L
lovestoknit
Can anyone tell me why Aurora continues to pop-up after
running the MS Antispyware? I can't seem to completely
remove it.
Thanks!
lovestoknit
running the MS Antispyware? I can't seem to completely
remove it.
Thanks!
lovestoknit
A
Andre Da Costa
Subject: Re: Aurora
From: "Andre Da Costa" <[email protected]> Sent:
5/29/2005 1:47:55 PM
From Andy & Plun:
Aurora Removal:
News from webhelper4u about removal with
mypctuneup......
http://www.webhelper4u.com/tnewswritigs/mypctuneup5252005.h
tml
Uninstall file:
http://www.mypctuneup.com/
Download CCleaner and remove all temporarily junk.
www.ccleaner.com
HijackThis download:
http://www.merijn.org/files/hijackthis.zip
Lavasofts Adaware:
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022-10319876.html?tag=list
I agree the transpnders gang are very nasty and can be
very difficult to remove fully
File names related to this variant are:
Poller.exe, uacupg.exe(random name) , Nail.exe,
thnall1ac.html(random name)DrPMon.dll, svcproc.exe.
The Nail.exe is the main reinfestational agent which also
creates a random named exe file in the %window% %system%
folder that is 74kb in size and the name in the properties
will possibly show: TODO.
The windows service file could be C:\WINDOWS\svcproc.exe
To check for this go to the run command and type
services.msc.
In the services window that opens,press name to sort into
alphabetical order,check for System Startup Service,if you
find it right click it and choose disable in the dropdown
box. Then hit the Stop button.
Download these programs :
Download Ccleaner (Removes temp & unused files)
http://download.ccleaner.com/download119bin.asp
Download the BetterInternet/Nail/Bolger/Aurora Remover
http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3240.0;id=292
Download the Remover to your desktop
Download Hijack this:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Download to either the desktop or c/drive
Download Killbox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Removal:
Reboot into safemode
start the ABIRemover.exe, press install, wait (explorer
window will disapear)
Run hijackthis and save the logfile what you are looking
for are entries like this but if your unsure post the log
back before fixing
Tick to fix :-
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [iMiDA] C:\WINDOWS\kkuibquo.exe (this
file changes it's name every time you boot - but it will
be in the same place in the log)
O23 - Service: System Startup Service (SvcProc) - Unknown
owner - C:\WINDOWS\svcproc.exe
Close all other open windows and choose fix checked
Run the Killbox.exe file
check the box "Delete on Reboot"
copy and paste the following line bold into the "Full Path
of File to Delete" box in Killbox
C:\WINDOWS\svcproc.exe
click the red button with the white X on it
It will ask you if you want to reboot ... say "NO"
copy and paste the following bold line into the "Full Path
of File to Delete" box in Killbox
C:\WINDOWS\Nail.exe
click the red button with the white X on it
It will ask you if you want to reboot ... say "NO"
copy and paste the following bold line into the "Full Path
of File to Delete" box in Killbox
C:\WINDOWS\kkuibquo.exe ... this name changes, use hijack
this to find the name on yours.
click the red button with the white X on it
It will ask you if you want to reboot ... say "YES"
Let it reboot
When you get back in normal mode run Ccleaner to remove
any other traces of this in the temp files.If this doesnt
fix it for you or you cannot find some of the files then
Another usefull tool for this is FindIt's
Download FindIt's.zip to your desktop. >
http://forums.net-integration.net/index.php?
act=Attach&type=post&id=142443
2. Unzip/extract the files inside open the folder
3. Run the FindIt's.bat and wait for a text to open,
4. copy & paste the contents of the text file in your next
reply here.
Good luck
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
From: "Andre Da Costa" <[email protected]> Sent:
5/29/2005 1:47:55 PM
From Andy & Plun:
Aurora Removal:
News from webhelper4u about removal with
mypctuneup......
http://www.webhelper4u.com/tnewswritigs/mypctuneup5252005.h
tml
Uninstall file:
http://www.mypctuneup.com/
Download CCleaner and remove all temporarily junk.
www.ccleaner.com
HijackThis download:
http://www.merijn.org/files/hijackthis.zip
Lavasofts Adaware:
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-
8022-10319876.html?tag=list
I agree the transpnders gang are very nasty and can be
very difficult to remove fully
File names related to this variant are:
Poller.exe, uacupg.exe(random name) , Nail.exe,
thnall1ac.html(random name)DrPMon.dll, svcproc.exe.
The Nail.exe is the main reinfestational agent which also
creates a random named exe file in the %window% %system%
folder that is 74kb in size and the name in the properties
will possibly show: TODO.
The windows service file could be C:\WINDOWS\svcproc.exe
To check for this go to the run command and type
services.msc.
In the services window that opens,press name to sort into
alphabetical order,check for System Startup Service,if you
find it right click it and choose disable in the dropdown
box. Then hit the Stop button.
Download these programs :
Download Ccleaner (Removes temp & unused files)
http://download.ccleaner.com/download119bin.asp
Download the BetterInternet/Nail/Bolger/Aurora Remover
http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3240.0;id=292
Download the Remover to your desktop
Download Hijack this:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Download to either the desktop or c/drive
Download Killbox
http://www.bleepingcomputer.com/files/spyware/KillBox.zip
Removal:
Reboot into safemode
start the ABIRemover.exe, press install, wait (explorer
window will disapear)
Run hijackthis and save the logfile what you are looking
for are entries like this but if your unsure post the log
back before fixing
Tick to fix :-
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [iMiDA] C:\WINDOWS\kkuibquo.exe (this
file changes it's name every time you boot - but it will
be in the same place in the log)
O23 - Service: System Startup Service (SvcProc) - Unknown
owner - C:\WINDOWS\svcproc.exe
Close all other open windows and choose fix checked
Run the Killbox.exe file
check the box "Delete on Reboot"
copy and paste the following line bold into the "Full Path
of File to Delete" box in Killbox
C:\WINDOWS\svcproc.exe
click the red button with the white X on it
It will ask you if you want to reboot ... say "NO"
copy and paste the following bold line into the "Full Path
of File to Delete" box in Killbox
C:\WINDOWS\Nail.exe
click the red button with the white X on it
It will ask you if you want to reboot ... say "NO"
copy and paste the following bold line into the "Full Path
of File to Delete" box in Killbox
C:\WINDOWS\kkuibquo.exe ... this name changes, use hijack
this to find the name on yours.
click the red button with the white X on it
It will ask you if you want to reboot ... say "YES"
Let it reboot
When you get back in normal mode run Ccleaner to remove
any other traces of this in the temp files.If this doesnt
fix it for you or you cannot find some of the files then
Another usefull tool for this is FindIt's
Download FindIt's.zip to your desktop. >
http://forums.net-integration.net/index.php?
act=Attach&type=post&id=142443
2. Unzip/extract the files inside open the folder
3. Run the FindIt's.bat and wait for a text to open,
4. copy & paste the contents of the text file in your next
reply here.
Good luck
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
D
dctrw
I have the same problem. MS Antispyware AND my antivirus
program both recognize the spyware, and MS Antispy seems
to remove it. However, within hours (minutes sometimes),
I receive another warning from my antivirus program
recommending that I block another attempt by Aurora to
access the internet.
There's a special corner of hell for the people who write
this spyware crap.
program both recognize the spyware, and MS Antispy seems
to remove it. However, within hours (minutes sometimes),
I receive another warning from my antivirus program
recommending that I block another attempt by Aurora to
access the internet.
There's a special corner of hell for the people who write
this spyware crap.
P
plun
dctrw pretended :
Hi
Here you have them, all of them lives in US I believe........ but
maybe they have some underground connections.
http://direct-revenue.com/dr_team.php
More about these
http://www.webhelper4u.com/
Letter to Cunterspy is interresting....
Hi
Here you have them, all of them lives in US I believe........ but
maybe they have some underground connections.
http://direct-revenue.com/dr_team.php
More about these
http://www.webhelper4u.com/
Letter to Cunterspy is interresting....