: Trojan.Win32.Agent.crez (Kaspersky), Backdoor.Tidserv (Symantec), DNSChanger.t (McAfee), Win32/Alureon.AEJ (CA) Win32/Almark.JU (ESET), DNSChanger.FFCM (Norman), Trj/Alureon.AW (Panda), Mal/TDSS-F (Sophos)

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

When executed, this Trojan will hook system APIs to System Service Descriptor Table in order to hide itself in kernel module. Then it will create a service by tweaking the registry and add its entry. This method will execute another Trojan module that may exist on the PC.

Win32:Alureon-CE [Rtk] may download and execute arbitrary files from a remote computer. The Trojan will monitor victim’s web usage and uses the gathered data to serve related advertisements. It also alters DNS settings to redirect Internet request to a predefined web address.

This threat may be dropped on the computer by an infection from other variants of Win32:Alureon family of Trojan.

Win32:Alureon-CE [Rtk] can inject malicious code onto legitimate system files that performs the propagation routine locally. The code’s payload is to create a duplicate copy of the Trojan to the root of fixed and removable drives. Autorun.Inf file is also dropped on the same location to execute the Trojan each time the drive is accessed.

How to Remove Win32:Alureon-CE [Rtk]

Systematic procedures to get rid of the threat are presented on this section. Make sure to scan the computer with suggested tools and scanners.

Step 1 : Restart Windows in SafeMode with Networking

Starting Windows is Safe Mode only loads minimal sets of files and drivers. Most start-up malware and viruses don't run in this mode because Windows only loads basic components to initiate the system.

NOTE: You will need to PRINT or BOOKMARK this procedure, as we have to restart the computer during the removal process.

To start Windows in Safe Mode with Networking, please do the following:

1. Remove all media such as Memory Card, cd, dvd, and USB devices. Then, restart the computer.

Boot in Safe Mode on Windows XP, Windows Vista, and Windows 7 system
a) Before Windows begins to load, press F8 on your keyboard.
b) It will display the Advanced Boot Options menu. Select Safe Mode.

Start computer in Safe Mode using Windows 8 and Windows 10
a) Close any running programs on your computer.
b) Get ready to Start Windows. On your keyboard, Press and Hold Shift key and then, click on Restart button.
c) It will prompt you with options, please click on Troubleshoot icon.
d) Under Troubleshoot window, select Advanced Options.
e) On next window, click on Startup Settings icon.
f) Lastly, click on Restart button on subsequent window.
g) When Windows restarts, present startup options with numbers 1 - 9. Select "Enable Safe Mode with Networking" or number 5.

Startup Options

h) Windows will now boot on Safe Mode with Networking. Proceed with virus scan as the next step.

2. Once the computer boots into Safe Mode with Networking, please proceed with the steps below.

Step 2 : Scan the Computer with TDSSKiller to Remove Win32:Alureon-CE [Rtk]

Anti-rootkit utility called TDSSKiller is a free tool from Kasperksy that neutralizes complicated malware which effectively hides its process, folders, files and registry entries.

1. Download TDSSKiller and save the file on your desktop or any accessible spot.

Download TDSSKiller

2. Extract the contents of downloaded file ( using archiver programs like Winzip or Winrar.
3. Locate the folder where you extracted and double-click the file TDSSKiller.exe to launch the scanner.
4. Once TDSSKiller is open, please mark Services and drivers as well as Boot Sectors. Picking these options ensures that the program will inspect boot sector and system files that are infected with Win32:Alureon-CE [Rtk]. Please refer to attached image.


5. Click on Start Scan button to begin scanning your system. This may take a while. You need to complete this process to make sure that the program detects and delete all components of Win32:Alureon-CE [Rtk].
6. When scan has finished, you may restart Windows normally. This part of the removal process using TDSSKiller is now complete.

Step 3: Run Another Scan with ZeroAccess Fix Tool

This additional step will guarantee that no more components of Win32:Alureon-CE [Rtk] are present inside the computer. If in case the first scan fails to catch all threats, running ZeroAccess Fix Tool ensures that all remaining Trojans, viruses, and malware will be deleted.

1. Download the file FixZeroAccess.exe from the provided link. Save the file to accessible location like Windows desktop. This is a free tool created by Symantec to remove variants of Zeroaccess Trojan.

Download ZeroAccess Fix Tool

2. Close all open programs.
3. Browse for the location of the file FixZeroAccess.exe. Double-click on the file to run it. If it prompts for a security warning and ask if you want to run the file, please choose Run.
4. It will open a Zero Access Fix Tool End User License Agreement (EULA). You must accept this license agreement in order to proceed with Win32:Alureon-CE [Rtk] removal. Please click I Accept.
5. Finally, it displays a message and prepares the computer to restart. Please click on Proceed.

Zeroaccess Fix Tool

6. When it shows a message about 'Restarting System' please click on OK button.
7. After restarting the computer, the tool will display information about identified threats. Continue running the tool by following the prompts.
8. When it reaches the final step, the tool will show the scan result containing deleted components of Win32:Alureon-CE [Rtk]. Your computer is now free from any harm.


About Marco Mathew

Marco Mathew works as Windows Network administrator before establishing Now, Marco is dedicating full-time to help computer users' fight viruses, malware, trojan, worms, adware, and potentially unwanted programs.

Leave a Comment

Your email address will not be published. Required fields are marked *