Severity scale:  
  (100/100)

Alureon - Misused name. Detailed guide. Removal instructions for 2019

removal by Jake Doevan - - | Type: Trojans
Add comment
Ask a question
13026 views

Alureon – a self-replicating trojan that has been involved to tech support scams

Alureon trojan

Alureon is a relatively old cyber threat – it was first spotted by researchers in 2007 and reached its peak in 2010, when it was considered the second biggest botnet at the time.[1] The virus entered PCs by being manually installed by users, such as when they downloaded rogue anti-virus software like Security Essentials 2010. After making several modifications within the system, the malware establishes itself as a rootkit[2] and starts intercepting system's network traffic, resulting in sensitive data harvesting. The threat also disables anti-malware software and redirects victims to spoofed websites on Google Chrome or any browser. Having in mind its danger level, there is no surprise that virus developers have included it into several scams, including “Windows Detected ALUREON” and “You have a ALUREON virus” scam.

Name Alureon
Type Trojan/rootkit/botnet
Also known as Windows Detected ALUREON scam; You Have A ALUREON Virus
First spotted 2010
Activity Self-replicating trojan steals personal data and redirects to malicious websites
Main dangers Loss of data, additional malware infections
Infiltration
  • The trojan itself is manually installed by victims, usually from torrents and file-sharing sites
  • The scam appears when the system is infected with adware
Elimination Use powerful anti-malware software to eliminate the rootkit
Optimization Use ReimageIntego to repair the damage done by malware

Since Alureon virus does not emit any symptoms, users were not aware of the presence of the threat on their machines. Fortunately, cybercriminals made a mistake within its code, which led 0×80070032, 0x800704ec and 0×80501001 BSoDs appearing on victims' systems (32-bit versions of Windows OS) after the MS10-015 software update. This allowed experts to research the threat and work on Alureon removal.

As soon as the rootkit enters the machine, it hijacks spoolsv.exe service and updates the master boot record which allows the virus to execute alternative Windows loading process. It also creates a randomly named copy of itself and copies it into the system folder. The threat then infects system drivers and modifies Windows Registry to assure persistence.

Researchers reported that Alureon is capable of changing DNS settings.[3] This allows the virus to reroute users to spoofed or malicious websites, where more malware can be obtained by using click fraud or other deceptive ways.

Once settled, the threat begins its activity immediately. After modifying system settings, the malware is capable of stealing the following:

  • Credit card information;
  • Usernames and passwords or all accounts;
  • Social security numbers;
  • PayPal information;
  • Other sensitive data.

While it is an old threat, it does not mean it is not active anymore. Users can still get infected, so there might be a need to remove Alureon virus from their systems permanently. We recommend using reputable security software in Safe Mode without the internet connection. Additionally, experts recommend changing passwords and using system repair tool like ReimageIntego to fix the damage done by the rootkit.

Alureon botnetAlureon is a rootkit that usually infiltrates machines after users install malicious executable from unsafe sites.

Scammers have misused virus name in Windows Detected ALUREON virus scam

Being a rootkit, Alureon is hardly detected, so it is worth mentioning that there are crooks that make use of the notoriety of the popular malware name. However, you can hardly miss the Windows Detected ALUREON Virus scam that is floating around the Internet. In this case, you can be sure that the malware reported in the alert is fake. 

“Windows Detected ALUREON virus” or “You Have A ALUREON Virus” pop-up belongs to the category of tech support scam. These alerts are displayed on the web browser after infecting it with an adware-type virus. Once installed, this threat generates dubious notifications and uses social engineering technique to trick users into contacting scammers via the given number. Once contacted, they seek the following goals:

  • Get the remote access to the system;
  • Trick the user into installing malware by presenting it as effective anti-virus;
  • Make the user pay for “fixing the system.”

“You Have A ALUREON Virus” or similar scam is typically displayed within the browser. Because of special techniques, sometimes this window can't be left when desired and even increases the illusion that a real Alureon virus is hiding on the system. However, you just need to leave the affected web browser by canceling it and then remove the related adware from the system. 

Alureon scamAlureon virus has been involved into numerous scams seeking to swindle users' money by contacting fake Microsoft experts.

Malware can penetrate into the system after the download of unsafe files from the internet

While some malware uses weak RDP or exploit kits to infiltrate systems (does not rely on the person to initiate the download), most of the cyber threats are installed by users themselves. Of course, they are not aware of the consequences when they download and install rogue software or use file-sharing, torrent sites. Nevertheless, users can also be tricked by social engineering used by criminals and believe that there is a need to download and install the malicious file.

Thus, users are advised to be vigilant when it comes to downloading freeware on their machines. Do not visit suspicious sites and do not download pirated software or keygens and cracks. While you may think you got yourself a free application, the malware is doing its job by stealing personal information in the background.

Additionally, we recommend you obtain legitimate security software that can protect from unauthorized file intrusion. Make sure that the anti-virus program is kept up to date at all times.

Eliminate Alureon from your machine without wasting your time

No matter which version of the malware has infected your system, you should take care of Alureon removal without wasting your time. If you are lucky enough to find out that it is just a scam, you need to get rid of Windows Detected ALUREON Virus by removing all suspicious entries hiding in your system. Additionally, you should reset your web browser to default. Instructions on how to do that are given below.

However, if the real threat is hiding in your system, do not even try to remove Alureon virus manually as it makes hundreds of changes. We highly recommend opting for professional help to fix your system fully. You can attempt to eliminate the threat by using security software as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes. If you find out that the virus is blocking your anti-malware, make sure you reboot your computer to Safe Mode with Networking before a scan:

  • Click on Windows Start button and write msconfig.exe into the command line;
  • Click this entry and select Boot tab;
  • Check Safe boot and Network options;
  • Click OK and Restart buttons.

Remember that the rootkit can be especially hard to remove, therefore, you might have to disconnect your PC from the internet and only then attempt the elimination. 

You may remove virus damage with a help of ReimageIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

Offer
do it now!
Download
Reimage Happiness
Guarantee Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Press mentions on Reimage
press
Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide Uninstall guide
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Download SpyHunter 5 Review »
Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions
Malwarebytes
Download | Review | Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
Download Combo Cleaner Review »
Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions

To remove Alureon, follow these steps:

Uninstall Alureon from Windows systems

To get rid of “Windows Detected ALUREON Virus” or “You Have A ALUREON Virus” scam, remove all entries you don't recognize or have not installed on the computer yourself:

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall Alureon and related programs
    Here, look for Alureon or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove Alureon from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete 'http://isearch.babylon.com...' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Eliminate Alureon from Mac OS X system

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove Alureon from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for Alureon-related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove Alureon, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to Alureon and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the Alureon-related entries.Uninstall from Mac 2

Remove Alureon from Google Chrome

To get rid of the scam from Chrome, reset it to its default state:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select Alureon and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete Alureon removal. Click on 'Reset' button to complete your removal

Delete Alureon from Internet Explorer (IE)

Remove dangerous add-ons:

  1. Open Internet Explorer, click on the Gear icon (IE menu) on the top-right corner of the browser
  2. Pick Manage Add-ons.
  3. You will see a Manage Add-ons window. Here, look for Alureon and other suspicious plugins. Click on these entries and select Disable.Remove add-ons from Internet Explorer

Change your homepage if it was altered:

  1. Open IE and click on the Gear icon.
  2. Select Internet Options.
  3. In the General tab, delete the Home page address and replace it by your preferred one (for example, Google.com).
  4. Click Apply and then select OK.Reset IE homepage

Delete temporary files:

  1. Press on the Gear icon and select Internet Options.
  2. Under Browsing history, click Delete…
  3. Select relevant fields and press Delete.Clear temporary files from Internet Explorer

Reset Internet Explorer:

  1. Click on Gear icon > Internet options and select Advanced tab.
  2. Select Reset.
  3. In the new window, check Delete personal settings and select Reset again to complete Alureon removal.Reset Internet Explorer

Erase Alureon from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the Alureon-related extension and click on the Gear icon.
  3. Click on Uninstall at the bottom.Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.Clear Edge browsing data

Reset MS Edge if that above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick DeleteAdvanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -VerboseAdvanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove.Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now.Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset.Reset Chromium Edge

Get rid of Alureon from Mozilla Firefox (FF)

Fix Firefox by removing unfamiliar browser add-ons and then reset this web browser.

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select Alureon and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete Alureon removal. Click on 'Reset Firefox' button for a couple of times

Uninstall Alureon from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for Alureon or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by Alureon, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete Alureon removal process. Select all options and click on 'Reset' button

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.

 

Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 

 

About the author
Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Jake Doevan
About the company Esolutions

References
Removal guides in other languages
es Guía de eliminación de Alureon

This entry was posted on 2020-12-01 at 01:11 and is filed under Trojans, Viruses.

Your opinion regarding Alureon