With the better part of my Saturday shot, I decided to throw in the towel on my wife’s infected WindowsXP system.  It is unfixable, and the culprit is a little bug called WIN32/Alureon.H.

WIN32/Alureon.H is a rootkit infection that is not detectable by Anti-Virus programs or Malware scanners.  The only way that these programs know of a rootkit’s existence is that the rootkit will exhibit “bad behavior.”  For my wife, her system would throw the following fits:

• Search results would take her to random sites on the web
• Browser activity would be re-directed after a set period of time (usually every 15 minutes)
• Download and execute other pieces of malware (mostly fake Anti-Virus)
• Advertising pop-ups

As of this writing, my wife’s system is usable except that it will not allow the system to go to Microsoft’s update site to patch the operating system (now or in the future).  The scariest part of all this was that earlier today the infection allowed in a piece of malware bent on transmitting my wife’s personal information (bank logins, passwords, etc) to a botnet.  Fortunately, this infection was removed within 5 minutes and my wife’s information wasn’t compromised.

Even though PCS has a pretty good track record of removing malware and infections, WIN32/Alureon.H has been declared “unfixable” by Microsoft (at least for now) and the recommended course of action is a wipe and reinstallation of the operating system.

If any of the above symptoms sound familiar to you, please drop us a line and let us help you recover from this nasty little bug.