The alureon.dx is another form of Trojan which penetrates in to the system without the prior knowledge of the user. It can steal all the confidential information and send that to a remote device. The security risk concerned with it are more as your data is transferred to any other system and it can be used in any way it is needed. When you are opening a particular website you can be redirected to any other page. The page may contain harmful elements which can hamper the working of the computer. Automatic routing of the webpage to a SPAM page is also a consequence of an alureon.dx infection.
The alureon.dx is a potentially hazardous member of the Alureon family with a threat level as ‘severe’ as awarded by Microsoft. It is not a Trojan, but a rootkit (the software that is installed by a Trojan like alureon.a or alureon.h once it has successfully penetrated into your system. The alureon.dx is also named as Dropper.Agent.YXL by the AVG antivirus program. The .dx extension refers to a file containing OpenDX type data. It refers to an application or an octet stream. This .dx extension should not be confused with the one used by softwares used for creating engineering & architectural drawings.
If an alureon.dx has come in to your computer you can find a number of symptoms by which you can know about it. Some of your documents will be modified without the user intervention. Malfunctioning of the printer (printing of test pages without commanding it to do so, printing of the work documents without a print command initiated, etc). Even the messages will not be clear and you cannot understand the information. If you want that nothing of this sort occurs another time you can remove all the components without waiting or else it can be a mess for you.
The alureon.dx rootkit will anonymously control & manipulate the incoming & outgoing traffic from your system and/or your network. The amazing feature is that it will easily attach its activity to any normal system or user related process of your operating system, thus camouflaging its activity. On a 32 bit operating system, alureon.dx copies itself to the %Temp% directory and then converts its copy into a .dll file. It may try to manually start the spool service (a printer related process). In many a cases, it creates a driver file onto the system having, in general cases, a .tmp extension and makes changes to the registry of the dropped driver file. The virtual file system created by the alureon.dx rootkit contains files having names like bckfg.tmp, cfg.ini, cmd.dll, drv64, ldr16, ldr32, ldr64 and so on.
On a 64 bit system, alureon.dx directly transcribes into the virtual file system. It also tries to modify the master boot record of the computer. A force reboot of the computer follows so as to apply the changes made by the rootkit.
Preventive measures, as will be elaborated in the further sections are quite useful against such attacks. Software aided as well as manual removal of alureon.dx is a somewhat tedious job.