can't clean various

[frustrated]

I like the program, however it can't clean Flashtrack,
abetterinternet,shopathome,dsearch,etc. These seem to be
eminating from Aurora. I have run the program regularly
(about 50 times) in normal and safe mode and have tried to
manually remove these as well. These really mess up
systems. Please help.

 

[Engel]

You have a couple of issues:
1) you have a fair amount of "stuff" (technical term) to
be removed, and 2) you've got one or more specific items
that Microsoft Antispyware isn't handling properly at the
moment--it is looping and leaking memory.

So--to get cleaned up you are going to need more than
Microsoft Antispyware.

I'd recommend going through the protocol at this link:

http://www.aumha.org/a/quickfix.htm

There are lots of steps, and a number of third-party tools
involved. When you get down to the one or two items that
are probably going to remain after the automated tools do
what they can do, there's a forum where you can post a
HijackThis log and get help with the really sticky stuff.

The list looks daunting at first, but try it out--Jim
gives clear instructions, and it isn't as complicated as
it looks at first glance.

 

[Andre Da Costa [Extended64]]

For ShopAtHome, use the following, and also send a suspected spyware report
from the tools menu in Microsoft AntiSpyware
Ad-Aware - http://www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.intermute.com/products/cwshredder.html
Spy Sweeper - http://www.webroot.com
Ccleaner - http://www.ccleaner.com

Aurora Removal from Andy:
From Andy:
Download Nailfix to your desktop

Primary:
http://www.noidea.us/easyfile/file.php?
download=20050515010747824

mirror:
http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

in Safe Mode, double-click on nailfix.bat. Your desktop
and icons will disappear and reappear, and a window
should open and close very quickly.

This will stop and delete nail.exe and svcproc.exe


Then run MS Antispy on a full system scan to remove any
other files.Ewido Security Suite and Adaware SE both
target Aurora so maybe worth trying them if you have more
problems with it.The problem is the random named file in
the system folder which will act as a re-installer each
time you reboot.Plus it changes its name whenever you
reboot.Ewido will remove those entries.Adaware will
remove Bolger and Drpmon.dll so again it could help.

AndyManchesta

Evido:
http://www.ewido.net/en/

Lavasofts Adaware:
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10399602.html?tag=list

Flash Track removal from Andy:
You may be best running some other scanners like Ad-Aware
& Spybot together with MS Antispy in safe mode because
Flashtrack can drop alot of files on your system .(Im not
sure which remover's target this but here's some help to
remove it manually)


First Check your add/remove programs screen
for 'FTApp' 'Netfilter' 'FT Remove' or 'RVP' and remove
if found as that could solve the problem.


If the add/remove entries do not exist Check your pc for
these files

You might need to enable hidden files and folders to find
them :

Go to Start then search > goto tools on the top bar> then
click Folder Options-> then goto the View tab .

make sure that 'Show hidden files and folders' is
enabled. 'Display the contents of system folders' is
checked & 'Hide extentions for known file types ' is not
checked then press apply

You can set this back later by opening the same page and
pressing 'restore defaults' then pressing apply,

Windows XP's search feature is a little different. When
searching you click on 'All files and folders' on the
left pane,
click on the 'More advanced options' at the bottom. Make
sure that Search system folders, Search hidden files and
folders, and Search subfolders are checked.




ftapp.dll
ftinstS3.exe
xclean.exe
xm320.dll
reg2.dll
flxmns10.exe
XML.dll
Xcpy1_inst.exe
flnclean.exe
flaclean.exe
Uninst.exe
flncpy.exe
Xcpy1.exe






Check your program files for folder's called "Flt" "Reg2"
or Xmod.



Use the add/remove entries if they exist.Check for the
files and the folder and reboot into safe mode if found
(reboot and keep tapping F8 then choose safe mode from
the list)


You May need to unregister the .dlls before you can
delete them but let me know if you need help with that

To unregister *.dll files

Click Start > Run.

Type, or copy and paste, the following text:

regsvr32 /u "%ProgramFiles%\reg2\reg2.dll"

then click OK.

Another example :

Click Start > Run.
Type, or copy and paste, the following text:

regsvr32 /u "%ProgramFiles%\xmod\xm320.dll"

then click OK.


After unregistering any .dll files you find Delete all
files and folder's.

Run a full system scan in safe mode with MS Antispy or
any other removers you have(Ad-Aware,Spybot,etc..) and
remove anything found


If your confident using regedit carry on this with.


Click Start, and then click Run. (The Run dialog box
appears.) Type

regedit


Then click OK. (The Registry Editor opens.)


Navigate to and delete these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\RunOnce

delete these entries- "t"="%ProgramFiles%\Xmod\xclean.exe"

- ""fln" = ""



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run


Delete - "FlnCPY" = "[path to original file]"


Delete any of these found:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{665ACD90-4541-4836-
9FE4-062386BB8F05}

HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{665ACD90-4541-
4836-9FE4-062386BB8F05}

HKEY_LOCAL_MACHINE\Software\CLASSES\InterFace\{6E83AE1C-
F69C-4AED-AF98D23C24C6FA4B}

HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{7955EA20-
E0D6-4A77-88B6-120674D979EA}

HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj.1

HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj

HKEY_LOCAL_MACHINE\Software\Netfilter

HKEY_CLASSES_ROOT\BRedObj.BRedObj.1

HKEY_CLASSES_ROOT\BRedObj.BRedObj

HKEY_CLASSES_ROOT\CLSID\{7371F073-AC0F-4b80-BB2F-
96A488CEFB32}

HKEY_CLASSES_ROOT\TypeLib\{DB9F4C00-65E8-4FA1-917B-
E4844DDF5909}

HKEY_CLASSES_ROOT\Interface\{BAEF4039-3C02-4C9E-A2F4-
87B513AB0E87}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Uninstall\Reg2

HKEY_LOCAL_MACHINE\Software\Persistent Bytes
HKEY_CLASSES_ROOT\CLSID\{63CF97E8-4133-438a-A831-
CC9C6D47D673}

HKEY_CLASSES_ROOT\TypeLib\{E6C71E83-E02B-4BC4-958D-
A9194916EC19}

HKEY_CLASSES_ROOT\Interface\{06542764-7BB2-412B-80D6-
D103D1474C93}

HKEY_CLASSES_ROOT\UnawareObj.UnawareObj

HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1

HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-
479EA31DF969}

HKEY_CLASSES_ROOT\CLSID\{5EDB03AF-0341-4e96-9E9B-
3171522E4BAF}

HKEY_CLASSES_ROOT\CLSID\{A749B4BC-7621-4a80-9220-
D0A283367DD5}

HKEY_CLASSES_ROOT\TypeLib\{48E832EC-B061-49E2-BBC1-
AC818623B742}

HKEY_CLASSES_ROOT\TypeLib\{1BD49631-AE36-42F4-A37B-
CA7F53146821

HKEY_CLASSES_ROOT\Interface\{890089B7-B385-442F-97B6-
99060E8BD08F}

HKEY_CLASSES_ROOT\Interface\{28168CCE-5310-4F12-AB58-
9DA99A55AAEB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer
\Browser Helper Objects\{7CD20E91-1F31-41da-8379-
479EA31DF969}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer
\Browser Helper Objects\{5EDB03AF-0341-4e96-9E9B-
3171522E4BAF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer
\Browser Helper Objects\{A749B4BC-7621-4a80-9220-
D0A283367DD5}

Exit RegEdit

Reboot back to normal mode and make sure its gone.Let me
know if you have any problems and i will help where i can

Regards Andy
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Alan]

Boot into Safe Mode.

Make certain to shred any files in c:\windows\prefetch
(XP only) whose filenames contain the names of any of the
infections. You can download a FREE file shredder from
download.com. Also, make certain that no web browsers
are currently running when you do this, as some code
might be linked to your web browser, which will cause the
shredding operation to fail due to the files being
currently accessed by another application (your web
browser).

Alan

-----Original Message-----
For ShopAtHome, use the following, and also send a suspected spyware report
from the tools menu in Microsoft AntiSpyware
Ad-Aware - http://www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.intermute.com/products/cwshredder.html
Spy Sweeper - http://www.webroot.com
Ccleaner - http://www.ccleaner.com

Aurora Removal from Andy:
From Andy:
Download Nailfix to your desktop

Primary:
http://www.noidea.us/easyfile/file.php?
download=20050515010747824

mirror:
http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

in Safe Mode, double-click on nailfix.bat. Your desktop
and icons will disappear and reappear, and a window
should open and close very quickly.

This will stop and delete nail.exe and svcproc.exe


Then run MS Antispy on a full system scan to remove any
other files.Ewido Security Suite and Adaware SE both
target Aurora so maybe worth trying them if you have more
problems with it.The problem is the random named file in
the system folder which will act as a re-installer each
time you reboot.Plus it changes its name whenever you
reboot.Ewido will remove those entries.Adaware will
remove Bolger and Drpmon.dll so again it could help.

AndyManchesta

Evido:
http://www.ewido.net/en/

Lavasofts Adaware:
http://www.download.com/Ad-Aware-SE-Personal- Edition/3000-8022-10399602.html?tag=list

Flash Track removal from Andy:
You may be best running some other scanners like Ad-Aware
& Spybot together with MS Antispy in safe mode because
Flashtrack can drop alot of files on your system .(Im not
sure which remover's target this but here's some help to
remove it manually)


First Check your add/remove programs screen
for 'FTApp' 'Netfilter' 'FT Remove' or 'RVP' and remove
if found as that could solve the problem.


If the add/remove entries do not exist Check your pc for
these files

You might need to enable hidden files and folders to find
them :

Go to Start then search > goto tools on the top bar> then
click Folder Options-> then goto the View tab .

make sure that 'Show hidden files and folders' is
enabled. 'Display the contents of system folders' is
checked & 'Hide extentions for known file types ' is not
checked then press apply

You can set this back later by opening the same page and
pressing 'restore defaults' then pressing apply,

Windows XP's search feature is a little different. When
searching you click on 'All files and folders' on the
left pane,
click on the 'More advanced options' at the bottom. Make
sure that Search system folders, Search hidden files and
folders, and Search subfolders are checked.




ftapp.dll
ftinstS3.exe
xclean.exe
xm320.dll
reg2.dll
flxmns10.exe
XML.dll
Xcpy1_inst.exe
flnclean.exe
flaclean.exe
Uninst.exe
flncpy.exe
Xcpy1.exe






Check your program files for folder's called "Flt" "Reg2"
or Xmod.



Use the add/remove entries if they exist.Check for the
files and the folder and reboot into safe mode if found
(reboot and keep tapping F8 then choose safe mode from
the list)


You May need to unregister the .dlls before you can
delete them but let me know if you need help with that

To unregister *.dll files

Click Start > Run.

Type, or copy and paste, the following text:

regsvr32 /u "%ProgramFiles%\reg2\reg2.dll"

then click OK.

Another example :

Click Start > Run.
Type, or copy and paste, the following text:

regsvr32 /u "%ProgramFiles%\xmod\xm320.dll"

then click OK.


After unregistering any .dll files you find Delete all
files and folder's.

Run a full system scan in safe mode with MS Antispy or
any other removers you have(Ad-Aware,Spybot,etc..) and
remove anything found


If your confident using regedit carry on this with.


Click Start, and then click Run. (The Run dialog box
appears.) Type

regedit


Then click OK. (The Registry Editor opens.)


Navigate to and delete these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers i
on\RunOnce

delete these entries- "t"="%ProgramFiles% \Xmod\xclean.exe"

- ""fln" = ""



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers i
on\Run


Delete - "FlnCPY" = "[path to original file]"


Delete any of these found:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers i
on\Explorer\Browser Helper Objects\{665ACD90-4541-4836-
9FE4-062386BB8F05}

HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{665ACD90-4541-
4836-9FE4-062386BB8F05}

HKEY_LOCAL_MACHINE\Software\CLASSES\InterFace\{6E83AE1C-
F69C-4AED-AF98D23C24C6FA4B}

HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{7955EA20-
E0D6-4A77-88B6-120674D979EA}

HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj.1

HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj

HKEY_LOCAL_MACHINE\Software\Netfilter

HKEY_CLASSES_ROOT\BRedObj.BRedObj.1

HKEY_CLASSES_ROOT\BRedObj.BRedObj

HKEY_CLASSES_ROOT\CLSID\{7371F073-AC0F-4b80-BB2F-
96A488CEFB32}

HKEY_CLASSES_ROOT\TypeLib\{DB9F4C00-65E8-4FA1-917B-
E4844DDF5909}

HKEY_CLASSES_ROOT\Interface\{BAEF4039-3C02-4C9E-A2F4-
87B513AB0E87}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers i
on\Uninstall\Reg2

HKEY_LOCAL_MACHINE\Software\Persistent Bytes
HKEY_CLASSES_ROOT\CLSID\{63CF97E8-4133-438a-A831-
CC9C6D47D673}

HKEY_CLASSES_ROOT\TypeLib\{E6C71E83-E02B-4BC4-958D-
A9194916EC19}

HKEY_CLASSES_ROOT\Interface\{06542764-7BB2-412B-80D6-
D103D1474C93}

HKEY_CLASSES_ROOT\UnawareObj.UnawareObj

HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1

HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-
479EA31DF969}

HKEY_CLASSES_ROOT\CLSID\{5EDB03AF-0341-4e96-9E9B-
3171522E4BAF}

HKEY_CLASSES_ROOT\CLSID\{A749B4BC-7621-4a80-9220-
D0A283367DD5}

HKEY_CLASSES_ROOT\TypeLib\{48E832EC-B061-49E2-BBC1-
AC818623B742}

HKEY_CLASSES_ROOT\TypeLib\{1BD49631-AE36-42F4-A37B-
CA7F53146821

HKEY_CLASSES_ROOT\Interface\{890089B7-B385-442F-97B6-
99060E8BD08F}

HKEY_CLASSES_ROOT\Interface\{28168CCE-5310-4F12-AB58-
9DA99A55AAEB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers i
on\Explorer
\Browser Helper Objects\{7CD20E91-1F31-41da-8379-
479EA31DF969}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers i
on\Explorer
\Browser Helper Objects\{5EDB03AF-0341-4e96-9E9B-
3171522E4BAF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers i
on\Explorer
\Browser Helper Objects\{A749B4BC-7621-4a80-9220-
D0A283367DD5}

Exit RegEdit

Reboot back to normal mode and make sure its gone.Let me
know if you have any problems and i will help where i can

Regards Andy
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

I like the program, however it can't clean Flashtrack,
abetterinternet,shopathome,dsearch,etc. These seem to be
eminating from Aurora. I have run the program regularly
(about 50 times) in normal and safe mode and have tried to
manually remove these as well. These really mess up
systems. Please help.

.