can't clean various

Discussion in 'Spyware Discussion' started by frustrated, Aug 5, 2005.

  1. frustrated

    frustrated Guest

    I like the program, however it can't clean Flashtrack,
    abetterinternet,shopathome,dsearch,etc. These seem to be
    eminating from Aurora. I have run the program regularly
    (about 50 times) in normal and safe mode and have tried to
    manually remove these as well. These really mess up
    systems. Please help.
     
    frustrated, Aug 5, 2005
    #1
    1. Advertisements

  2. frustrated

    Engel Guest

    RE can't clean various

    You have a couple of issues:
    1) you have a fair amount of "stuff" (technical term) to
    be removed, and 2) you've got one or more specific items
    that Microsoft Antispyware isn't handling properly at the
    moment--it is looping and leaking memory.

    So--to get cleaned up you are going to need more than
    Microsoft Antispyware.

    I'd recommend going through the protocol at this link:

    http://www.aumha.org/a/quickfix.htm

    There are lots of steps, and a number of third-party tools
    involved. When you get down to the one or two items that
    are probably going to remain after the automated tools do
    what they can do, there's a forum where you can post a
    HijackThis log and get help with the really sticky stuff.

    The list looks daunting at first, but try it out--Jim
    gives clear instructions, and it isn't as complicated as
    it looks at first glance.
    >-----Original Message-----
    >I like the program, however it can't clean Flashtrack,
    >abetterinternet,shopathome,dsearch,etc. These seem to be
    >eminating from Aurora. I have run the program regularly
    >(about 50 times) in normal and safe mode and have tried to
    >manually remove these as well. These really mess up
    >systems. Please help.
    >.
    >
     
    Engel, Aug 5, 2005
    #2
    1. Advertisements

  3. For ShopAtHome, use the following, and also send a suspected spyware report
    from the tools menu in Microsoft AntiSpyware
    Ad-Aware - http://www.lavasoftusa.com
    Spybot - http://www.safer-networking.org/
    CWShredder - http://www.intermute.com/products/cwshredder.html
    Spy Sweeper - http://www.webroot.com
    Ccleaner - http://www.ccleaner.com

    Aurora Removal from Andy:
    From Andy:
    Download Nailfix to your desktop

    Primary:
    http://www.noidea.us/easyfile/file.php?
    download=20050515010747824

    mirror:
    http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix


    Reboot into safe mode (Reboot and keep tapping F8 then
    choose safe mode from the list)

    in Safe Mode, double-click on nailfix.bat. Your desktop
    and icons will disappear and reappear, and a window
    should open and close very quickly.

    This will stop and delete nail.exe and svcproc.exe


    Then run MS Antispy on a full system scan to remove any
    other files.Ewido Security Suite and Adaware SE both
    target Aurora so maybe worth trying them if you have more
    problems with it.The problem is the random named file in
    the system folder which will act as a re-installer each
    time you reboot.Plus it changes its name whenever you
    reboot.Ewido will remove those entries.Adaware will
    remove Bolger and Drpmon.dll so again it could help.

    AndyManchesta

    Evido:
    http://www.ewido.net/en/

    Lavasofts Adaware:
    http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10399602.html?tag=list

    Flash Track removal from Andy:
    You may be best running some other scanners like Ad-Aware
    & Spybot together with MS Antispy in safe mode because
    Flashtrack can drop alot of files on your system .(Im not
    sure which remover's target this but here's some help to
    remove it manually)


    First Check your add/remove programs screen
    for 'FTApp' 'Netfilter' 'FT Remove' or 'RVP' and remove
    if found as that could solve the problem.


    If the add/remove entries do not exist Check your pc for
    these files

    You might need to enable hidden files and folders to find
    them :

    Go to Start then search > goto tools on the top bar> then
    click Folder Options-> then goto the View tab .

    make sure that 'Show hidden files and folders' is
    enabled. 'Display the contents of system folders' is
    checked & 'Hide extentions for known file types ' is not
    checked then press apply

    You can set this back later by opening the same page and
    pressing 'restore defaults' then pressing apply,

    Windows XP's search feature is a little different. When
    searching you click on 'All files and folders' on the
    left pane,
    click on the 'More advanced options' at the bottom. Make
    sure that Search system folders, Search hidden files and
    folders, and Search subfolders are checked.




    ftapp.dll
    ftinstS3.exe
    xclean.exe
    xm320.dll
    reg2.dll
    flxmns10.exe
    XML.dll
    Xcpy1_inst.exe
    flnclean.exe
    flaclean.exe
    Uninst.exe
    flncpy.exe
    Xcpy1.exe






    Check your program files for folder's called "Flt" "Reg2"
    or Xmod.



    Use the add/remove entries if they exist.Check for the
    files and the folder and reboot into safe mode if found
    (reboot and keep tapping F8 then choose safe mode from
    the list)


    You May need to unregister the .dlls before you can
    delete them but let me know if you need help with that

    To unregister *.dll files

    Click Start > Run.

    Type, or copy and paste, the following text:

    regsvr32 /u "%ProgramFiles%\reg2\reg2.dll"

    then click OK.

    Another example :

    Click Start > Run.
    Type, or copy and paste, the following text:

    regsvr32 /u "%ProgramFiles%\xmod\xm320.dll"

    then click OK.


    After unregistering any .dll files you find Delete all
    files and folder's.

    Run a full system scan in safe mode with MS Antispy or
    any other removers you have(Ad-Aware,Spybot,etc..) and
    remove anything found


    If your confident using regedit carry on this with.


    Click Start, and then click Run. (The Run dialog box
    appears.) Type

    regedit


    Then click OK. (The Registry Editor opens.)


    Navigate to and delete these registry keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\RunOnce

    delete these entries- "t"="%ProgramFiles%\Xmod\xclean.exe"

    - ""fln" = ""



    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\Run


    Delete - "FlnCPY" = "[path to original file]"


    Delete any of these found:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
    on\Explorer\Browser Helper Objects\{665ACD90-4541-4836-
    9FE4-062386BB8F05}

    HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{665ACD90-4541-
    4836-9FE4-062386BB8F05}

    HKEY_LOCAL_MACHINE\Software\CLASSES\InterFace\{6E83AE1C-
    F69C-4AED-AF98D23C24C6FA4B}

    HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{7955EA20-
    E0D6-4A77-88B6-120674D979EA}

    HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj.1

    HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj

    HKEY_LOCAL_MACHINE\Software\Netfilter

    HKEY_CLASSES_ROOT\BRedObj.BRedObj.1

    HKEY_CLASSES_ROOT\BRedObj.BRedObj

    HKEY_CLASSES_ROOT\CLSID\{7371F073-AC0F-4b80-BB2F-
    96A488CEFB32}

    HKEY_CLASSES_ROOT\TypeLib\{DB9F4C00-65E8-4FA1-917B-
    E4844DDF5909}

    HKEY_CLASSES_ROOT\Interface\{BAEF4039-3C02-4C9E-A2F4-
    87B513AB0E87}

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
    on\Uninstall\Reg2

    HKEY_LOCAL_MACHINE\Software\Persistent Bytes
    HKEY_CLASSES_ROOT\CLSID\{63CF97E8-4133-438a-A831-
    CC9C6D47D673}

    HKEY_CLASSES_ROOT\TypeLib\{E6C71E83-E02B-4BC4-958D-
    A9194916EC19}

    HKEY_CLASSES_ROOT\Interface\{06542764-7BB2-412B-80D6-
    D103D1474C93}

    HKEY_CLASSES_ROOT\UnawareObj.UnawareObj

    HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1

    HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-
    479EA31DF969}

    HKEY_CLASSES_ROOT\CLSID\{5EDB03AF-0341-4e96-9E9B-
    3171522E4BAF}

    HKEY_CLASSES_ROOT\CLSID\{A749B4BC-7621-4a80-9220-
    D0A283367DD5}

    HKEY_CLASSES_ROOT\TypeLib\{48E832EC-B061-49E2-BBC1-
    AC818623B742}

    HKEY_CLASSES_ROOT\TypeLib\{1BD49631-AE36-42F4-A37B-
    CA7F53146821

    HKEY_CLASSES_ROOT\Interface\{890089B7-B385-442F-97B6-
    99060E8BD08F}

    HKEY_CLASSES_ROOT\Interface\{28168CCE-5310-4F12-AB58-
    9DA99A55AAEB}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\Explorer
    \Browser Helper Objects\{7CD20E91-1F31-41da-8379-
    479EA31DF969}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\Explorer
    \Browser Helper Objects\{5EDB03AF-0341-4e96-9E9B-
    3171522E4BAF}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
    on\Explorer
    \Browser Helper Objects\{A749B4BC-7621-4a80-9220-
    D0A283367DD5}

    Exit RegEdit

    Reboot back to normal mode and make sure its gone.Let me
    know if you have any problems and i will help where i can

    Regards Andy
    --
    Andre
    Extended64 | http://www.extended64.com
    Blog | http://www.extended64.com/blogs/andre
    http://spaces.msn.com/members/adacosta
    FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    "frustrated" <> wrote in message
    news:071601c599d1$ae3af080$...
    >I like the program, however it can't clean Flashtrack,
    > abetterinternet,shopathome,dsearch,etc. These seem to be
    > eminating from Aurora. I have run the program regularly
    > (about 50 times) in normal and safe mode and have tried to
    > manually remove these as well. These really mess up
    > systems. Please help.
     
    Andre Da Costa [Extended64], Aug 5, 2005
    #3
  4. frustrated

    Alan Guest

    Boot into Safe Mode.

    Make certain to shred any files in c:\windows\prefetch
    (XP only) whose filenames contain the names of any of the
    infections. You can download a FREE file shredder from
    download.com. Also, make certain that no web browsers
    are currently running when you do this, as some code
    might be linked to your web browser, which will cause the
    shredding operation to fail due to the files being
    currently accessed by another application (your web
    browser).

    Alan

    >-----Original Message-----
    >For ShopAtHome, use the following, and also send a

    suspected spyware report
    >from the tools menu in Microsoft AntiSpyware
    >Ad-Aware - http://www.lavasoftusa.com
    >Spybot - http://www.safer-networking.org/
    >CWShredder -

    http://www.intermute.com/products/cwshredder.html
    >Spy Sweeper - http://www.webroot.com
    >Ccleaner - http://www.ccleaner.com
    >
    >Aurora Removal from Andy:
    >From Andy:
    >Download Nailfix to your desktop
    >
    >Primary:
    >http://www.noidea.us/easyfile/file.php?
    >download=20050515010747824
    >
    >mirror:
    >http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix
    >
    >
    >Reboot into safe mode (Reboot and keep tapping F8 then
    >choose safe mode from the list)
    >
    >in Safe Mode, double-click on nailfix.bat. Your desktop
    >and icons will disappear and reappear, and a window
    >should open and close very quickly.
    >
    >This will stop and delete nail.exe and svcproc.exe
    >
    >
    >Then run MS Antispy on a full system scan to remove any
    >other files.Ewido Security Suite and Adaware SE both
    >target Aurora so maybe worth trying them if you have more
    >problems with it.The problem is the random named file in
    >the system folder which will act as a re-installer each
    >time you reboot.Plus it changes its name whenever you
    >reboot.Ewido will remove those entries.Adaware will
    >remove Bolger and Drpmon.dll so again it could help.
    >
    >AndyManchesta
    >
    >Evido:
    >http://www.ewido.net/en/
    >
    >Lavasofts Adaware:
    >http://www.download.com/Ad-Aware-SE-Personal-

    Edition/3000-8022-10399602.html?tag=list
    >
    >Flash Track removal from Andy:
    >You may be best running some other scanners like Ad-Aware
    >& Spybot together with MS Antispy in safe mode because
    >Flashtrack can drop alot of files on your system .(Im not
    >sure which remover's target this but here's some help to
    >remove it manually)
    >
    >
    >First Check your add/remove programs screen
    >for 'FTApp' 'Netfilter' 'FT Remove' or 'RVP' and remove
    >if found as that could solve the problem.
    >
    >
    >If the add/remove entries do not exist Check your pc for
    >these files
    >
    >You might need to enable hidden files and folders to find
    >them :
    >
    >Go to Start then search > goto tools on the top bar> then
    >click Folder Options-> then goto the View tab .
    >
    >make sure that 'Show hidden files and folders' is
    >enabled. 'Display the contents of system folders' is
    >checked & 'Hide extentions for known file types ' is not
    >checked then press apply
    >
    >You can set this back later by opening the same page and
    >pressing 'restore defaults' then pressing apply,
    >
    >Windows XP's search feature is a little different. When
    >searching you click on 'All files and folders' on the
    >left pane,
    >click on the 'More advanced options' at the bottom. Make
    >sure that Search system folders, Search hidden files and
    >folders, and Search subfolders are checked.
    >
    >
    >
    >
    >ftapp.dll
    >ftinstS3.exe
    >xclean.exe
    >xm320.dll
    >reg2.dll
    >flxmns10.exe
    >XML.dll
    >Xcpy1_inst.exe
    >flnclean.exe
    >flaclean.exe
    >Uninst.exe
    >flncpy.exe
    >Xcpy1.exe
    >
    >
    >
    >
    >
    >
    >Check your program files for folder's called "Flt" "Reg2"
    >or Xmod.
    >
    >
    >
    >Use the add/remove entries if they exist.Check for the
    >files and the folder and reboot into safe mode if found
    >(reboot and keep tapping F8 then choose safe mode from
    >the list)
    >
    >
    >You May need to unregister the .dlls before you can
    >delete them but let me know if you need help with that
    >
    >To unregister *.dll files
    >
    >Click Start > Run.
    >
    >Type, or copy and paste, the following text:
    >
    >regsvr32 /u "%ProgramFiles%\reg2\reg2.dll"
    >
    >then click OK.
    >
    >Another example :
    >
    >Click Start > Run.
    >Type, or copy and paste, the following text:
    >
    >regsvr32 /u "%ProgramFiles%\xmod\xm320.dll"
    >
    >then click OK.
    >
    >
    >After unregistering any .dll files you find Delete all
    >files and folder's.
    >
    >Run a full system scan in safe mode with MS Antispy or
    >any other removers you have(Ad-Aware,Spybot,etc..) and
    >remove anything found
    >
    >
    >If your confident using regedit carry on this with.
    >
    >
    >Click Start, and then click Run. (The Run dialog box
    >appears.) Type
    >
    >regedit
    >
    >
    >Then click OK. (The Registry Editor opens.)
    >
    >
    >Navigate to and delete these registry keys:
    >
    >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers

    i
    >on\RunOnce
    >
    >delete these entries- "t"="%ProgramFiles%

    \Xmod\xclean.exe"
    >
    > - ""fln" = ""
    >
    >
    >
    >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers

    i
    >on\Run
    >
    >
    > Delete - "FlnCPY" = "[path to original file]"
    >
    >
    >Delete any of these found:
    >
    >HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers

    i
    >on\Explorer\Browser Helper Objects\{665ACD90-4541-4836-
    >9FE4-062386BB8F05}
    >
    >HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{665ACD90-4541-
    >4836-9FE4-062386BB8F05}
    >
    >HKEY_LOCAL_MACHINE\Software\CLASSES\InterFace\{6E83AE1C-
    >F69C-4AED-AF98D23C24C6FA4B}
    >
    >HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{7955EA20-
    >E0D6-4A77-88B6-120674D979EA}
    >
    >HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj.1
    >
    >HKEY_LOCAL_MACHINE\Software\CLASSES\BRedObj.BRedObj
    >
    >HKEY_LOCAL_MACHINE\Software\Netfilter
    >
    >HKEY_CLASSES_ROOT\BRedObj.BRedObj.1
    >
    >HKEY_CLASSES_ROOT\BRedObj.BRedObj
    >
    >HKEY_CLASSES_ROOT\CLSID\{7371F073-AC0F-4b80-BB2F-
    >96A488CEFB32}
    >
    >HKEY_CLASSES_ROOT\TypeLib\{DB9F4C00-65E8-4FA1-917B-
    >E4844DDF5909}
    >
    >HKEY_CLASSES_ROOT\Interface\{BAEF4039-3C02-4C9E-A2F4-
    >87B513AB0E87}
    >
    >HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVers

    i
    >on\Uninstall\Reg2
    >
    >HKEY_LOCAL_MACHINE\Software\Persistent Bytes
    >HKEY_CLASSES_ROOT\CLSID\{63CF97E8-4133-438a-A831-
    >CC9C6D47D673}
    >
    >HKEY_CLASSES_ROOT\TypeLib\{E6C71E83-E02B-4BC4-958D-
    >A9194916EC19}
    >
    >HKEY_CLASSES_ROOT\Interface\{06542764-7BB2-412B-80D6-
    >D103D1474C93}
    >
    >HKEY_CLASSES_ROOT\UnawareObj.UnawareObj
    >
    >HKEY_CLASSES_ROOT\UnawareObj.UnawareObj.1
    >
    >HKEY_CLASSES_ROOT\CLSID\{7CD20E91-1F31-41da-8379-
    >479EA31DF969}
    >
    >HKEY_CLASSES_ROOT\CLSID\{5EDB03AF-0341-4e96-9E9B-
    >3171522E4BAF}
    >
    >HKEY_CLASSES_ROOT\CLSID\{A749B4BC-7621-4a80-9220-
    >D0A283367DD5}
    >
    >HKEY_CLASSES_ROOT\TypeLib\{48E832EC-B061-49E2-BBC1-
    >AC818623B742}
    >
    >HKEY_CLASSES_ROOT\TypeLib\{1BD49631-AE36-42F4-A37B-
    >CA7F53146821
    >
    >HKEY_CLASSES_ROOT\Interface\{890089B7-B385-442F-97B6-
    >99060E8BD08F}
    >
    >HKEY_CLASSES_ROOT\Interface\{28168CCE-5310-4F12-AB58-
    >9DA99A55AAEB}
    >
    >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers

    i
    >on\Explorer
    >\Browser Helper Objects\{7CD20E91-1F31-41da-8379-
    >479EA31DF969}
    >
    >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers

    i
    >on\Explorer
    >\Browser Helper Objects\{5EDB03AF-0341-4e96-9E9B-
    >3171522E4BAF}
    >
    >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers

    i
    >on\Explorer
    >\Browser Helper Objects\{A749B4BC-7621-4a80-9220-
    >D0A283367DD5}
    >
    >Exit RegEdit
    >
    >Reboot back to normal mode and make sure its gone.Let me
    >know if you have any problems and i will help where i can
    >
    >Regards Andy
    >--
    >Andre
    >Extended64 | http://www.extended64.com
    >Blog | http://www.extended64.com/blogs/andre
    >http://spaces.msn.com/members/adacosta
    >FAQ for MS AntiSpy

    http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
    >"frustrated" <> wrote

    in message
    >news:071601c599d1$ae3af080$...
    >>I like the program, however it can't clean Flashtrack,
    >> abetterinternet,shopathome,dsearch,etc. These seem to

    be
    >> eminating from Aurora. I have run the program regularly
    >> (about 50 times) in normal and safe mode and have

    tried to
    >> manually remove these as well. These really mess up
    >> systems. Please help.

    >
    >.
    >
     
    Alan, Aug 6, 2005
    #4
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shayman

    IEXPLORE.EXE missing after ANTISPYWARE clean

    Shayman, Jan 7, 2005, in forum: Spyware Discussion
    Replies:
    0
    Views:
    2,521
    Shayman
    Jan 7, 2005
  2. Dan
    Replies:
    1
    Views:
    507
    Nabil Mish
    Jan 7, 2005
  3. keith2468

    Navigation: from various System Explorers wrong

    keith2468, Jan 9, 2005, in forum: Spyware Discussion
    Replies:
    0
    Views:
    453
    keith2468
    Jan 9, 2005
  4. John Minker

    UI Clean up

    John Minker, Jan 10, 2005, in forum: Spyware Discussion
    Replies:
    1
    Views:
    565
    David Leon
    Jan 11, 2005
  5. Michael

    Good but doesn't clean cookies

    Michael, Jan 10, 2005, in forum: Spyware Discussion
    Replies:
    1
    Views:
    527
    Robear Dyer, MS MVP
    Jan 10, 2005
  6. Patrick

    Scan and Clean Corrupts TCP/IP Stack

    Patrick, Jan 12, 2005, in forum: Spyware Discussion
    Replies:
    4
    Views:
    2,112
    Bill Sanderson
    Jan 12, 2005
  7. Carl
    Replies:
    5
    Views:
    418
Loading...