{"id":72955,"date":"2010-02-18T08:07:40","date_gmt":"2010-02-18T08:07:40","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72955"},"modified":"2010-02-18T08:07:40","modified_gmt":"2010-02-18T08:07:40","slug":"alureon-infected-system-show-bsod-after-ms10-015-applied","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/alureon-infected-system-show-bsod-after-ms10-015-applied\/","title":{"rendered":"Alureon infected system show BSOD after MS10-015 applied"},"content":{"rendered":"<p>If your system has restarted after applying the MS10-015, this might be a sign that your system is infected with the notorious W32.Alureon malware. It is one of complex and advanced piece of malware which is been in existence for quite sometime now. Some of the function it is loaded with are modification of DNS settings, search hijacking, and click fraud. It infects the system critical drivers with whose help it tries to avoid being detected by security products. In the recent version of this malware we seen it is able to infect the miniport driver associated with the hard disk of the operating system, this gives the malware full control on disk activity.<\/p>\n<p><strong>Here is a list of filenames used by this malware:<\/strong><\/p>\n<p>atapi.sys<br \/>\niaStor.sys<br \/>\nnvata.sys<br \/>\nnvstor32.sys<br \/>\nnvstor.sys<br \/>\nnvgts.sys<br \/>\nnvatabus.sys<br \/>\nSiSRaid.sys<br \/>\nIdeChnDr.sys<br \/>\niastorv.sys<\/p>\n<p>For example: \u2018atapi.sys\u2019 resides at the following location:<br \/>\n%windir%system32driversatapi.sys<\/p>\n<p>Quick Heal users are well protected by this malware as we have the detection. We will post more information on this soon.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If your system has restarted after applying the MS10-015, this might be a sign that your system is infected with the notorious W32.Alureon malware. It is one of complex and advanced piece of malware which is been in existence for quite sometime now. Some of the function it is loaded with are modification of DNS [&hellip;]<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72955","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72955"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72955"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72955\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72955"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72955"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72955"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}