Last week a client had gotten the virus that make it appear that
you are having hd disk failures (SMART HDD failure) Normally removal of this
virus has been simple and well documented as found at reputable websites such
as here . And as such, I had
removed the virus for the client successfully, or so I thought. a few hours later, he calls me and tells me that is antivirus program, Microsoft Security
Essentials is popping up and capturing the “Aleuron.E “ virus and every time he
clicks remove, it pops backup within
seconds with the same virus.
I proceeded to run the normal tools that I have linked on my
site www.cci.net/support I first tried TDSSKILLER, the amazing and reliable tool and this time finds no root kit, then I went to McAfee and gave STINGER a try
as I had an occurrence where it found root kit when TDSSKILLER did not, still nothing was found. Hmm I then went thru all the tools, Norton
Security sweep, Microsoft Scanner, and lastly COMBOFIX. But, no positive results, Microsoft AV is still popping up with the "Aleuron.E
" virus warning
So, then I got out the Windows Xp cdrom and booted from it
and ran FIXMBR hoping that I can rewrite the master boot record to overwrite
the virus, but after the restart, it was still there.
Finally, I brought up the “Disk Manager” in Windows and
noticed an “unused” partition at the very end of Drive C. It was very small, well under 100mb and did
not seem to be formatted or have a drive letter associated with it. But this is where the virus lived. I highlighted the partition and deleted
it. Rebooted the pc, did a final
sweep with my virus scanner tools and verified that it was CLEAN.
We can expect to see more viruses using this technique.
