We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Alureon.gen!H
Aliases: Trojan.Downloader.Zlob.ABLC (BitDefender) Win32/VMalum.CDXH (CA) Trojan.DNSChanger-3115 (Clam AV) Win32/DNSChanger (ESET) Trojan.Win32.DNSChanger.bix (Kaspersky) DNSChanger.gen (McAfee) W32/DNSChanger.AIXG (Norman) Trojan-Downloader.Zlob.Media-Codec (Sunbelt Software) TROJ_ALUREON.AV (Trend Micro)
Summary
Restoring Corrupted Files
Restoring DNS Settings
-
If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary. For information on configuring TCP/IP to use DNS in Windows XP, see http://support.microsoft.com/kb/305553
-
If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Win32/Alureon may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Win32/Alureon backs up the infected dial-up configuration file to:
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak