A
AndyManchesta
You can go for this Manually or use the unistaller from
Direct Revenue who make Aurora:
Looking at ABetterInternet's EULA :
----------------------------------------------------------
Uninstall and Remove Software - You may uninstall the
Software at any time by visiting www.mypctuneup.com.
Visiting www.mypctuneup.com is the primary method to
properly remove the Software. MyPCTuneUp will leave
behind a unique identifier on your computer for the sole
purpose of notifying ABI that you no longer want the
Software to operate on your computer.
This comes from BetterInternet though (makers of Aurora)
"The MyPCTuneUp uninstaller program will never collect
any personally identifiable information, it will not
install any additional programs, and it will delete
itself once it finishes the uninstall process."
Contradicts big time but if your infected you dont have
much to lose it could fix it fast for you.
To go for this manually heres the best way:
For Aurora Use This Fix
----------------------------------------------------------
For Xp Download Nailfix
http://andymanchesta.com/Downloads/nailfix.zip
Download the Remover to your desktop
windows 2000 download nailfix2k
http://andymanchesta.com/Downloads/nailfix2k.zip
----------------------------------------------------------
Download The ABI remover (Better Internet Remover)
http://andymanchesta.com/Downloads/ABIremover.zip
Download the Remover to your desktop
----------------------------------------------------------
Download latest Hijackthis and unpack it in its own folder
(either desktop or c/drive)
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
----------------------------------------------------------
Download Ewido Security Suite
http://download.ewido.net/ewido-setup.exe
----------------------------------------------------------
Download Ccleaner
http://download.ccleaner.com/download119bin.asp
----------------------------------------------------------
Reboot into Safe Mode by hitting the F8 key repeatedly
until a menu shows up (and choose Safe Mode from the list)
start the ABIRemover.exe, press install, wait (explorer
window will disapear)
in Safe Mode, please double-click on nailfix.bat (or
nailfix2k.bat if you have Windows 2000). Your desktop and
icons will disappear and reappear, and a window should
open and close very quickly.
Next run a full scan in Ewido
Hopefully this will kill this but you can check for
entries in hijack this,Reboot and run hijack this,choose
to run a scan and save the logfile,The entries related to
this are these:
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-
1645A0B08410} - C:\WINDOWS\Bolger.dll
O4 - HKLM\..\Run: [hjnyDA] C:\WINDOWS\kkuibquo.exe (this
file changes it's name - but it will
be in the same place in the log)
O23 - Service: System Startup Service (SvcProc) - Unknown
owner - C:\WINDOWS\svcproc.exe
If you find them put a tick beside them in hijack this
close all windows and choose fix checked
run a online virus scan to check for any other malware
Trend Micro http://housecall.antivirus.com/
Panda
http://www.pandasoftware.com/activescan/co...n_principal.h
tm
If you are clean again you can delete nailfix,ewido and
ABI remover if not post the hijack this log either on
here or to my email
Regards
Andy
Direct Revenue who make Aurora:
Looking at ABetterInternet's EULA :
----------------------------------------------------------
Uninstall and Remove Software - You may uninstall the
Software at any time by visiting www.mypctuneup.com.
Visiting www.mypctuneup.com is the primary method to
properly remove the Software. MyPCTuneUp will leave
behind a unique identifier on your computer for the sole
purpose of notifying ABI that you no longer want the
Software to operate on your computer.
This comes from BetterInternet though (makers of Aurora)
"The MyPCTuneUp uninstaller program will never collect
any personally identifiable information, it will not
install any additional programs, and it will delete
itself once it finishes the uninstall process."
Contradicts big time but if your infected you dont have
much to lose it could fix it fast for you.
To go for this manually heres the best way:
For Aurora Use This Fix
----------------------------------------------------------
For Xp Download Nailfix
http://andymanchesta.com/Downloads/nailfix.zip
Download the Remover to your desktop
windows 2000 download nailfix2k
http://andymanchesta.com/Downloads/nailfix2k.zip
----------------------------------------------------------
Download The ABI remover (Better Internet Remover)
http://andymanchesta.com/Downloads/ABIremover.zip
Download the Remover to your desktop
----------------------------------------------------------
Download latest Hijackthis and unpack it in its own folder
(either desktop or c/drive)
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
----------------------------------------------------------
Download Ewido Security Suite
http://download.ewido.net/ewido-setup.exe
----------------------------------------------------------
Download Ccleaner
http://download.ccleaner.com/download119bin.asp
----------------------------------------------------------
Reboot into Safe Mode by hitting the F8 key repeatedly
until a menu shows up (and choose Safe Mode from the list)
start the ABIRemover.exe, press install, wait (explorer
window will disapear)
in Safe Mode, please double-click on nailfix.bat (or
nailfix2k.bat if you have Windows 2000). Your desktop and
icons will disappear and reappear, and a window should
open and close very quickly.
Next run a full scan in Ewido
Hopefully this will kill this but you can check for
entries in hijack this,Reboot and run hijack this,choose
to run a scan and save the logfile,The entries related to
this are these:
F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-
1645A0B08410} - C:\WINDOWS\Bolger.dll
O4 - HKLM\..\Run: [hjnyDA] C:\WINDOWS\kkuibquo.exe (this
file changes it's name - but it will
be in the same place in the log)
O23 - Service: System Startup Service (SvcProc) - Unknown
owner - C:\WINDOWS\svcproc.exe
If you find them put a tick beside them in hijack this
close all windows and choose fix checked
run a online virus scan to check for any other malware
Trend Micro http://housecall.antivirus.com/
Panda
http://www.pandasoftware.com/activescan/co...n_principal.h
tm
If you are clean again you can delete nailfix,ewido and
ABI remover if not post the hijack this log either on
here or to my email
Regards
Andy
