Removing Alureon.A / Backdoor.Tidserv!kmem

A friend had a nasty virus on his Windows XP computer. His Symantec endpoint protection software continually notified that a virus was found but not removed. In the Symantec program the virus was called "Backdoor.Tidserv!kmem".

First, I wanted to make sure that his XP was up-to-date. Updating Windows is important to make sure all known security holes are patched up. That makes it harder for viruses to get in the system in the first place. Unfortunately, the whole update system was disabled by the virus! Microsoft update and windows update webpages did not work on Internet Explorer, and you cannot use other browsers on those sites.

What I did first was to try to fix the update system by manually installing the Microsoft Windows update agent.  That did not work, and the windows did still not update with the virus in it.

Then I tried to manually install the Windows Malicious Software Removal Tool, and to remove the virus with it. Normally the removal tool is installed with the updates automatically, but now the virus was blocking that route, so that's why I had to install it manually. After running a quick scan with it and finding the virus (Alureon.A), I found that even the Malicious Software removal tool cannot remove this nasty virus.

By the way, If you ever want to run the Malicious Software Removal Tool again, you can just go to Start menu and click "Run...", and then write "mrt" and press enter. This will start the removal tool for you.

Back to the virus removal. By googling Alureon.A I finally found a cure. This Rootkit removal tool by Kaspersky (download link) removed the virus finally. Kaspersky's webpage for the tool is here. Symantec gave few virus warnings as the Kaspersky tool was running, but it didn't interfere with the removal. After booting the computer, also the windows update system was functional again!

Now the first thing to do was to update the XP to the newest version by going to the Microsoft Update webpage with Internet Explorer, and installing all the Express updates.

Finally the computer was free of viruses, and patched against the newest security holes. Always remember to update Windows and your web browser regularly to avoid virus infections!

Comments

Post a Comment

Popular posts from this blog

How to fix the weird audio bug in Kingdom Come: Deliverance

Image
  Kingdom Come: Deliverance has a bug which makes the sound come out muffled or like the characters were talking far away or through a tunnel. This seems to be because the game thinks you are using multichannel surround sound. There seems to be no option to change the audio mode in-game. Instead, you should change your audio settings in Windows by following these directions: Press the windows key Type "Choose your output device" and select the search result. Select "Device properties" under the Output caption. Select "Additional device properties" This dialog will differ depending on your audio hardware. Go to the Advanced tab. There should be a selection for the default audio format. You should select something like this: 2 channel 44100 Hz audio. I had my Focusrite audio interface set up with 8 channels 24bit 44100 Hz, and that caused Kingdom Come to think I have surround sound. After changing the channel amount to 2 the audio started working correctly.
Read more

How to install and play Curse of Monkey Island on Android

Image
There are some great adventure games on Android already. I can warmly recommend Thimbleweed Park or The Silent Age for example. But what if you wanted to play an old classic that cannot be found on Google Play? ScummVM is an app that can emulate these games, if you have the data files. And Curse of Monkey Island is one of these classics. Installation Purchase Curse of Monkey Island from gog.com or Steam (costs about 5€) Download and install it with the GOG Galaxy launcher ... Or Steam Locate the Curse of Monkey Island install directory on your PC Copy the directory to your Android phone, either with a USB cable or on the SD card with an adapter Install the ScummVM app on your phone Start ScummVM and press "Add game" Find the game folder on your phone, select it and click OK.  If you have trouble finding the folder, I made a separate guide for that. Now you can start enjoying Curse of Monkey Island! These instructions should also work on an iPhone. Controls The game is or
Read more

Running Black Dahlia on modern PCs

I just played through the old PC adventure game Black Dahlia. It's a good game, well worth a look if you like adventure games. It's a full-motion video (FMV) based game spanning 8 CDs, with some OK acting and an entertaining (but confusing and sometimes illogical) plot. The game was made in 1998 for Windows 95/98 and it's not that trivial to get it to work flawlessly. Here's how to do it. If you are running a Windows version above Windows XP If you are using any of these: Windows Vista Windows 7 Windows 8 Windows 10 Windows 11 ...you most probably can't make the game work without a virtual machine. But still I recommend you to try it yourself, using the below game installation guide. Installing Win95 / 98 on a virtual PC 1) Install Oracle VM Virtualbox and create a virtual PC 2) Install Windows 95 or 98 on the virtual PC Get hold of a copy of Windows 95 or 98. Maybe the easiest to install is the Windows 95 floppy disk version. Here's a guide to help you with
Read more

How to get rid of coil whine just by tweaking BIOS

Finally. No more ringing in my ears! I had a really bad case of coil whine with my computer. In the end I fixed it just by tweaking the BIOS! The coil whine was at it's worst when the PC was idling or under a light load.  Coil whine is a high-pitched sound that is produced by coils resonating at a high frequency. It is really hard to sense where exactly it's coming from. This is because humans cannot sense direction for high-pitched sounds. At first I thought it was my graphics adapter. So I bought a new used one. But the ringing was still there after the upgrade. Next up, I suspected my PSU was the culprit. So I changed the power supply to a newer 80 Plus Platinum model. I hate changing the PSU. And it didn't help. So it looked like my motherboard was the cause. It's an older ASUS motherboard, P8H67-V.  After googling around a bit, I found people talking about ASUS motherboards and coil whine when power-saving features are on in the BIOS . The so-called "C-state&
Read more

Create a sleep timer for Youtube, Twitch, Netflix etc. on Windows 10

Here are instructions on how to create a Windows 10 sleep timer that will close your browser after a specified time. It's great for those who like to watch Youtube at night. Just copy and paste this into notepad, then save the file with a .bat file extension, for example sleepbrowser.bat. The below script will close Firefox after 60 minutes. You can easily edit the delay in minutes. Just edit the row "SET SLEEPDELAYMIN=60". If you use Chrome, Opera, Internet explorer or Edge, just replace the part 'firefox.exe' with your browser's executable name. This works also as a sleep timer for any other type of program than just browsers. You could make it close Spotify or Winamp as well. Here is the batch script. echo off SET SLEEPDELAYMIN=60 SET /A SLEEPDELAY=60*SLEEPDELAYMIN echo Will close Firefox after %SLEEPDELAYMIN% minutes timeout /t %SLEEPDELAY% /nobreak echo Killing Firefox... taskkill /F /T /IM firefox.exe I use the script also to start t
Read more

Asus K8n bios update

Image
I was bummed to find out that there was no USB boot option on my K8N motherboard BIOS. Hoping that a BIOS update would give me that option, I started to figure out what to do. I downloaded the latest BIOS version from the ASUS K8N pages . (download -> select your OS -> BIOS -> Bios version 1011). The version 1011 was released in 2006, so I figure that will be the last version they will release. Then I got the Asus Update program for Win XP, from softpedia . First, I saved the current BIOS for backup reasons. I selected "Save current BIOS to file" and clicked Next, chose a folder and saved it as "oldBIOS.rom". Then I updated the BIOS with "Update BIOS from file". I chose the new BIOS rom file "1011.rom" I downloaded earlier.   The BIOS Flash window. After a short while the BIOS flashing window appeared, with info on my current BIOS version and the one I was updating into. I figured it would be safer to clear the CMOS checksum t
Read more