Orman
join:2004-01-06
Evanston, IL | Is this a setup for more Aurora Problems? There is an unpleasant piece of malware that is often associated with the name Aurora. It's most immediate symptom is that it will connect to the internet and popup ads. The key part of Aurora is apparently a program called nail.exe. It operates by spawning a pseudo program with a random name so it is difficult to permanently block. Allegedly, it also involves a process svchost to protect itself and recovers from simplistic attempts to remove it. Apparently Aurora originates with a company called
Direct Revenue - which appears to own some of the ip addresses Aurora contacts when it tries to phone home.
Normally, the instructions for removing Aurora are enough to drive any sane person back to using an abacus. see one of the 1st results for a google on nail.exe
»www.geekstogo.com/forum/Nailexe_···046.html
or perhaps more pertinently
»HJT Log Adware.BetterInternet Nail.exe
Well, at anyrate, one result leads to
»www.mypctuneup.com/aurora
Seems straight forward solution for an irritating piece of stuff -except that the install instructions suggest turning off antiviral and firewall software. And it becomes really suspicous if you happen to go to »www.direct-revenue.com/news6.php
(see the end of my first paragraph re Direct Revenue) and read
"the Aurora Ad Client is compliant with the branding and removal standards of all major proposed Federal legislation relating to online contextual ads such as HR 2929". Un oh. It becomes really worrisome when you read "The Aurora launch follows the January debut of Direct Revenue's MyPCTuneUp™, a technical support feature that helps Direct Revenue customers with technical issues including removing software from their PC."
There seems to be no acknowledgment on the MyPcTuneUp site that they have some sort of corporate connection to the company(ies) they are supposedly cleaning up after except for a vague "While providing this outsourced support center for partner companies, it became clear that individuals wanted a truly effective technical support service that they could use for a wide variety of problems on their PCs...."
Would you trust MyPcTuneUp?
|
|
| MyPcTuneUp has never been a trusted source. Nothing changed here.
--
Remember, I'm pulling for you - we are all in this together... |
|
 MarillaI Am My Own ArbiterPremium
join:2002-12-06
Belpre, OH | reply to Orman
Sometimes it can be discouragingly difficult to keep up with all the names of people/entities which are looking out for our interests, and those which decidedly are not, especially for people, like myself, who just don't keep up on that particular sort of thing.
Aggravating, and disheartening, at times.
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics! |
|
| reply to Orman
Hi, I do some work for Direct Revenue, so I'm biased. But I have to say that MyPCTuneUp actually does what it claims. It removes Aurora and other Direct Revenue apps without installing anything new. It doesn't capture personal info or track a user's behavior. It's a clean uninstall and it's free and pretty easy to use. From what I've seen, it works for most folks and they are pretty happy with the results. |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | There is no legitimate reason for any uninstaller to require internet access. NONE.
If a program will not uninstall with zero internet access it is malicious in nature.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
1 edit | reply to Hank Roberts
said by Hank Roberts:Hi, I do some work for Direct Revenue... Black Hat  |
|
 NanDogThe Pup Was Female, I'M NotPremium
join:2003-12-28 | reply to Orman
Here's some info about MyPcTuneUp from Eric Howe's "Rogue and Suspect Anti-Spyware" site:
»www.spywarewarrior.com/rogue_ant···eup_note
--
See ya across the Rainbow Bridge, my good and faithful friend! |
|
|
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to Orman
1. Mypctuneup works and does not further infect your PC
2. Ewido Security Suite method works also with some other fixes needed to complete the process. The advantage is most likely running it will find other crap on a PC and get rid of it at the same time making the cleanup process easier if you are helping to bring back a PC from adware/spyware madness.
3. Now there is another solution that is working in one go to clean Aurora..I think AVAST came out with it last week.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
 catseyenuAck PfftPremium
join:2001-11-17
Fix East | reply to Hank Roberts
And have no shame making your living exploiting others.
I'll bet your mother is proud. |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6
1 edit | said by catseyenu:And have no shame making your living exploiting others. I'll bet your mother is proud. Darn cat..and here I thought you might have had even another way to stop people from even using the products and services bundled with the Direct Revenue schemes. That bundle does not just jump on a PC from nowwhere..in each case a user has gone after a "freebie" of some kind..with the provider of that service or program wanting a little bit more out the the venture besides your goodwill and thanks.;)
On subject:
It appears the Symantec has updated their removal tool and it might help you
»securityresponse.symantec.com/av···net.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
| reply to Orman
I do not trust MyPCTuneUp.
But I'm having a lot of trouble with my computer.
It's being extremely slow.
Does this have something to do with aurora?
so these are off the aurora site
»www.aurora.com/support/malware.html
»www.aurora.com/ |
|
| reply to Orman
Personally, I would never trust a site that tells me to remain connected to the internet but shut down my firewalls and anti-virus. 
I did have some problems with Aurora, and found a blocking program here: »www.majorgeeks.com/NailBolderAur···609.html
I wish you the best of luck with this, as it is a pernicious little bit of malware.
Raven |
|
Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6
1 edit | said by Sister Raven:Personally, I would never trust a site that tells me to remain connected to the internet but shut down my firewalls and anti-virus. I did have some problems with Aurora, and found a blocking program here: » www.majorgeeks.com/NailBolderAur···609.htmlI wish you the best of luck with this, as it is a pernicious little bit of malware. Raven Did you determine how you personally got Aurora on your PC ?
Old info since last test was done on 25 may..but still relavent
What MypcTuneUp.com Actually detects & cleans
3rd Update 25 May 2005 What MypcTuneUp.com Actually detects & cleans
»www.webhelper4u.com/tnewswritigs···005.html
Quote
"Now, the only issue I have with using the MyPctuneup.com Direct-Revenue uninstaller is that at this time it will clean the Nail.exe and its re-infesting files. It still doesn't detect the bolger.dll or their newest imGiant.dll variant as seen by the Hijackthis log after cleaning at mypctuneup.com. That may be a few more weeks as the transponder gang are sometimes slow in really updating everything except their variants and ad campaignss!"
--
Gladiator Security Forum »www.gladiator-antivirus.com/
Missing Kids
»www.missingkids.com/ |
|
