is a detection for system drivers infected by members of the Win32/Alureon
is the detection for a system driver that has been infected by members of the Win32/Alureon
family. When the infecting trojan is run, it infects a system driver, usually "atapi.sys" as in the following example path:
Hides files and disk sectors
The system driver detected as Virus:Win32/Alureon.F is infected by the addition of code, whose function is to load a part of the Alureon rootkit. The Alureon rootkit is a component that gives Alureon the ability to avoid detection; it is created by the same Alureon trojan that infects the system driver.
The rootkit loaded by Virus:Win32/Alureon.F has the ability to avoid behavior blockers, which allows it to perform its malicious routines uninterrupted. It can also hide files and disk sectors.
Analysis by Vincent Tiu
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).