May 13th, 2005, 10:44 AM
Aurora pop up
I was removing some spyware from my mates Dad pc last night.
I ran the usual tools, AAW6, Microsoft Anti spyware etc. Ran them in Safemode etc.
I came across a couple of bits of spyware I couldn't get. None of the antispyware flagged them up. I only caught them because either the pop ups continued or Zonealarm caught the process trying to get out.
One of them was Aurora, a pop up program the others I don't know what they were I only got the process name from ZA. The process names seemed to be [random string of characters].exe
I followed intructions similar to this
This seemed to get rid of aurora but I'm not confident. The others I blocked and left just because I wanted to go home. The crap has screwed up IE quite badly and XP is a little unstable now but Firefox works ok.
Eliminate the Aurora pop-up spyware:
1. Go to start/run and type CMD press ok
2. When it opens type CD and press return and then when you see the C: prompt type CD/WINDOWS press return
3. Type NAIL.EXE /FullRemove press return
Note: Make sure that there is a space between NAIL.EXE and the /
Go to TechGuy for a full explanation of the situation - only needed if you want additional information about the Aurora problem.
Upon further research Aurora comes from. Direct Revenue LLC. AKA Offeroptimizer and Abetterinternet.com.
Any idea if this was the right way to shift Aurora and any idea how to get rid of the others?
I don't have access to the machine right now so I can't post a Hijackthis log.
If the machine is still screwing around I'm going to reformat it but I was wondering how best to tackle these for future reference.
May 13th, 2005, 12:02 PM
might consider doing some antivirus scans in safe mode with networking turned OFF. you didnt mention if the PC was windows XP or not but I would also turn off the system restore run hijack this and your adaware tools again. When you do get a chance please post that hijack this log and dont forget to clean out msconfig and ALL temp files including the Prefetch as things like to hide in these folders and present themselves in the most inoppourtune times
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
May 13th, 2005, 12:43 PM
Should have made that clearer. It was an XPhome PC with some patches but not SP2.
May 13th, 2005, 01:38 PM
There is also a service installed by this "ick" that needs to be taken care of.
Ewido seems to take care of most of the infection with minimal clean-up needed.
edit: run Ewido in safe mode.
Or you could run the uninstaller provided so kindly by those who infected you.
May 13th, 2005, 10:19 PM
You stated AdAware 6 ?
if so, go and upgrade to AdAware SE NOW
Try other cleaners, some will hit what was missed.
Although Meeeeeee does this stuff for a living, and therefore is to be considered 'odd enough' to take REAL serious
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone