is the detection name for infected Master Boot Records (MBR) produced by certain variants of the Win32/Alureon rootkit family. The rootkit infects 32-bit and 64-bit systems.
Infected Master Boot Records detected as Trojan:DOS/Alureon.C are usually created by Trojan:Win32/Alureon.FE.
Installs other malware components
attempts to access the hidden rootkit file system (VFS) to locate the file 'boot' in the VFS root folder. It then loads 'boot' and transfers control to it.
The file 'boot' prevents Windows from checking digital signatures for drivers, installs itself as a handler for HDD read/write requests, and loads the original Windows MBR, which is stored as 'mbr' in the root VFS folder. It then transfers control to the original MBR.
Each time Windows reads from the hard drive, the file 'boot' intercepts data and monitors if the system debugger component 'KDCOM.DLL' is loaded into memory. If so, 'boot' injects another rootkit component from the VFS root folder named either 'dbg32' or 'dbg64', depending on the computer's architecture, thus forcing Windows to load it instead of the legitimate 'KDCOM.DLL' file.
The loaded rootkit component loads the main rootkit driver, which is responsible for hiding the Alureon rootkit components.
More information on the Win32/Alureon rootkit family can be found in this page.
Analysis by Sergey Chernyshev
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.