We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/Alureon.gen!S
Aliases: Win-Trojan/Agent.29696.KC (AhnLab) Trojan horse BHO.GGA (AVG) Win32/FakeAlert.HZ (CA) Packed.Win32.Tdss (Ikarus) Backdoor.Win32.TDSS.asz (Kaspersky) FakeAlert-AG.gen.a (McAfee) W32/Tidserv.B (Norman) Backdoor.Tidserv (Symantec)
Summary
Restoring Corrupted Files
Restoring DNS Settings
- If the computer has a network interface that does not receive a configuration using DHCP, reset the DNS configuration if necessary. For information on configuring TCP/IP to use DNS in Windows XP, see http://support.microsoft.com/kb/305553
- If a dial-up connection is sometimes used from the computer, reconfigure the dial-up settings in the rasphone.pbk file as necessary, as Win32/Alureon may set the fields "IpDnsAddress" and "IpDns2Address" in the rasphone.pbk file to the attacker's address. The Microsoft scanner code that automatically removes Win32/Alureon backs up the infected dial-up configuration file to:
%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\rasphone.pbk.bak