Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Holy Grail- New Aurora Killer


  • Please log in to reply
No replies to this topic

#1 caterbro

caterbro

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:49 PM

Posted 02 September 2005 - 04:54 PM

hi all-

courtesy of one of my workmates, a new technique that appears to quickly and permanently remove the Aurora PITA.

as you may know, Aurora, also known as Bolder, Nail, ABI, ABetterInternet, etc., hacks the explorer shell to run nail.exe, and runs several other processes as well- notably, a random 7 character .exe file that, if you kill it, removes the file, generates another one and respawns the whole damn thing.

here is the new trick.

boot your pc into safe mode, login to Administrator, clean out all the temp files, etc, etc.

download the excellent Spybot 1.4 (at our website or anywhere you care to). install and update it.

close all windows except spybot.

run the check. as the check is running, take the following steps-

Ctrl-Alt-Del or run taskman from the start menu. kill the explorer shell. find the random executable that aurora is using and right-click it to 'kill process tree' (this is the new trick:D)

do NOT restart the explorer. let spybot finish- it cleans out loads of Aurora related stuff now.

use Spybot Tools to clean 'system internals', and clean out the startup- remove entries and files that are Aurora related or otehrwise bad. repeat for BHOs, activeX, etc.

using the taskmanager, select new task and run regedit.

search the registry for nail.exe- delete it wherever you find it. repeat for bolder.exe and chuck in a few other Aurora files if you feel like it (NOT svcproc.exe)


use spybot to check the startu again(be VERY thorough here)
use the taskman to logout, and repeat the process for other profiles.

run a Trendmicro scan when you are finished to mop up anything else, starting your browser from taskmanager, and then reboot.

this has worked a dozen times for us in the past week- so I'm passing it on.

brought to you by Tech Rescue :thumbsup:


(moderator edit: moved post to more appropriate forum. jgweed)

Edited by jgweed, 02 September 2005 - 07:59 PM.

Carl
----
Official puter fixer :D

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users