Aurora

[Mack]

My desk top has been infected by what appears to be a
nasty trojan virus. I am protected by Mcfee AntiVirus
and by MS AntiSpyware Beta. Neither of these products
were able to stop the infection or are able to get rid of
the problem. I am looking for someone to point me to he
next step.

 

[Anonymous Bob]

My desk top has been infected by what appears to be a
nasty trojan virus. I am protected by Mcfee AntiVirus
and by MS AntiSpyware Beta. Neither of these products
were able to stop the infection or are able to get rid of
the problem. I am looking for someone to point me to he
next step.

http://aumha.org/secure.htm

This may be a good place to start.

Bob Vanderveen

 

[PHLAK]

Oh dear! I am a PC Tech and I have seen this one a few times before. Out
of the three or four times I have see this, I was only able to remove it
once, and I had to to it all manually. The other times we had to restore
the system to totally eradicate this spyware. I don't remember where the
removal instructions were, but if you do a gool search like "Aurora spyware
removal" you should probably find it. Good luck with that.

 

[Jazz]

Have a read of the following link, Mack. Hopefully, it
will resolve your issue: -

http://forums.majorgeeks.com/showthread.php?t=61234

 

[Engel]

1)Before starting download a copy of NailFix, Hijack This,
and either RegOCX or Killbox which will help unregister
stubborn files that do not want to delete.

2)Boot into Safe Mode.

3)Run Nailfix. You icons will disappear for a second or
two. This is normal.

4)Next search for and delete the following files;
nail.exe, bolger.dll, aurora.exe, svcproc.exe,
thnall1ac.html, poller.exe, uacupg.exe, DrPmon.dll.

Use Killbox or RegOCX to unregister any dlls that will not
delete then try them again. Stop any exe files that will
not delete with Task Manager then try them again.

5)Run Hijack This. check and remove any entries associated
with nail.exe or any of the other files listed above. Also
check and remove these entries if they exist:

BHO 549B5CA7-4A86-11D7-A4DF-000874180BB3
BHO FDD3B846-8D59-4ffb-8758-209B6AD74ACC
Toolbar ACB1E670-3217-45C4-A021-6B829A8A27CB

6) If you are comfortable with the registry you can also
navigate to HKEY_CurrentUser/Software/Aurora key and
delete that key (if it still exists) though it should not
be absolutely necessary to do so.

Once you reboot it should be gone. Run Hijack This again
to make sure that the entries you removed are still gone.
Check Task Manager to make sure none of the programs you
deleted are back and running. Check your Internet
connection. If you can surf for 15 minutes without an
Aurora popup then it is gone. Good luck.