is a detection for system drivers infected by members of the Win32/Alureon
is the detection for a system driver that has been infected by members of the Win32/Alureon
family. In the wild, the following Alureon trojans have been observed to infect files, which are then detected as Virus:Win32/Alureon.A
When the infecting trojan is run, it infects a system driver, usually 'atapi.sys'. It has also been observed to infect 'iastor.sys' but other system drivers may also be targeted.
Hides files and disk sectors
The system driver detected as Virus:Win32/Alureon.A is infected by the addition of code, whose function is to load a part of the Alureon rootkit. The Alureon rootkit is a component that gives Alureon the ability to avoid detection; it is created by the same Alureon trojan that infects the system driver.
The rootkit loaded by Virus:Win32/Alureon.A has the ability to avoid behavior blockers, which allows it to perform its malicious routines uninterrupted. It can also hide files and disk sectors.
Analysis by Patrik Vicol
Alerts from your security software might be the only symptom.