Check out the .announcements group--there's a thread there on this one.
In my experience, aurora has three parts.
One part is named nail.exe--I think in \windows, but perhaps
\windows\system32.
You can defang this piece in safe mode by copying an empty file to it and
setting it as read-only.
The other two pieces are tougher. One or both of them may be named
randomly. One of them gets a new name each time its process is
restarted--and any attempt to interfere with the program will restart this
piece.
You can see this one in Microsoft Antispyware's Process Explorers--look for
process names starting with TODO: (In looking for other information about
this critter, nail.exe, aurora, and todo are all good search terms.)
You will see that if you kill this process--easy to do in Microsoft
Antispyware, and refresh the window, it will come right back with a new
name. So--for this one, take some note of the location and characteristics
of the name--'cause when you get around to looking for it, it may have a
different name.
The third piece was the one I found hardest to find. In my case, I used an
online scan from Trend Micro:
http://housecall.trendmicro.com
This spotted the main .EXE as a virus--unfortunately I don't recall which
one. I hadn't been able to see that listed in any of the system explorers
in Microsoft Antispyware, nor with RootKitRevealer, or other tools that I
tried.
So--once you know the names of all three pieces, you need to kill them all
at once.
My approach to that, once I had nailed nail.exe, was to use the Recovery
Console. This is a command line facility which may be daunting for some,
though. The other approach likely to work is Killbox:
http://www.bleepingcomputer.com/files/killbox.php
The thread in announcements also details a couple of registry entries that
will need to be edited that start up these items. You don't need to do that
right away--better to get rid of the executables, but they'll give error
messages once the executables are gone.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"Evan" <(E-Mail Removed)> wrote in message
news:17b801c54927$1ccaeba0$(E-Mail Removed)...
> No matter how many different anti-spyware type programs i
> run and no matter how many times I delete everything,
> these pop ups show up all the time.
>
> ads1.revenue.net
>
> Aurora
>
> www.loadingwebsite.com
>
> The one that is the most annoying is the one that is
> titled AURORA. I always get random pop ups and the blue
> bar on top of the pop up always says Aurora for the
> title. I dont think any program I have ran (and I have
> tried at least 8 different programs) this doesnt go
> away. The latest program I have tried is Spy Doctor and
> although it finds many different things everytime and
> says that it deletes almost all of it, when I run it
> again, most of the stuff gets detected again. Here are
> all the programs I have tried so far which haven't worked:
>
> 1. Microsoft Anti-Spyware
> 2. Spy Sweeper
> 3. Spybot
> 4. Ad Aware
> 5. Crap Cleaner
> 6. Spy Doctor
> 7. Virtual Bouncer (turns out this is adware in itself)
> 8. Defender Pro 5-In-1
>
> I know there are more I have tried but deleted and
> uninstalled but I forget them all because I have tried so
> many damn programs. Please don't recommend running
> anything in safe mode because I have done all that also.
> What else should I try?
>
>
Similar Threads
