 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to GameGuy369
Re: ABetterInternet: The EULA, Removing Aurora said by GameGuy369:I got infected with it, and it was truly fun removing it. Eventually I learned well enough to hit it in all directions at one time by scanning with KAV, Microsoft Anti-spyware, Spybot S&D, and HiJackThis! That combo took it down finally. But it was a painful process. Actually that is the hard way to go..Hijackthis will tell you it is there in it's diagnostic logs once that is establsihed and you can also see what other junk you have to deal with..to do the Aurora you just follow the steps laid out by LoPhatPhuud to this member
»forum.gladiator-antivirus.com/in···ic=26533
You then had a free copy of ewido to use that not only cleans Aurora..but also some of the other junk as it scanned making the final clean up with hijackthis a breeze in most cases depending on what other stuff the user decided to download for FREE  without first reading the fine print or finding out what is bundled with it.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
 DCee
@plyntv01.mi.comcast. | reply to GameGuy369
My system has been infected with "Aurora - part of the ABI network" and this worm/virus is creating a huge disruption to my business. I have tried SPY Bot, adaware SE and Spy Sweeper but these products have not been effective. These software products work to some degree but ultimately the spyware returns when I access google search or other programs. Must be imbedded becasue it comes back and then spreads through multiple programs creating POP-UPS that result in the system being almost unuseable. THis (worm/virus) is a major irritant and very disruptive. CAN YOU HELP? |
|
|
|
suziPremium
join:2004-05-01 | DCee,
Some people have said that Ewido Security Suite removed this infection. There is a free trial.
»www.ewido.net/en/
--
aka Suzi, Spyware Warrior |
|
TeMerc
join:2004-01-22
Phoenix, AZ | reply to redxii
DeeCee, Ewido is part of the fix, as Daphne said, but there is also a special reg fix, which is also in the thread which Name Game posted, be sure and use that if your going to fix it yourself. I would recommend tho, that you get your HJT log diagnosed properly.
--
Remember............You can NEVER be OVERPROTECTED!!»temerc.com/ |
|
| reply to novaflare
Re: A Better Internet:: Removing Aurora Do not, UNDER ANY CIRCUMSTANCES, use mypctuneup.com. It is owned by Direct Revenue LCC, the same company that produces Aurora.
In an article by a LEGITIMATE anti-spyware company, it is stated, "None of the installed programs [of Direct Revenue, including Aurora and mypctuneup] have information that identifies them as a product of Direct Revenue, nor do the programs have the brand name of Ceres or Aurora clearly identified in the executable files. One of its running programs uses a randomly generated file name [ie. gmbgklixrp, tash] so it is impossible to tell what the file does. The others are named in vague or deceptive ways such as "System Startup Service" or "Nail.exe".
Mypctuneup will remove nail.exe, but will make many more problems for your computer. In the licensing agreement before installing mypctuneup, you allow the installation of a web bug. Also, you consent for your "non-personal information", including IP address, ISP, domain, to be recorded.
The legitimate, well reviewed (by cnet and pcmagazine) program Webroot Spy Sweeper can be used to quarantine and nullify the effects of Aurora (you can use the 30 day trial).
Finally, mail a complaint to Direct Revenue LCC, located at 107 Grand Street, 3rd Floor in Manhattan or call them at 646-613-0376. |
|
| said by netczar1:Do not, UNDER ANY CIRCUMSTANCES, use mypctuneup.com. It is owned by Direct Revenue LCC, the same company that produces Aurora. Or if you do, make sure you have *.mypctuneup.com in your Restricted Zones before you go take a look.
--
"Don't steal. The government hates competition." |
|
| reply to redxii
Re: ABetterInternet: The EULA, Removing Aurora *TAG* I work for Geek Squad now and I want to be sure to be ready for this nasty thing. FIRST computer I worked on I had to deal with it again. It's like it wants to haunt me for the rest of my life. |
|
approval from:
antdude 
| Diggin' up a 3 month old subject eh?
Well, what the heck might as well throw in my 2 cents since I haven't seen the suggestion. Seen this mentioned elsewhere and its worth repeating, cause its the quickest way of removing this Sh*tware!
Go into explorer, Windows Folder. Right click on NAIL.EXE and goto Properties. Go to Permissions tab, and select DENY for all users.
Reboot Computer. Delete Nail.exe
Edit Registry, Navigate to and delete the following subkeys:
HKEY_CURRENT_USER\Software\aurora
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SvcProc
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete any value that refers to the file detected in windows dir should be a 5 random character name with 'r' loading switch afterwards.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In the right pane, change the value to:
"Shell" = "Explorer.exe"
Exit the Registry Editor.
Had to remove this off a neighbors 'puter yesterday for 2nd time. And this way was certainly the fastest. Needless to say they were extremely grateful that this sh*tware was gone!
Credit for Reg. Entries: Sarc.com |
|
