courtesy of one of my workmates, a new technique that appears to quickly and permanently remove the Aurora PITA.
as you may know, Aurora, also known as Bolder, Nail, ABI, ABetterInternet, etc., hacks the explorer shell to run nail.exe, and runs several other processes as well- notably, a random 7 character .exe file that, if you kill it, removes the file, generates another one and respawns the whole damn thing.
here is the new trick.
boot your pc into safe mode, login to Administrator, clean out all the temp files, etc, etc.
download the excellent Spybot 1.4 (at our website or anywhere you care to). install and update it.
close all windows except spybot.
run the check. as the check is running, take the following steps-
Ctrl-Alt-Del or run taskman from the start menu. kill the explorer shell. find the random executable that aurora is using and right-click it to 'kill process tree' (this is the new trick:D)
do NOT restart the explorer. let spybot finish- it cleans out loads of Aurora related stuff now.
use Spybot Tools to clean 'system internals', and clean out the startup- remove entries and files that are Aurora related or otehrwise bad. repeat for BHOs, activeX, etc.
using the taskmanager, select new task and run regedit.
search the registry for nail.exe- delete it wherever you find it. repeat for bolder.exe and chuck in a few other Aurora files if you feel like it (NOT svcproc.exe)
use spybot to check the startu again(be VERY thorough here)
use the taskman to logout, and repeat the process for other profiles.
run a Trendmicro scan when you are finished to mop up anything else, starting your browser from taskmanager, and then reboot.
this has worked a dozen times for us in the past week- so I'm passing it on.
brought to you by Tech Rescue
(moderator edit: moved post to more appropriate forum. jgweed)