Anyone else had to deal with this one? Nastiest thing I've seen in a long time. I'm not taking that one off for free...
Aurora spyware?
- Thread starter Silver
- Start date
Yup. The GF's PC had it. It seems that it's some sort of "legal" download. The easiest way to remove it is with their tool. So far it seems to have worked and didn't install anything else. So far no spyware I can see but I am keeping an eye on the system.
From TechSpot.com...
http://www.techspot.com/vb/topic27710.html
There are different ways to get rid of this pest Aurora:
1) Manually, for free. Utterly thorough and may catch/remove other rogues as well.
2) Automated, but you have to pay for it.
3) Automated, for free, but the program-source is not beyond dispute!
====================================================================== ===============
Method 1) Manually.
---------------------
NOTE: this text was copied from TheJoker on the BroadbandReports Forum http://www.broadbandreports.com/forum/remark,13685446
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Please download, install, and update the free version of Ewido trojan scanner: http://www.ewido.net/en/download/
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main Ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Exit Ewido. DO NOT scan yet.
Download CCleaner from http://www.ccleaner.com/ccdownload.asp and install, but do not run it yet.
Please download the Nail/Aurora Spyware Fix from http://www.noidea.us/easyfile/file....050515010747824. (Alternate download link: dknoppix mirror http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix)
Unzip it to the desktop but do NOT run yet.
Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
- Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
- Select an option when the Windows Advanced Options menu appears, and then press ENTER.
- When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode, please double-click on nailfix.cmd that you unzipped earlier. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Next, run CCleaner.
- Uncheck "Cookies" under "Internet Explorer".
- If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
- Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Now run Ewido again.
- Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
- If Ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following items:
F2 - REG
ystem.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
ANY O2 - BHO: that has (file missing)
ANY O2 - BHO: that has (no name) AND (no file)
ANY O3 - Toolbar: that has (no name) AND (no file)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
OR
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing).
Finally, restart your computer in normal mode and post a new HijackThis log (as an attachment with .txt extension), as well as the log from the Ewido scan.
====================================================================== ===============
Method 2) Automated, paid for.
--------------------------------
If the above is too complicated, you can download a trial version of Adware Away from: http://www.adwareaway.com/ which MAY get rid of it in trial-mode.
It DOES get rid of it in one go, if you BUY their program for $29.95
This is NOT a plug for them, and I can NOT verify that the program works as declared. I have not been infected (yet).
====================================================================== ===============
Method 3) Automated, free, BUT...
------------------------------------
Some forum-users have reported success, using the (free) spyware removal tool from
http://www.mypctuneup.com/evaluate.php?b=aurora
Do NOT go anywhere else on that website!
Others have used a similar (or the same?) tool, downloaded from www-abetterinternet-com, AKA DirectRevenue.
Big CAVEAT:
To the best of my knowledge, all three (mypctuneup, ABetterInternet and DirectRevenue) are one and the same dubious outfit!
DirectRevenue are the MAKERS of Aurora, for Pete's sake!!
Check this out first, before you decide to go the FREE way (I wouldn't):
http://netrn.net/spywareblog/archiv...hreatens-again/
From TechSpot.com...
http://www.techspot.com/vb/topic27710.html
There are different ways to get rid of this pest Aurora:
1) Manually, for free. Utterly thorough and may catch/remove other rogues as well.
2) Automated, but you have to pay for it.
3) Automated, for free, but the program-source is not beyond dispute!
====================================================================== ===============
Method 1) Manually.
---------------------
NOTE: this text was copied from TheJoker on the BroadbandReports Forum http://www.broadbandreports.com/forum/remark,13685446
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Please download, install, and update the free version of Ewido trojan scanner: http://www.ewido.net/en/download/
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main Ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Exit Ewido. DO NOT scan yet.
Download CCleaner from http://www.ccleaner.com/ccdownload.asp and install, but do not run it yet.
Please download the Nail/Aurora Spyware Fix from http://www.noidea.us/easyfile/file....050515010747824. (Alternate download link: dknoppix mirror http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix)
Unzip it to the desktop but do NOT run yet.
Reboot into Safe Mode. To do this with Windows XP, you can follow these steps from Microsoft:
- Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you the Boot Menu appears.
- Select an option when the Windows Advanced Options menu appears, and then press ENTER.
- When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.
Once in Safe Mode, please double-click on nailfix.cmd that you unzipped earlier. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
Next, run CCleaner.
- Uncheck "Cookies" under "Internet Explorer".
- If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".
- Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Now run Ewido again.
- Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
- If Ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Then run HijackThis, click Scan, and place a checkmark by the following items:
F2 - REG
ystem.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exeANY O2 - BHO: that has (file missing)
ANY O2 - BHO: that has (no name) AND (no file)
ANY O3 - Toolbar: that has (no name) AND (no file)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
OR
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing).
Finally, restart your computer in normal mode and post a new HijackThis log (as an attachment with .txt extension), as well as the log from the Ewido scan.
====================================================================== ===============
Method 2) Automated, paid for.
--------------------------------
If the above is too complicated, you can download a trial version of Adware Away from: http://www.adwareaway.com/ which MAY get rid of it in trial-mode.
It DOES get rid of it in one go, if you BUY their program for $29.95
This is NOT a plug for them, and I can NOT verify that the program works as declared. I have not been infected (yet).
====================================================================== ===============
Method 3) Automated, free, BUT...
------------------------------------
Some forum-users have reported success, using the (free) spyware removal tool from
http://www.mypctuneup.com/evaluate.php?b=aurora
Do NOT go anywhere else on that website!
Others have used a similar (or the same?) tool, downloaded from www-abetterinternet-com, AKA DirectRevenue.
Big CAVEAT:
To the best of my knowledge, all three (mypctuneup, ABetterInternet and DirectRevenue) are one and the same dubious outfit!
DirectRevenue are the MAKERS of Aurora, for Pete's sake!!
Check this out first, before you decide to go the FREE way (I wouldn't):
http://netrn.net/spywareblog/archiv...hreatens-again/
Yeah, I did it the manual way. Using their tool is like getting penicillin from the hooker that gave you syphilis.
I also called them up, and left a screaming voicemail, along with complaining to the NY Attorney General's office. The screaming made me feel better
I also called them up, and left a screaming voicemail, along with complaining to the NY Attorney General's office. The screaming made me feel better
Hey, Spitzer is running for governor. It can't hurt to win one for the common man, right?Changleen said:
Failing that, I hope the people in charge at Direct Revenue get ebola, along with their families and loved ones. What a bunch of ****ing assholes.