Bolger.dll & Aurora.exe

This new transponder variant includes a replacement to their buddy.exe called Bolger.dll. I have read in several security forums that they are foisting this variant being bundled by isearch and using CWS exploits sites to install in stealth.

Files installed with this variant include: Poller.exe, uacupg.exe, Nail.exe, thnall1ac.html, DrPMon.dll, svcproc.exe. The svcproc.exe does not like to be stopped without a court order. This deviant seems to be showing up everywhere in HijackThis logs around the security forum community.

As such I thought our members here might want to read up on this.

Read here: http://www.webhelper4u.com/index.html

DickT - Just the Facts

"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Hi,

From the research I have done here is what I found out:

Bolger.dll
This is a file that increases pop-ups on your computer. It seems as though it can be delete by Ad-Aware SE Personal, Spyware Blaster, or possibly Spybot Search and Destroy v1.3. Therefor I would suggest trying to run those files and see if it gets rid of them. If it does not, please post back and I can show you a way to do it manually.

Aurora.exe
This seems to be a legit file. This file was downloaded by someone using your computer. It does something with screensavers. I am thinking maybe it is a screen saver package that gives you additional screen savers. I went to the main site, and for the descripion of the file it said "Geometrical colour effects inspired by the northern lights." This led me to the fact that it is a single screen saver someone downloaded. But it seems legit.

Regards,
eXCeLeNCe

_________________
Regards,

1) Spyware Blaster Will not remove anything as it is oot a scanning program.

2) Did you visit the link and see what Webhelper had to say about aurora.exe? If not,

_________________
MS MVP Security 2006-2008

eXCeLeNCe said:

I'm not as computer sophisticated as other posters, but I am currently plagued by bolger.dll and aurora and don't know how to get rid of them (or if they are connected).

My virus scanner, avast, finds the bolger.dll virus every time I open a web browser. I "move to chest" each time, but it continually comes back. The result of the bolger.dll, I think, is that I am constantly getting pop-up windows with "Aurora" as the source.

Can anyone explain what I need to do to make this problem go away? Delete certain files? Anything???

Thanks.

One other simple question that probably everyone on this site can answer. When I do a virus scan, there are tens of thousands of temporary internet files that are scanned. When I go into My Computer to find those files and delete them, I can't see them. When I go to Internet Options and delete temporary files, that doesn't work either. I have 100,000 files on my computer - and it seems 60,000 are temporary internet files. How do I get rid of them - I certainly don't need them.

Thanks very much.

You cannot just delete these files. This infection is a bad one to fix even for the experts. Post a log in the Hijackthis Forum located here:
/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Prior to posting that log, please read "Hijackthis Guidelines Read Before Posting" and follow all instructions. The link is here:
/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

As for your temp files, run Disk Cleanup and make sure all the boxes are checked first. Go to Start > Run and type: "cleanmgr" [without the quotes]. Let it scan your system for files to remove.

I also recommend that you download and install CCleaner from here: http://www.ccleaner.com/

1. Run CCleaner using it's default setting's.
2. A pop up box will appear advising this process will permanently delete files from your system.
3. Click OK and it will scan and clean your system.

DickT - Just the Facts

"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Thanks very much. I will do as you instruct.