We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Alureon.DA
Aliases: W32/Trojan3.BVD (Command) TR/Crypt.XPACK.Gen2 (Avira) Trojan.Downloader.JNDR (BitDefender) Win32/TrojanDownloader.FakeAlert.AXP (ESET) DNSChanger.bu (McAfee) Troj/Agent-NMH (Sophos) Packed.Win32.Tdss.q (Sunbelt Software) Trojan.FakeAV (Symantec) TROJ_FAKEAV.MAE (Trend Micro) TROJ_FAKETWT.A (Trend Micro) Trojan.Alureon.Gen!Pac.13 (VirusBuster)
Summary
Restoring Corrupted Files
Restoring DNS Settings
-
If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary. For information on configuring TCP/IP to use DNS in Windows XP, see http://support.microsoft.com/kb/305553
-
If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Win32/Alureon may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Win32/Alureon backs up the infected dial-up configuration file to:
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak