New Spyware

[Keith]

I have run your beta version of spyware and I have run Ad-
aware and spybot and still keep getting a popup called
aruroa. It starts up a web page of anything from
classmates.com to xxx sites. nothing can find it or erase
it. need help

 

[Guest]

Sorry, I miss-spelled Aurora. LOL my fingers don't have
spell check

 

[Ron Chamberlin]

Hi Keith,
Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files* C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize.

Ron Chamberlin
MS-MVP



*The .tif are Temporary Internet Files, and are stored in a different barn
than 'normal' temp files.
Here's how I kludge thru to them: Open Windows Explorer--->C:\Documents and
Settings. Then it's to the Tool Bar--->Folder Options--->View--->Hidden
Files and Folders and check the box "Show hidden files and folders" > Now
expand C:\Documents and Settings and under each user you will now see a
folder "Local Settings". Open that puppy and choose Temporary Internet
Files. I am not concerned about the cookies therein, but everything else
can go for now.

 

[Ron Chamberlin]

Keith,
It's called typo virus. I have a heckuva case of it myself.

Ron Chamberlin
MS-MVP

Sorry, I miss-spelled Aurora. LOL my fingers don't have
spell check

 

[Guest]

There is an item relating to this problem in the
Announcements section

 

[Ron Chamberlin]

Yes, I just saw that. Thanks for the head up tho.
Anyone suffering thru this Aurora should check there for a good informative
discussion.

Ron Chamberlin
MS-MVP

 

[Bill Sanderson]

There are some tricks to cleaning this one.

If you want to make Ron Kinner's day, you could take him up on his offer in
..Announcements.

Otherwise, I'd recommend a specialized forum because both HijackThis and
perhaps other specialized tools are needed to successfully clean.

One user here found that using the web link to uninstall that is given in
(some?) of the popups was the best choice for him. It left a good bit
behind, but the process didn't seem to add anything new to his system.

 

[D@annyBoy]

maybe cleaning the registry would help too
but I think it is too tough a job for newbies

have being thinking about this
zip the registry
let the experts clean the registry
zip it back to the newbies and teach them how to merge it back

warrantee not included, of course

--

D@nnyBoy
Have you tried posting your problems
not related to MS AntiSpyware to
news://msnews.microsoft.com

and please don't bother to send me private mail
because I don't check my mailbox regularly

 

[Steve Wechsler [MVP]]

It left a good bit behind, but the process didn't seem to

add anything new to his system.

Yet. Let's see if it doesn't reappear.
The "uninstaller" for Aurora is being analyzed and tested.
FWIW, it can be found here :
http://xxx.mypctuneup.cxm/evaluate.php

** URL altered to prevent any possible infestation of the innocent **
If anyone would care to analyze it then you'll have to be clever enough
to restore the URL

Install info on Aurora, including a screenshot, is available here :
http://www.webhelper4u.com/tnewswritigs/bolger_aurora.html


Steve Wechsler (akaMowGreen)
MS-MVP 2004-2005

===============
*-343-* FDNY
Never Forgotten
===============

 

[Bill Sanderson]

Thanks, Steve. This form of uninstall doesn't meet Microsoft's criteria, so
this is definitely a bug which I would expect Microsoft Antispyware to
remove in future definitions, but when that will happen, I can't predict.

 

[Bill Sanderson]

Interesting--purports to remove all the VX2 stuff? Seems to be based on the
East coast, fwiw--do I recall reading that they are in NYC?

 

[Steve Wechsler [MVP]]

Interesting--purports to remove all the VX2 stuff? Seems to be based on the
East coast, fwiw--do I recall reading that they are in NYC?

Yup .. when one goes past the building that houses this "fun bunch" one
has to resist dark impulses.

Direct Revenue LLC
107 Grand Street
3rd Floor
New York, NY 10013
V: 646.613.0376
F: 646.613.0386

Direct-Revenue - Vx2 Transponder Gang Fifth Columnists with Adware
Sleeper Agents
http://www.webhelper4u.com/directrevenue/directrevenue2.html

Perhaps victims of these "advertisers" might like to contact them and
express their "appreciation".

Steve Wechsler (akaMowGreen)
MS-MVP 2004-2005

===============
*-343-* FDNY
Never Forgotten
===============

 

[Bill Sanderson]

I liked the stuff Eric Howes did about the financial end of this business.

Actually, my recollection of what little I saw of the Aurora ads was that
some of them were relatively high quality (the ads, not whatever they were
advertising!)--If somebody gets into this business that can put out ads that
look like they belong in the New Yorker, we'll all be in trouble!