Abetterinternet

  • Thread starter Thread starter GEF
  • Start date Start date
G

GEF

Can anyone tell me how to get rid of the abetterinternet
spyware. I keep removing it and it just comes back.

I really appreciate it

GEF
 
Hello Gef,

I quote Andy Manchesta,


The ABI remover will fail on Aurora you will need to use
Nailfix then Ccleaner and Adaware SE to clean up.


Save Nailfix to desktop.


http://www.noidea.us/easyfile/file.php?
download=20050515010747824

or :

http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix


Download Adaware SE and get all updates :

http://www.download.com/3000-2144-10045910.html


Download Ccleaner:

http://download.ccleaner.com/download119bin.asp



Reboot into Safe Mode by hitting the F8 key repeatedly
until a menu shows up (and choose Safe Mode from the
list).

Once in Safe Mode,double-click on nailfix.bat. Your
desktop and icons will disappear and reappear, and a
window should open and close very quickly thats then
finished.

Run Adaware SE on a full system scan and remove anything
found

Run Ccleaner on all 3 settings (windows , applications &
issues ) and remove anything found.

Reboot and all should be fixed ,You may need to flush
your system restore if Aurora has entries in there , when
i tested Aurora last it left DrPmon.dll & Bolger.dll in
my restore area.

To reset the system restore goto start > then right click
my computer > goto properties > then system restore >
check the box ' turn off system restore ' then press
apply and exit, reboot . Go back to system restore and
uncheck the box ' turn off system restore ' then press
apply


Also clear your prefetch folder to remove any
thnall1ac.html. files

goto start then run and type

prefetch

check for any files named thnall1ac and remove if found
you can delete all the contents of this folder if you are
unsure as any genuine programs will use it again when its
needed .


Regards >*< TOM >*<



GEF schreef:
 
Hi Tom

There's now a new version of Nailfix available if this is
Aurora related, Also when I said It left files in the
restore area I said It the wrong way, The restore can be
infected if your system has saved a restore point since
you had Aurora on your system,

Here's a updated fix if needed.


Here's a fix for Aurora:

It might help if you copy these instructions to notepad
and save it on your desktop as you may not be able to
access this site while you are running the fixes.


Download these programs first :


Download the new version of NailFix (From racooper)
---------------------------------------------------

http://xsorbit26.com/users5/andymanchesta/index.php?
action=dlattach;topic=3719.0;id=310

save to desktop or c:/drive , DO NOT run it yet


Ewido Security Suite :
----------------------
Please download, install, and update the free version of
Ewido trojan scanner:

http://www.ewido.net/en/download/

When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

From the main ewido screen, click on update in the left
menu, then click the Start update button.

After the update finishes (the status bar at the bottom
will display "Update successful")

Exit Ewido. DO NOT scan yet.


Download Ccleaner
------------------
http://www.ccleaner.com/ccdownload.asp

Download and install, but do not run it yet.



Next Step is to boot into safe mode :
------------------------------------

Reboot into Safe Mode.

Restart your computer and keep tapping the F8 key on your
keyboard.

When you see the option screen, then choose safe mode
from the list,


Once in Safe Mode,

please double-click on nailfix.exe. Click "Next" in the
setup, then make sure "Run Nailfix" is checked and
click "Finish". Your desktop and icons will disappear and
reappear, and a window should open and close very
quickly --- this is normal.



Next, Run Ewido.

Click on the Scanner button in the left menu, then click
on Complete System Scan. This scan can take quite a while
to run.

If ewido finds anything, it will pop up a notification.
If its clearly described as malware(Trojan,Spyware etc..)
have ewido remove the entry,

When the scan finishes, click on "Save Report". This will
create a text file. Save to desktop incase its needed
later.

When ewido has finished, next clear the prefetch folder

goto start menu then run and type :

prefetch

delete the contents of this folder (left click and
highlight the files by holding the left mouse button and
covering all the files,then right click and choose delete)

Next run Ccleaner and choose 'Run Cleaner' run it twice
to make sure its clear,then use the 'issues' button and
scan for errors,Fix any that are detected.

Reboot and see hows things look if you are clean you will
need to clear the system restore incase any restore
points have been made since you were infected,Post back
if you need help on that.

If you have any problems just let us know,If this isnt
Aurora then reply with any filenames that are detected
then it will be easier to see what variant you have,

Regards

Andy
 
It will not touch Aurora though it misses the random file
in the system folder so then it regenerates when they
reboot

Maybe worth a try though
 
You can try to use MSAS in Safe Mode (F8 before Windows
screen on boot/reboot) and remove it. Now go to
c:\windows\prefetch and delete any files there that
contain abetterinternet in the filename.

Alan
 
Back
Top