General discussion

Locked

adware/spyware/malware

By d4dar ·
I visited a website that installed this annoying adware on my system. The official name of the adware is called 'A BETTER INTERNET'. i have webroot spysweeper - it finds it, but it doesnt stay gone. I also tried Xoftware - it found even less than Webroot. I will now detail everyting I have done. WARNING: THIS IS A LONG LIST...

SYSINFO: WinXP (pro) SP2

ADWARE INFO:

It starts 'Explorer' with a command line telling Windows to run a prog called 'Nail.exe'
(i used 'regmon' to find this out)

It shows up in Add/Remove Programs as 'A Better Internet', but if you try uninstalling it from there - it just pops up saying if you want to remove it then got to website blah-blah. I decided not to trust them since they installed this without my permission in the first place.

Here are the steps taken to remove manually
1) Ended task on the following processes in taskmanager: adbitzun.exe, aurora.exe, aurora-wise1.exe, auroraco.exe, nail.exe, svcproc.exe & deleted the files in the Windows directory

2) Deleted following reg keys:
HKU\S-1-5-21-2000478354-1957994488-725345543-500\software\aurora\ & aurorahandler
HKLM\system\currentcontrolset\control\print\monitors\zepmon
HKEY_CLASSES_ROOT\aurorahandlerdll.aurorahandlerdllobj
HKEY_CLASSES_ROOT\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}
HKEY_CLASSES_ROOT\interface\{544b6a3f-4024-4403-9661-69b8410be505}\iaurorahandlerdllobj
HKEY_CLASSES_ROOT\typelib\{6d992**1-b563-47fc-ab29-437f42d1c729}\1.1
HKEY_CURRENT_USER\software\aurora
HKEY_CURRENT_USER\software\aurorahandler

3) in command prompt, ran regsvr32 & tried to unregister 'aurorahandler.dll' but got an error with failure address '0x8002801c'

Please help me get this stinky little program off my system.

Thank you,
~Darla

This conversation is currently closed to new comments.

23 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Absolutely In reply to

I can't promise this will catch your VX2 problem, but I have been pleased with its performance. The free version is less automated than the professional, but I believe it has all the same defintions.

http://www.lavasoft.de/support/download/

Collapse -

by willcomp In reply to adware/spyware/malware

The critter is VX2 and can be difficult to remove. Check link below for removal tools.

http://subratam.org/main/index.php?option=com_content&task=view&id=19&Itemid=41

I can't see other responses while typing this, but also download, install, update and run Spybot Search and Destroy if you haven't already. It's available at download.com.

Hijack This will not remove VX2.

Dalton

Collapse -

by willcomp In reply to

Spybot usually is effective in removing VX2. But there may be a new strain out.

VX2 is adware/spyware and not a virus.

Collapse -

by d4dar In reply to

Poster rated this answer.

Collapse -

by ozi Eagle In reply to adware/spyware/malware

Hi,

A program I have found useful in getting rid of tough infections is Adware Away, available for 5 days free trial at www.adwareaway.com.

Good luck.

Collapse -

by d4dar In reply to

Poster rated this answer.

Collapse -

by BorgInva In reply to adware/spyware/malware

Just adding some extra links from my doc I send out to family/friends.


To completely avoid spyware and viruses, turn PC off. Truthfully.
If you really want to use it, prevention with running programs are best. Read their docs on how to use them and update them. All these are FREE.
Oh, yes! KEEP WINDOWS UP TO DATE! Use the AUTOMATIC UPDATE feature.

ONLINE VIRUS CHECKS, no software install required other than an Active X component if required (some do removals):
Symantec Security Check
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=QQWRORVWHFHMFNZMBBX
BitDefender
http://www.bitdefender.com/scan/licence.php
Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Trend Micro Online Virus Scan
http://housecall.antivirus.com/housecall/start_corp.asp
Trend Micro Housecall
http://housecall.trendmicro.com/
Virus Threat Center Blog
http://virusthreatcenter.com/?tag=zd.ft.fs.vtc
McAfee Virus Removal Tools
http://us.mcafee.com/virusInfo/default.asp?id=vrt

ONLINE SPYWARE CHECKS
ZoneAlarm Spyware Check
http://download.zonelabs.com/bin/promotions/spywaredetector/index3.html

REFERANCE
http://www.download.com/spyware-center/2001-2023-0.html?tag=note

ANTIVIRUS SOFTWARE (again all FREE)
Free avast! 4 Home Edition
http://www.asw.cz/eng/avast_4_home.html
AVG FREE
http://free.grisoft.com/freeweb.php
AntiVir? PersonalEdition Classic
http://www.free-av.com/index.htm
BitDefender Free Edition v7
http://www.bitdefender.com/bd/site/products.php?p_id=24

Collapse -

by BorgInva In reply to

ANTI SPYWARE
About:Buster
http://www.malwarebytes.biz/index.php
Bug Off
http://www.spywareinfo.com/~merijn/downloads.html
CWShredder
http://www.intermute.com/spysubtract/cwshredder_download.html
HijackThis 1.99.1
http://www.spywareinfo.com/~merijn/downloads.html
Ad-Aware SE Personal edition
http://www.lavasoftusa.com/
Microsoft? Windows AntiSpyware (Beta) [I believe updates are done through Windows Update)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Spybot Search and Destroy 1.3
http://www.safer-networking.org/
SpywareBlaster 3.3
http://www.javacoolsoftware.com/spywareblaster.html
X-RayPC Spyware Process Analyzer 1.001
http://www.x-raypc.com/

TO WATCH YOUR START UP PROGRAMS

MSCONFIG (not on W2k)
Use RUN and type MSCONFIG and then hit ENTER
Use these programs too
Startup Monitor
http://www.mlin.net/index.shtml
StartupRun v1.22
http://www.nirsoft.net/utils/strun.html

FREE FIREWALLS:

ZoneAlarm (one of the BEST, even for free)
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za
Sygate Personal Firewall 5.x (never used myself but it is a good one)
http://smb.sygate.com/products/spf_standard.htm

AND MORE ONLIE FIREWALL TESTS
ShieldsUP!
https://www.grc.com/x/ne.dll?bh0bkyd2
LeakTest
http://www.grc.com/lt/leaktest.htm
Symantec Security Check
http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=QQWRORVWHFHMFNZMBBX

Collapse -

by d4dar In reply to

Poster rated this answer.

Collapse -

by sgt_shultz In reply to adware/spyware/malware

i am kicking myself for not writing down exactly what i did when i got rid of nail a few months ago.
i think the solution turned out to be resetting the permissions on either a folder holding the 'nail' generator or on the registry or both.
it is a variant of the vx2 malware. i did successfully get rid of it. i pretty sure i had to use hijack this. maybe it helped me locate the folders or registry entries. i think i shotgunned the registry by resetting so admin had full rights everywhere on all the hives. but think the final answer was a hidden folder that was not permitted to access. so adaware could not clean it. so, logged in as admin, i used the Advanced Permissions button to take ownership of the folder and its contents. then i delted it and i think between adaware and the hijack this i got rid of it finally after that. remember to run in these utilites in safe mode with no internet connected and with system restore turned off. put sticky on pc 'turn system restore back on' ;&gt

Back to Windows Forum
23 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums