Alureon.GB Leads More Trojan Horse, How to Remove It When Anti-virus Program Fails?

Where Does Alureon.GB Trojan Come from?

Generally speaking, Alureon.GB Trojan undertakes its evil goal so covertly that some anti-virus program can’t detect it even when it is planted firmly in a computer. According to the long-term survey by VilmaTech lab, drive-by download is its major dissemination routine; however, Alureon.GB tends to trick PC users into downloading the Trojan horse willingly with computer-friendly functions it claims to have.

In effect, it is pretty easy to identify if a program is harmless or not. No downloading applications from pop-up ads from nowhere, unknown websites or the sites ending with a string of random number and letter combination will guarantee computer security.

 

Fatal Alureon.GB

Alureon.GB is categorized as Trojan horse program that can be controlled remotely for information and money theft. Just like the Trojan horse in Homer Epic, Alureon.GB serves as a container to bring more Trojan horse and other types of infections into the targeted computer. And it is certified by the report on computer help forum. Alureon.gen!AD, Alureon.gen! F, Alureon.gen! L and more will be loaded onto the compromised machine before long.

To be specific, Alureon.GB is a bootkit Trojan – a kernel-mode rootkit variant. As its name suggests, the Trojan horse manages to destroy or at least subvert the operation in MBR, VBR or boot sector. Whenever a computer starts, the Alureon Trojan horse is wakened up to proceed what had been stopped from the last time. A Trojan horse that subverts boot sector can be lethal as it replaces the legitimate boot loader with a compromised one under its control to:

1. intercept keys and passwords protected by disk encryption systems
2. disable build-in security defense/center.
3. affect .dll and .exe files to set up botnet and disable services that could’ve stopped it.

 

Quick Alureon.GB Removal Is Required

Don’t waste time in trying scanning by or downloading anti-virus programs as it has been made crystal clear that Alureon.GB has the capability of shutting down security defense. What’s worse, it is a master of disguise to embed vicious codes into files with the same name as system files’. Though what Alureon.GB aims is money, it still puts affected machine to BSoD for certain that nothing is removed until the task is completed. Therefore, manual method is highly recommended to buy time and solve the problem effectively. Yet, senior skills are required in some steps to filter out the malicious items from a number of critical system files. Stick to the steps offered below. You are welcome to ask for specialized technical help from VilmaTech Online Support in the event that you run into confusion or unexpected situations during the removal process.

 

Remove Trojan Alureon.GB in Manual Way

Step1.
Disable System Restore function and remove restore file.
Trojan Alureon.GB would affect System Restore to make sure that it haunts around to get the most out of comprehensive information.

a. disable System Restore

1. Find “My Computer”/”Computer” on desktop to right click on it.
2. When you get the drop down menu, please select “Property”.
3. Hit System Restore tab and tick “Turn off System Restore”.
4. Press on OK button to save the change.
   

b. remove restore file

1. hold and press Win key and R key, you’ll get Run dialogue box.
   
2. Enter “CMD” and press Enter key to access its window.
3. Please type “-h -r C:\_RESTORE” and followed by Enter key to complete the command by typing “DELETE _RESTORE”.
4. Press Enter key will you remove restore file.

 
 
Step2.
Clear browsers’ cache/ temporary files that are affected by Alureon.GB Trojan.

Internet Explorer

1. Access IE’s Tools Menu to select Delete browsing history.
2. Tick “Temporary Internet files” option.
3. Using Delete button will complete the process automatically.
   

Mozilla Firefox

1. Access Firefox’s Tools Menu and select “Options”.
2. Hit Advanced tab and navigate to its sub-tab “Network”.
3. Press “Clear Now” button next to “Your web content cache is currently …”.
   

Google Chrome

1. Click on the spanner icon to select “Tools” for “Clear browsing data”.
2. In the drop down menu, select “the beginning of time”.
3. Then tick the first four options before clicking on “Clear browsing data”.
   

 
 
Step3.
Show hidden files and folders to remove items related to Alureon.GB Trojan.

Windows 7/XP/Vista

1. Access Control Panel from Start menu and enter “user accounts and family safety”.
2. Select ‘Folder Options’ to continue.
3. Hit View tab to tick ‘Show hidden files and folders” and non-tick “Hide protected operating system files (Recommended)’.
   

Windows 8

1. Open Windows Explorer to hit View tab.
2. Tick ‘File name extensions’ and ‘Hidden items’.
   

a. remove the given items:

C:\WINDOWS\Temp
C:\Users\[user name]\AppData\Local\Temp\
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File

b. navigate to the following directories and remove the items generated on and after the date when Alureon.GB was firstly detected:

%SystemDriver%\
C:\Windows
C:\Program Files\
C:\windows\system32\
C:\users\user\appdata\local\
C:\Users\[your username]\Documents\
C:\users\[username]\appdata\locallow\

specific steps:

• Navigate to the directories respectively and right click on the space to get options.
• Select “Arrange by” and then “Day”, you’ll have files and folder arranged chronologically.
• Remove the items generated on and after the date when Alureon.GB was firstly detected according to the creation time.

 
 
Step4.
Rectify Registry to remove Alureon.GB thoroughly by referencing the database on healthy computer.

1. Use Win+R key combination to get Run dialog box.
2. Enter “regedit” and hit Enter key will you be led to Database.
3. Navigate to the following entries and remove the values started with “Run” that are not existing on healthy computer.

HKEY_LOCAL_MACHINE\Software\Microsof\tWindows\CurrentVersion\
HKEY_CURRENT_USER\Software\Microsof\tWindows\CurrentVersion\
HKEY-USERS\.Default\Software\Microsoft\Windows\CurrentVersion\

 
 

Registry Bakcup

Rectifications in Registry Entry is always recommended to deal with deadly computer threats as Registry Entry holds all the codes and commands that control a machine’s operation. A kind reminder is herein offered that deficiency in computer technique and knowledge can also lead to system breakdown in the rectifications there. If you insist on doing on your own, it is highly recommended to backup registry entries in case something goes wrong that could lead to permanent damage overtime. Here’s the video to show how:

 

Complete Removal of Trojan Alureon.GB Is Necessary

As we’ve learned that Alureon.GB brings in additional computer threats during its occupation, more steps should be taken after the thorough removal of the Trojan horse. What the Alureon Trojan brings in is unpredictable, it is impossible to offer an all-rounded removal thread but one for Alureon.GB exclusively. As we now know that drive-by download is one of its major spreading methods, no removal of the additional threats may bring the Trojan back in no time. Should you have no idea how to deal with the unexpected infections, live chat with senior technician from VilmaTech Online Support to get the solution according to your concrete situation.

 

Alureon.GB Summery Plus

1. Alureon.GB manages to introduce in additional computer threats and cause internet hoax such as websearch.searc-hall.info.
2. Alureon.GB subverts boot sector to be capable of disabling anti-virus programs and the related security defense.
3. The Alureon Trojan horse opens up backdoor to allow unauthorized physical access to the targeted machine for information and money theft.
4. Alureon.GB gives rise to mechanical dysfunctions.

 

Published & last updated on November 3, 2014 by Erik V. Miller