From: "AndyManchesta"
It will remove Nail/Svcproc/Bolger & Drpmon.dll but on
the test I did it missed the random named file that gets
created in the system folder which then brings it all
back as soon as you reboot the mªchine,
Also it hooks into explorer.exe so fixes do need to be
run in safe mode, I removed this last night by deleting
all the files manually then used Hijack this to fix the
remaining entries in safe mode But its hard to do without
knowing all the file locations,
Heres the easiest fix for Aurora which saves you having
to remove the files yourself,
It might help if you copy these instructions to notepad
and save it on your desktop as you may not be able to
access this site while you are running the fixes.
Download these programs first :
Download the new version of NailFix (From racooper)
---------------------------------------------------
http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3719.0;id=310
save to desktop or c:/drive , DO NOT run it yet
Ewido Security Suite :
----------------------
Please download, install, and update the free version of
Ewido trojan scanner:
http://www.ewido.net/en/download/
When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
From the main ewido screen, click on update in the left
menu, then click the Start update button.
After the update finishes (the status bar at the bottom
will display "Update successful")
Exit Ewido. DO NOT scan yet.
Download Ccleaner
------------------
http://www.ccleaner.com/ccdownload.asp
Download and install, but do not run it yet.
Next Step is to boot into safe mode :
------------------------------------
Reboot into Safe Mode.
Restart your computer and keep tapping the F8 key on your
keyboard.
When you see the option screen, then choose safe mode
from the list,
Once in Safe Mode,
please double-click on nailfix.exe. Click "Next" in the
setup, then make sure "Run Nailfix" is checked and
click "Finish". Your desktop and icons will disappear and
reappear, and a window should open and close very
quickly --- this is normal.
Next, Run Ewido.
Click on the Scanner button in the left menu, then click
on Complete System Scan. This scan can take quite a while
to run.
If ewido finds anything, it will pop up a notification.
If its clearly described as malware(Trojan,Spyware etc..)
have ewido remove the entry,
When the scan finishes, click on "Save Report". This will
create a text file. Save to desktop incase its needed
later.
When ewido has finished, next clear the prefetch folder
goto start menu then run and type :
prefetch
delete the contents of this folder (left click and
highlight the files by holding the left mouse button and
covering all the files,then right click and choose delete)
Next run Ccleaner and choose 'Run Cleaner' run it twice
to make sure its clear,then use the 'issues' button and
scan for errors,Fix any that are detected.
Reboot and see hows things look if you are clean you will
need to clear the system restore incase any restore
points have been made since you were infected,Post back
if you need help on thªt.
If you have any problems just let us know,
Goºd Luck
Andy
..
