AURORA

  • Thread starter Thread starter jaybe
  • Start date Start date
J

jaybe

This past week, I began to get this miserable popup named
"Aurora." Neither the MSFT Antispyware program,
Earthlink,nor Spyware Sstormer are able to pick this up. I
wrote to MSFT 2 days ago, and never received a reply. Does
anyone know about this?
 
This is the latest VX2 variant. There are different versions of it, I
suspect, because some seem to use random naming structures, while others
have recognizable names.

Keywords to look for: Aurora, nail.exe, aureco

This is a three-part critter, and at least one of the parts is active even
in safe mode. There's a pretty good thread in Announcements, and I suspect
Ron Kinner has dealt with a few of these at this point. I don't know
whether killbox is sufficient to handle it--I used the Recovery console on
the one I met.
 
-----Original Message-----
This past week, I began to get this miserable popup named
"Aurora." Neither the MSFT Antispyware program,
Earthlink,nor Spyware Sstormer are able to pick this up. I
wrote to MSFT 2 days ago, and never received a reply. Does
anyone know about this?
.
Click to expand...
 
-----Original Message-----
This past week, I began to get this miserable popup named
"Aurora." Neither the MSFT Antispyware program,
Earthlink,nor Spyware Sstormer are able to pick this up. I
wrote to MSFT 2 days ago, and never received a reply. Does
anyone know about this?
.
I have been having the same problem for several weeks
Click to expand...
now. I specifically downloaded the Microsoft Antispyware
Beta because someone at AOL told me it would catch
Aurora, also sometimes called "Buddy". I have several
other antispyware programs running, and none of them have
gotten rid of it - can someone here please help?
 
Hi Mom,
Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files* C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize.

Ron Chamberlin
MS-MVP



*The .tif are Temporary Internet Files, and are stored in a different barn
than 'normal' temp files.
Here's how I kludge thru to them: Open Windows Explorer--->C:\Documents and
Settings. Then it's to the Tool Bar--->Folder Options--->View--->Hidden
Files and Folders and check the box "Show hidden files and folders" > Now
expand C:\Documents and Settings and under each user you will now see a
folder "Local Settings". Open that puppy and choose Temporary Internet
Files. I am not concerned about the cookies therein, but everything else
can go for now.
 
Yes - it's awful and I wish MS would address it as it's
their security holes that let it in. Nasty malware that i
finally removed using 5 different spyware removal tools.
The one that finally took it off was ewido, but I'd
recommend you google search everything you can about this
before using anything.
 
Back
Top