Trojan:WinNT/Alureon.E is detection for an obfuscated kernel-mode root kit component of the Win32/Alureon family. Win32/Alureon is a family of data-stealing trojans that allow an attacker to intercept incoming and outgoing Internet traffic to gather confidential information such as user names, passwords and credit card data.

TrojanDownloader:Win32/Alureon.A downloads and runs Trojan:Win32/Alureon.A, a data-stealing trojan. Trojan:Win32/Alureon.A allows an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. Trojan:Win32/Alureon.A may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. Therefore it may be necessary to reconfigure DNS settings after Trojan:Win32/Alureon.A is removed from the computer.

TrojanDropper:Win32/Alureon.J is the detection for a DLL component of malware that is usually dropped and installed in the system by other malware. It may download and execute other files, block access to certain websites, and redirect searches. For more information, please refer to the description of the Win32/Alureon family.

VirTool:WinNT/Alureon.B is a kernel mode rootkit component of the Alureon family of data-stealing trojans.

Trojan:Win32/Alureon.gen is a generic detection for a trojan that may alter domain name resolution (DNS).

Trojan:Win32/Alureon.E is a trojan that modifies DNS settings on the host computer. The altered DNS settings may enable an attacker to intercept inbound and outbound Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The modified DNS settings may also enable an attacker to transmit malicious data to the infected computer. Because the trojan modifies DNS settings on the computer, it may be necessary to reconfigure those settings after the trojan is removed from the computer.

Trojan:Win32/Alureon.CL is a detection for a malicious version of the system file msvcrt.dll. It is modified by a component of the Win32/Alureon family to run other components.

Trojan:Win32/Alureon.CJ is a detection for a malicious version of the system file msvcrt.dll. It is modified by a component of the Win32/Alureon family to run other components.

Trojan:Win32/Alureon.CD is a detection for a malicious version of the system file msvcrt.dll. It is modified by a component of the Win32/Alureon family to run other components.

Trojan:Win32/Alureon.BP is a detection for a particular Microsoft Windows DLL file that has been modified to load a malicious library.

 

A file detected as Trojan:Win32/Alureon.BP is a modified MSVCRT.DLL file. This file may have been modified by another malware. The modification replaces an API (Application Programming Interface) exported by MSVCRT.DLL with a snippet of malicious code designed to load a DLL named DLL.DLL, which is possibly a dropped malicious component of the Win32/Alureon family of trojans.

Trojan:Win32/Alureon.BK is a component Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

Trojan:Win32/Alureon.BJ is a component of Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

 

Trojan:Win32/Alureon.BJ is a DLL component of Win32/Alureon. It intercepts HTTP-related system APIs to direct an affected user's search text to a particular server. It also downloads and executes arbitrary files from a remote server.

Trojan:WinNT/Alureon.G is a detection for the kernel-mode component of members of the Win32/Alureon family. It can hide the presence of files related to its components, prevent specific security software from loading, and drop and load its component DLL into specific processes.

Trojan:Win32/Alureon.CG is a trojan that monitors user Web usage and may send captured data to a remote server.

 

For more information refer to the description for the Win32/Alureon family.

Trojan:Win32/Alureon.CU is a trojan that downloads and executes arbitrary files. It is a member of Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer. The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer.

 

For more information on Win32/Alureon, please see the family description elsewhere in the encyclopedia.

Trojan:Win32/Alureon.BU is a trojan that may monitor the system's network communications.

 

Members of the Win32/Alureon family may also modify DNS settings on the host computer. The Domain Name System (DNS) is used (among other things) to map domain names to IP addresses - that is, to map human-readable domain names to machine-readable IP addresses. When a user attempts to visit a particular URL, a browser will use DNS servers to find the correct IP address of the requested domain. When a user is directed to a malicious server that is not part of the authoritative Domain Name System, an attacker can provide incorrect IP addresses at their choice to map to particular domain names, thus directing the user to possibly bogus or malicious sites without the affected user's knowledge.

 

For more information, refer to the Win32/Alureon family description.

Virus:Win32/Alureon.I is a detection for system drivers infected by members of the Win32/Alureon family.

 

Win32/Alureon is a multi-component family of trojans involved in a broad range of subversive activities online in order to generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating affected user's activities online to the attacker's benefit. As such, the various components of this family have been used for:

 

 

 

Virus:Win32/Alureon.J is a detection for system drivers infected by members of the Win32/Alureon family.

 

Win32/Alureon is a multi-component family of trojans involved in a broad range of subversive activities online in order to generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating affected user's activities online to the attacker's benefit. As such, the various components of this family have been used for:

 

 

 

Virus:Win32/Alureon.K is a detection for system drivers infected by members of the Win32/Alureon family.

 

Win32/Alureon is a multi-component family of trojans involved in a broad range of subversive activities online in order to generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating affected user's activities online to the attacker's benefit. As such, the various components of this family have been used for: