Aurora and System Explorers

M

M.A. Heckman

Two things:

A) Deciding to test the waters with MSAS, I downloaded a
really nasty piece of spyware. MSAS got most of it except
the Aurora component. All it would detect was everytime it
wanted to add itself to my startup registry. It couldn't
find the orignal program (Note: neither could Norton or any
other program I had). I had to go in to my Windows folder
and find the executive that kept replicating the program
(nail.exe) in my windows/system32 folder as a random six
character executive. This file would add itself to my
running programs under the title "TODO: <product name>" and
everytime I would end the process, the program would
replicate in a matter of miliseconds. Tough bugger. You
probably have this spyware if you see popups with the
heading of "Aurora" while you are browsing. This site
helped out a lot in getting rid of the program:
http://www.bullguard.com/forum/12/Aurora-Spyware_13085.html

B) After ridding myself of this spyware, I have now noticed
that on the menu bar to the left when I click on System
Explorers under Advanced Tools is blank. There are no
options there anymore. What gives? I've updated to the
newest version, uninstalled and reinstalled, etc. Any
help, similar cases?
 
M

M.A. Heckman

Ahh...found my own answer for the second part, and it works!:

Subject: Re: Missing "System Explorers" under Advanced Tools
From: "Bill Sanderson" <[email protected]>
Sent: 4/24/2005 5:53:46 PM

This is the current fix for the issue, direct from
Microsoft (and with
attests here that it works
-------------------------
We believe we have a workaround which is better than
installing the VB6 SP.
Can we have users who experience this problem try the
following:

1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without
the quotes).
3) Close and re-open Windows AntiSpyware

Please let me know if this is working.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and
confers no rights.
Use of included script samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all
responses to this
message are best directed to the newsgroup/thread from
which they
originated.



--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Randy Knobloch said:
I have a poster elsewhere that cannot enable System Explorers in
Advanced Tools. The 'header' displays but nothing is visible.
Poster has attempted a repair and re-install, with no joy.

Any suggestions?

TIA.

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
__________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)
Click to expand...


..
 
R

Ron Kinner

Talk about jumping out of a plane to see if your parachute
works! I hope you planned on reformatting if it didn't
work.

Did you find a way to kill the Key files associated with
this adware: aurareco.exe, dc1.exe, dc2.exe, dc3.exe,
nail.exe, appqq*.exe or did you just do the uninstall from
mypctuneup.com? If the latter then you might want to read
what this guy says about your uninstall from
mypctuneup.com.


http://www.webhelper4u.com/tnewswritigs/mypctuneupmain.html

Ron
 
B

Bill Sanderson

That issue wasn't caused by Aurora, I don't believe. More likely by some
component from Symantec which you may have loaded or tested in trying to get
clean.

I've cleaned Aurora by hand myself, and it was a good puzzle. In the end, I
was able to ID two of the pieces myself--the TODO random piece via Microsoft
Antispyware's system explorers, Nail.exe (I forget how!), The third piece,
which on my version was a longer (8 character) random name--I couldn't see
with any tool I tried. However, Trend Micro's online
scanner--housecall.trendmicro.com spotted it.

It was active even in safe mode, so I used the recovery consoles
command-line facility to clean up all three pieces at the same time, which
fortunately worked.

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

M.A. Heckman said:
Ahh...found my own answer for the second part, and it works!:

Subject: Re: Missing "System Explorers" under Advanced Tools
From: "Bill Sanderson" <[email protected]>
Sent: 4/24/2005 5:53:46 PM

This is the current fix for the issue, direct from
Microsoft (and with
attests here that it works
-------------------------
We believe we have a workaround which is better than
installing the VB6 SP.
Can we have users who experience this problem try the
following:

1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without
the quotes).
3) Close and re-open Windows AntiSpyware

Please let me know if this is working.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and
confers no rights.
Use of included script samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all
responses to this
message are best directed to the newsgroup/thread from
which they
originated.



--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Randy Knobloch said:
I have a poster elsewhere that cannot enable System Explorers in
Advanced Tools. The 'header' displays but nothing is visible.
Poster has attempted a repair and re-install, with no joy.

Any suggestions?

TIA.

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
__________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)
Click to expand...


.
Click to expand...
 
M

M.A. Heckman

Well I was only half aware that I was getting the Aurora
spyware stuff. I thought I was getting some normal run of
the mill spyware (which I did and MSAS found and cleaned up
expertly). So it's more like I did a quick check for the
parachute before I jumped, THEN jumped only to release the
"parachute" was a picnic blanket. ;) Thankfully I found a
way to make a makeshift parachute out of it.

I did use the uninstall from mypctuneup, and I just now
went through to check if any of the additionaly spyware was
loaded because of it (courtesy of that link you gave me)
and there wasn't. I had removed a majority of Aurora by
hand, but I used mypctuneup just because I was curious.

And no need to worry about reformatting, I was doing this
all on a spare parts computer that I have for tinkering with.

Thanks guys.

-----Original Message-----
That issue wasn't caused by Aurora, I don't believe. More likely by some
component from Symantec which you may have loaded or tested in trying to get
clean.

I've cleaned Aurora by hand myself, and it was a good puzzle. In the end, I
was able to ID two of the pieces myself--the TODO random piece via Microsoft
Antispyware's system explorers, Nail.exe (I forget how!), The third piece,
which on my version was a longer (8 character) random name--I couldn't see
with any tool I tried. However, Trend Micro's online
scanner--housecall.trendmicro.com spotted it.

It was active even in safe mode, so I used the recovery consoles
command-line facility to clean up all three pieces at the same time, which
fortunately worked.

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

M.A. Heckman said:
Ahh...found my own answer for the second part, and it works!:

Subject: Re: Missing "System Explorers" under Advanced Tools
From: "Bill Sanderson" <[email protected]>
Sent: 4/24/2005 5:53:46 PM

This is the current fix for the issue, direct from
Microsoft (and with
attests here that it works
-------------------------
We believe we have a workaround which is better than
installing the VB6 SP.
Can we have users who experience this problem try the
following:

1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without
the quotes).
3) Close and re-open Windows AntiSpyware

Please let me know if this is working.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and
confers no rights.
Use of included script samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all
responses to this
message are best directed to the newsgroup/thread from
which they
originated.



--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

news:[email protected]...
I have a poster elsewhere that cannot enable System Explorers in
Advanced Tools. The 'header' displays but nothing is visible.
Poster has attempted a repair and re-install, with no joy.

Any suggestions?

TIA.

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
__________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

(Reply to group, as return address
is invalid - that we may all benefit)
Click to expand...


.
Click to expand...


.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Aurora...new file discovery 14
AURORA pop up...and others 2
My Experience with Aurora 6
News from the Spyware Front 3
System explorers 5
Where are my System Explorers? 2
System Explorers Missing/Disabled? 1
Missing System Explorers 3

Top