VirTool:WinNT/Alureon.B is a kernel mode rootkit component of the Alureon family of data-stealing trojans.

Trojan:Win32/Alureon.BB is a detection for a trojanized version of the system file advapi32.dll. It is modified by a component of the Win32/Alureon family to run other components.

Trojan:Win32/Alureon.BE is a trojan that may send system information to a remote address. Its detection may be hindered by a rootkit component, which may be detected as Trojan:WinNT/Alureon.D.

 

The Alureon family is also known to change a system's DNS settings. The Domain Name System (DNS) is used (among other things) to map domain names to IP addresses - that is, to map human-readable domain names to machine-readable IP addresses. When a user attempts to visit a particular URL, a browser will use DNS servers to find the correct IP address of the requested domain. When a user is directed to a malicious server that is not part of the authoritative Domain Name System, an attacker can provide incorrect IP addresses at their choice to map to particular domain names, thus directing the user to possibly bogus or malicious sites without the affected user's knowledge.

 

For more information refer to the description for the Win32/Alureon family.

Virus:Win32/Alureon.G is a detection for system drivers infected by members of the Win32/Alureon family.

 

Win32/Alureon is a multi-component family of trojans involved in a broad range of subversive activities online in order to generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating affected user's activities online to the attacker's benefit. As such, the various components of this family have been used for:

 

 

Trojan:Win32/Alureon.DH is a member of Win32/Alureon - a multi-component family of trojans involved in a broad range of subversive activities online that generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating an affected user's activities online to the attacker's benefit. In the wild, Trojan:Win32/Alureon.DH is used to download and install other malware, such as Rogue:Win32/FakeCog.

Trojan:Win32/Alureon.gen!P is a generic detection for a trojan that may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. These tasks could include intercepting inbound and outbound Internet traffic from the host computer, and capturing confidential information such as user names, passwords, and credit card data.

 

For more information, please refer to the Win32/Alureon family description elsewhere in the encyclopedia.

 

Please note that it may be necessary to reconfigure DNS settings after the Trojan is removed from the computer.

Trojan:WinNT/Alureon.G is a detection for the kernel-mode component of members of the Win32/Alureon family. It can hide the presence of files related to its components, prevent specific security software from loading, and drop and load its component DLL into specific processes.

Virus:Win32/Alureon.F is a detection for system drivers infected by members of the Win32/Alureon family.

Trojan:Win32/Alureon.DC is a member of Win32/Alureon - a multi-component family of trojans involved in a broad range of subversive activities online that generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating affected user's activities online to the attacker's benefit. In the wild, Trojan:Win32/Alureon.DC is used to download and install other malware, such as Rogue:Win32/FakeCog

Trojan:Win32/Alureon.B is a trojan that may help an attacker intercept inbound and outbound Internet traffic from the host computer. This may allow an attacker to capture confidential information such as user names, passwords, and credit card data. The trojan may also enable an attacker to transmit malicious data to the infected computer. Trojan:Win32/Alureon.B may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. Therefore it may be necessary to reconfigure DNS settings after the trojan is removed from the computer.

Trojan:Win32/Alureon.gen!D is a generic detection for a Trojan that may modify DNS settings on the host computer to enable the attacker to perform malicious tasks. These tasks could include intercepting inbound and outbound Internet traffic from the host computer, and capturing confidential information such as user names, passwords, and credit card data.

 

Please note that it may be necessary to reconfigure DNS settings after the Trojan is removed from the computer.

Trojan:Win32/Alureon.CL is a detection for a malicious version of the system file msvcrt.dll. It is modified by a component of the Win32/Alureon family to run other components.

Trojan:Win32/Alureon.gen!S is generic detection for Win32/Alureon, a trojan that may help an attacker intercept inbound and outbound Internet traffic from an infected computer. This may allow an attacker to capture confidential information such as user names, passwords, and credit card data. The trojan may also enable an attacker to transmit malicious data to the infected computer.

 

Trojan:Win32/Alureon.gen!S may install a driver detected as Trojan:WinNT/Alureon.D.

Virus:Win32/Alureon.gen!C is a component of Win32/Alureon - a family of data-stealing malware. Alureon allows an attacker to intercept incoming and outgoing Internet traffic in order to gather confidential information such as user names, passwords, and credit card data. Win32/Alureon may also allow an attacker to transmit malicious data to your computer.
 
This threat can make it difficult for you to download, install or update your virus protection, whether you have an antivirus product such as Microsoft Security Essentials installed on your computer or not.

If you suspect you have been infected with this threat, we recommend using Windows Defender Offline to detect and remove it; please see detailed instructions on how to use Windows Defender Offline below.

Trojan:DOS/Alureon.C is the detection name for infected Master Boot Records (MBR) produced by certain variants of the Win32/Alureon rootkit family. The rootkit infects 32-bit and 64-bit systems.

Trojan:Win32/Mashigoom.C is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Windows Defender detects and removes this threat.

The threat is a member of the Alureon family of data-stealing trojans. These trojans allow a malicious hacker to get confidential information such as your user names, passwords, and credit card data.

For more information on the Alureon family, see the Alureon family description and the DOS/Alureon description.

Find out ways that malware can get on your PC.