Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Alureon.gen!B
Detected by Microsoft Defender Antivirus
Aliases: No associated aliases
Summary
Trojan:Win32/Alureon.gen!B is generic detection for a trojan that may help an attacker intercept inbound and outbound Internet traffic from the host computer. This may allow an attacker to capture confidential information such as user names, passwords, and credit card data. The trojan may also enable an attacker to transmit malicious data to the infected computer. Trojan:Win32/Alureon.gen!B may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer.
Trojan:Win32/Alureon.gen!B may enable an attacker to transmit malicious data to the infected computer. Recovering from this situation may require measures beyond removing Trojan:Win32/Alureon.gen!B from the computer. For this reason, attempting manual removal of Trojan:Win32/Alureon.gen!B is not recommended. To detect and remove this trojan as well as other malicious software, run a full-system scan with an up-to-date antivirus product such as the Microsoft Malicious Software Removal Tool (http://www.microsoft.com/security/malwareremove/default.mspx) or the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx
Trojan:Win32/Alureon.gen!B may modify DNS settings on the host computer. Therefore, follow these steps after Trojan:Win32/Alureon.gen!B removal is complete:
-
If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary. For information on configuring TCP/IP to use DNS in Windows XP, see http://support.microsoft.com/kb/305553
-
If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Trojan:Win32/Alureon.B may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Trojan:Win32/Alureon.B backs up the infected dial-up configuration file to:
%allusersprofile%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak