How to Delete the Svchost.exe DOS/Alureon.ab Trojan

So you got infected with the svchost.exe DOS/Alureon.ab trojan and can’t get rid of it. This trojan is a really nasty one that often requires personalized help. However, quite often it’s possible to find and delete this svchost.exe virus by following several simple steps. In this article we are going to share them with you.

What Is the DOS/Alureon.ab Trojan?

DOS/Alureon.ab trojan is a new version of the famous Alureon virus. It infects the Master Boot Record (MBR) and is stored in an encrypted virtual file system (VFS), which makes it exceptionally difficult to remove. It often results in 100% CPU usage by svchost.exe. The symptoms of this infection are the following:

• 100% svchost.exe CPU usage
• alerts from your security software
• voices sounding like ads in different languages
• your computer make become only usable in Safe Mode

Because the DOS/Alureon.ab trojan can damage the Master Boot Record, sometimes the only way to get rid of it is to reformat the hard drive and reinstall Windows. But that should only be used as a last resort.

How to Delete the Svchost.exe DOS/Alureon.ab Trojan

Removing the DOS/Alureon.ab svchost.exe trojan is a complicated multi-stage process. Here is what you need to do:

Step 1: Back up Important Files

The first thing you should do is back up all your important files. This will make sure you don’t lose any of your important data in case you need to reformat your PC.

Step 2: Run a Scan with Your Security Software

A scan with your security software may delete the virus if the infection hasn’t spread yet. Make sure your antivirus has the latest definitions before you run a scan.

If you are not sure what software you should use, we recommend download Malwarebytes (free) and Hitman Pro (free). These two malware removal tools work very well and Hitman Pro can me used from a flash drive.

If these programs find the infection, let them delete it and then reboot your computer. If not, move on to the next step.

Step 3: Run Kaspersky’s TDSSKiller

If Malwarebytes and Hitman Pro don’t help, try scanning and repairing your PC with TDSSKiller, a special malware removal tool designed to delete rootkits. This tool is developed by Kaspersky Labs and is very efficient. You can download it here.

Step 4: Delete DOS/Alureon.ab Registry Entries

You can also try to remove the DOS/Alureon.ab trojan manually by deleting its entries from the registry. Here is how:

1. Press Ctrl+Shift+Esc to open the Task Manager
2. Click on the “Show processes from all users” button
3. Now go to the Processes tab and see if there is an svchost.exe process that is using up all the CPU
4. If there is one, stop it immediately
5. Now click on Start, select Run and type “regedit” in the Run box
6. Hit Enter

The Registry Editor will open. Search for the following entries and delete them:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Regedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = “”.exe.dll
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Settings\{.exe}

Now open Windows Explorer and open Folder Options. Go to the View tab and make sure the option to “Hide protected operating system files” is unchecked.

Search your computer for the following and delete these entries if you find them:

c:\Windows\System32\random letter
%AllUsersProfile%\Programs\{random letters}\

Step 5: Run a Windows Repair Tool

If you find it difficult to remove the svchost.exe virus manually, run our recommended Windows repair tool after you scan your PC with an antivirus. The Windows repair tool will delete all registry entries that belong to the trojan and make sure your computer is healthy.