| View previous topic :: View next topic |
| Author |
Message |
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
 Posted: Mon Apr 11, 2005 6:12 pm Post subject: Aurora? Spyware or Adware |
|
|
hi.. I was wondering if anyone has heard of this adware or spyware. It has really jacked my computer up and nothing is taking it off of my computer. It is also not allowing things to download for me to take it off of my computer. Weird error messgaes are coming up and making clicking noises repeatedly. HELP! 
|
|
| Back to top |
|
 |
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Mon Apr 11, 2005 6:20 pm Post subject: |
|
|
Download these Tools and Install them:-
1] CCleaner
2] CleanUp!
3] AdAware
4] SpyBot SnD
5] Trojan Remover
6] WebRoot SpySweeper Trial(After installing SpySweeper, run it, and click "Options" button and then click "Sweep Options" tab, and here select ALL the Hard Disk Partitions or drives)
7] McAfee Stinger
8] CWShredder
9] About:Buster
Reboot the system in SAFE Mode and run CCleaner.
Then run AdAware, SpyBot SnD, Trojan Remover, WebRoot SpySweeper, McAfee Stinger, CWShredder and About:Buster in that order and perform FULL System scan.
Finally, run CleanUp!, and reboot to Normal Mode.
After the steps, perform an Online Virus scan at TrendMicro HouseCall.
For Internet Explorer --> http://housecall.trendmicro.com/
For FireFox and Opera --> http://be.trendmicro-europe.com/consumer/products/housecall_launch.php
And finally, perform an Online Spyware scan at eTrust PestPatrol. This scan does not remove anything, but detects any Spywares/Adwares that may be still present. By looking at it's report, we can make sure that everything bad thing is removed.
http://store.ca.com/dr/v2/ec_main.entry25?page=freePestPatrolScan&client=ComputerAssociates&sid=35715
Post back the results.
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 6:44 pm Post subject: |
|
|
Ran Spy Doc so far. It only found 41 things. I also ran Registry Mechanic and it found 241 things. None were related to Aurora because when I opened IE up came this darn Aurora window. More info to come!
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 6:50 pm Post subject: |
|
|
Nothing with CWS
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Mon Apr 11, 2005 6:50 pm Post subject: |
|
|
Please run other tools too, and also download and run ToolBarCop and post the screenshot of it.
http://windowsxp.mvps.org/toolbarcop.htm
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 7:00 pm Post subject: |
|
|
----------------------------------------
WeatherBug
Browser Extension
{AF6CABAB-61F9-4F12-A198-B7D41EF1CB52}
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
Enabled
Current User
----------------------------------------
n/a
Browser Extension
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
blank
Enabled
All Users
----------------------------------------
Spyware Doctor
Browser Extension
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
Enabled
All Users
----------------------------------------
Messenger
Browser Extension
{4528BBE0-4E08-11D5-AD55-00010333D0AD}
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
Enabled
All Users
----------------------------------------
Research
Browser Extension
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
Enabled
All Users
----------------------------------------
AIM
Browser Extension
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}
C:\Program Files\AIM\aim.exe
Enabled
All Users
----------------------------------------
Messenger
Browser Extension
{FB5F1910-F110-11D2-BB9E-00C04F795683}
C:\Program Files\Messenger\msmsgs.exe
Enabled
All Users
----------------------------------------
&Address
Toolbar
{01E04581-4EEE-11D0-BFE9-00AA005B4383}
%SystemRoot%\System32\browseui.dll
Enabled
Current User
----------------------------------------
&Links
Toolbar
{0E5CBF21-D15F-11D0-8301-00AA005B4383}
%SystemRoot%\system32\SHELL32.dll
Enabled
Current User
----------------------------------------
Norton AntiVirus
Toolbar
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
c:\Program Files\Norton AntiVirus\NavShExt.dll
Enabled
Current User
----------------------------------------
Norton AntiVirus
Toolbar
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
c:\Program Files\Norton AntiVirus\NavShExt.dll
Enabled
All Users
----------------------------------------
AcroIEHlprObj Class
BHO
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Enabled
All Users
----------------------------------------
BolgerObj Class
BHO
{302A3240-4805-4A34-97D7-1645A0B08410}
C:\WINDOWS\Bolger.dll
Enabled
All Users
----------------------------------------
BHO
{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}
C:\WINDOWS\frennk.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{549B5CA7-4A86-11D7-A4DF-000874180BB3}
(empty)
Enabled
All Users
----------------------------------------
PCTools Site Guard
BHO
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
Enabled
All Users
----------------------------------------
PCTools Browser Monitor
BHO
{B56A7D7D-6927-48C8-A975-17DF180C71AC}
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
Enabled
All Users
----------------------------------------
CNavExtBho Class
BHO
{BDF3E430-B101-42AD-A544-FADC6B084872}
c:\Program Files\Norton AntiVirus\NavShExt.dll
Enabled
All Users
----------------------------------------
(Empty)
BHO
{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}
(empty)
Enabled
All Users
----------------------------------------
&Yahoo! Search
Menu Extension
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
Enabled
Current User
----------------------------------------
E&xport to Microsoft Excel
Menu Extension
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Enabled
Current User
----------------------------------------
Yahoo! &Dictionary
Menu Extension
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Enabled
Current User
----------------------------------------
Yahoo! &Maps
Menu Extension
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Enabled
Current User
----------------------------------------
Yahoo! Pager
Run - Startup
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Enabled
Current User
----------------------------------------
AIM
Run - Startup
C:\Program Files\AIM\aim.exe -cnetwait.odl
Enabled
Current User
----------------------------------------
Weather
Run - Startup
C:\Program Files\AWS\WeatherBug\Weather.exe 1
Enabled
Current User
----------------------------------------
Spyware Doctor
Run - Startup
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Enabled
Current User
----------------------------------------
SunJavaUpdateSched
Run - Startup
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Enabled
All Users
----------------------------------------
hpsysdrv
Run - Startup
c:\windows\system\hpsysdrv.exe
Enabled
All Users
----------------------------------------
HotKeysCmds
Run - Startup
C:\WINDOWS\System32\hkcmd.exe
Enabled
All Users
----------------------------------------
KBD
Run - Startup
C:\HP\KBD\KBD.EXE
Enabled
All Users
----------------------------------------
Recguard
Run - Startup
C:\WINDOWS\SMINST\RECGUARD.EXE
Enabled
All Users
----------------------------------------
VTTimer
Run - Startup
VTTimer.exe
Enabled
All Users
----------------------------------------
ccApp
Run - Startup
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Enabled
All Users
----------------------------------------
AGRSMMSG
Run - Startup
AGRSMMSG.exe
Enabled
All Users
----------------------------------------
PS2
Run - Startup
C:\WINDOWS\system32\ps2.exe
Enabled
All Users
----------------------------------------
iTunesHelper
Run - Startup
C:\Program Files\iTunes\iTunesHelper.exe
Enabled
All Users
----------------------------------------
QuickTime Task
Run - Startup
"C:\Program Files\QuickTime\qttask.exe" -atboottime
Enabled
All Users
----------------------------------------
IgfxTray
Run - Startup
C:\WINDOWS\System32\igfxtray.exe
Enabled
All Users
----------------------------------------
Symantec NetDriver Monitor
Run - Startup
C:\PROGRA~1\SYMNET~1\SNDMon.exe
Enabled
All Users
----------------------------------------
UserFaultCheck
Run - Startup
%systemroot%\system32\dumprep 0 -u
Enabled
All Users
----------------------------------------
rxzgev
Run - Startup
c:\windows\system32\lnmnts.exe
Enabled
All Users
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Mon Apr 11, 2005 7:14 pm Post subject: |
|
|
| Quote: |
BHO
{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}
C:\WINDOWS\frennk.dll
Enabled
All Users
(Empty)
BHO
{549B5CA7-4A86-11D7-A4DF-000874180BB3}
(empty)
Enabled
All Users
(Empty)
BHO
{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}
(empty)
Enabled
All Users |
Right-Click above entries in ToolBarCop and then click "Delete the selected item".
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 7:24 pm Post subject: |
|
|
ok that is done...the one that you told me to delete with the frennk.dll ending..isnt there? i dontknow where it went?
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Mon Apr 11, 2005 7:26 pm Post subject: |
|
|
| Quote: | n/a
Browser Extension
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
blank
Enabled
All Users |
Also delete the above one.
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 7:26 pm Post subject: |
|
|
ok
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 7:30 pm Post subject: |
|
|
i did that and the other one made its way back so i deleted it too
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 7:38 pm Post subject: |
|
|
okay..i have done everything...and Aurora is STILL poping up.
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Mon Apr 11, 2005 7:44 pm Post subject: |
|
|
Do you get any error messages? Did installed any programs/softwares recently?
Also, install SpywareBlaster and click "Enable all protection".
http://www.javacoolsoftware.com/spywareblaster.html
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
rosemondam
Trooper
Joined: Feb 24, 2005
Posts: 10
Location: USA
|
| Posted: Mon Apr 11, 2005 8:09 pm Post subject: |
|
|
i installed that. and the answer to you first two questions are no.
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Mon Apr 11, 2005 8:17 pm Post subject: |
|
|
From when did this problem started? Which Operating System you are using? and how did you came to know the name "Aurora"?
Do you have any ScreenSaver named Aurora?
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
