| View Question |
|
|
 | ||
|
| Subject:
Need help in removing Aurora
Category: Computers > Operating Systems Asked by: howell661-ga List Price: $5.00 |
Posted:
05 May 2005 16:58 PDT
Expires: 04 Jun 2005 16:58 PDT Question ID: 518271 |
I have tried following instructions for removing Aurora. Can't seem to get rid of it. Here is the logfile: Logfile of HijackThis v1.99.1 Scan saved at 7:41:48 PM, on 5/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\NMSSvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\GDSys\gdmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe c:\windows\system32\taqrho.exe C:\Documents and Settings\Owner\Desktop\Spyware Removers\Spyware\Hijack This update\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/ F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [GDMgr] C:\WINDOWS\system32\GDSys\gdmgr.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [pmlfxep] c:\windows\system32\taqrho.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
| ||
|
| Subject:
Re: Need help in removing Aurora
Answered By: livioflores-ga on 05 May 2005 22:19 PDT Rated:  |
Hi howell661!! It is not only Aurora in your system!! Please do the following: Download and install Ewido Security Suite which you can download and try for free: (do not use it yet) http://www.ewido.net/en/download/ Go to myPCtuneup.com to download the Aurora uninstaller and follow the instructions: http://www.mypctuneup.com/evaluate.php?b=aurora Use the Ctrl+Alt+Del keystroke to run the Task Manager and stop the following process: c:\windows\system32\taqrho.exe Close all the opened browser instances, run HJT and check to fix the following items if they are still present in the list: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\system32\rsyncmon.dll O4 - HKLM\..\Run: [RSync] C:\WINDOWS\system32\netsync.exe O4 - HKLM\..\Run: [pmlfxep] c:\windows\system32\taqrho.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe Try to delete the files: (do not worry if you canīt) c:\windows\system32\taqrho.exe C:\WINDOWS\Nail.exe C:\WINDOWS\system32\rsyncmon.dll C:\WINDOWS\system32\netsync.exe C:\WINDOWS\svcproc.exe Reboot in safe mode and run Ewido, then try again to delete the files that you cannot before if they are still present in your computer. Reboot in normal mode and post a new HJT log to see the results, at this point your computer must be clean. For instructions on how to reboot in safe mode: "Starting your computer in Safe mode": http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam To use the Task Manager: "Windows XP Task Manager": http://www.wown.info/j_helmig/wxptskmg.htm I hope that this helps you to clean your computer. Remember that this answer is not ended until you feel satisfied with it, so if the above procedures fails use the clarification feature to get further assistance, I will be glad to continue assisting you until your computer will be as clean as possible. Regards. livioflores-ga | |
| |
| |
howell661-ga
rated this answer:
Great answer. Very helpful especially hwere the person looked at my individual log. |
| ||
|
| Subject:
Re: Need help in removing Aurora
From: bozo99-ga on 05 May 2005 19:33 PDT |
the "computers -> security" section has several answers involving this |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
| Search Google Answers for |
| Google Home - Answers FAQ - Terms of Service - Privacy Policy |