Trojan:WinNT/Alureon.L is a driver, which is dropped by Trojan:Win32/Alureon.DX. It may hijack Internet search results and download arbitrary files. It is also responsible for determining what Alureon component to inject into a Windows process.

Trojan:Win32/Alureon!inf is a detection for the autorun.inf file created by members of the Win32/Alureon family when spreading via shared and removable drives.

 

Win32/Alureon is mostly a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon family may also allow an attacker to transmit malicious data to the infected computer. Alureon may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

 

Later variants of this family have developed into worms that spread via shared and removable drives.

Trojan:Win32/Alureon.CO is a trojan that downloads and executes arbitrary files. Some malware detected with this name may also be able to spread to removable drives.

 

For more information on Win32/Alureon, please see our family description elsewhere in this encyclopedia.

Windows Defender detects and removes this threat.

The threat is a member of the Alureon family of data-stealing trojans. These trojans allow a malicious hacker to get confidential information such as your user names, passwords, and credit card data.

For more information on the Alureon family, see the Alureon family description and the DOS/Alureon description.

Find out ways that malware can get on your PC.

Trojan:Win32/Alureon.gen!AD is the generic detection for variants of the Win32/Alureon family. This malware can execute in 64-bit versions of Windows and uses exploits to install other Alureon components. It communicates with a remote server to report its installation and to download updates of the malware. This variant uses advanced stealth techniques such as modifying the Master Boot Record (MBR) to hinder detection and removal of its various components.

Windows Defender detects and removes this threat.

This threat is part of the Alureon malware family. It runs a file installed by other Alureon malware.

Find out ways that malware can get on your PC.

Trojan:Win32/Alureon.FK is a component of Win32/Alureon - a family of data-stealing trojans. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. The Win32/Alureon trojan may also allow an attacker to transmit malicious data to the infected computer.

The trojan may modify DNS settings on the host computer to enable the attacker to perform these tasks. As a result, it may be necessary to reconfigure DNS settings after Win32/Alureon is removed from the computer.

Restoring DNS Settings

The Domain Name System (DNS) is used (among other things) to map domain names to IP addresses - that is, to map human-readable domain names to machine-readable IP addresses. When a user attempts to visit a particular URL, a browser will use DNS servers to find the correct IP address of the requested domain. When a user is directed to a malicious server that is not part of the authoritative Domain Name System, an attacker can provide incorrect IP addresses at their choice to map to particular domain names, thus directing the user to possibly bogus or malicious sites without the affected user's knowledge.

Win32/Alureon may modify DNS settings on the host computer, thus the following steps may be required after the Win32/Alureon removal is complete:

• If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary. For information on configuring TCP/IP to use DNS in Windows XP, see http://support.microsoft.com/kb/305553
• If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Win32/Alureon may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Win32/Alureon backs up the infected dial-up configuration file to:
  
  %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak

Windows Defender detects and removes this threat.

Trojan:Win32/Alureon.GQ is a member of the Win32/Alureon family of malware - a family of data-stealing malware. These trojans allow an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information from your computer, such as user names, passwords, and credit card data.

The trojan is also used to generate traffic to specific URLs.

Win32/Alureon can also allow an attacker to transmit malicious data to your computer. It might modify DNS settings on your computer to enable the attacker to perform these tasks.

The Domain Name System (DNS) is used (among other things) to map domain names to IP addresses - that is, to map human-readable domain names to machine-readable IP addresses. When you attempt to visit a particular URL, a browser uses DNS servers to find the correct IP address of the requested domain. When you are directed to a malicious server that is not part of the authoritative Domain Name System, an attacker can provide incorrect IP addresses at their choice to map to particular domain names, thus directing you to possibly bogus or malicious sites without your knowledge.

You might need to reconfigure DNS settings after the trojan is removed from your computer. See the "What to do now" section below for advice on how to do this.

Windows Defender detects and removes this threat.

Trojan:DOS/Alureon.AB is a part of Win32/Alureon - a family of data-stealing malware. Alureon steals confidential information from your computer, such as user names, passwords, and credit card data. Win32/Alureon may also allow an attacker to transmit malicious data to your computer.

This particular variant infects the Master Boot Record (MBR).

Trojan:Win32/Alureon.gen!AB is the generic detection for a member of the Win32/Alureon family. It drops another malware, tries to delete the Hosts file, and tries to create a virtual file system (VFS). It may also connect to certain servers.

Trojan:Win32/Mashigoom.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Trojan:Win32/Mashigoom.B is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Trojan:Win32/Mashigoom.C is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Trojan:Win32/Mashigoom.D is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.