DrPMON

[Alessandro Cristo]

I found a ad/spyware on my computer last nigh and it's
name was related to DrPMON, anyone here have heard about
it ? since I got no mention about it on any other place...
Neither spybot or pestpatrol found it, but ms Antispyware
did.

 

[Bill Sanderson]

Are you seeing popups labelled Aurora?

http://castlecops.com/postp532984.html

Was cleaning successful? I've seen reports of this being detected, but not
cleaned. I'd recommend scanning and cleaning in safe mode as a first thing
to try.

 

[Alessandro Cristo]

yes indeed, it was the one which got them out of my
machine, at least until now i got no other problem...

I'm not sure about the aurora's labels... I use to keep my
machine very well protect, so asap i notice the problem I
use to take actions.

I was looking for another problem that kept starting a
task with randomics names like squupw.exe or naqiww.exe or
any other kind of names ( these aren't the names i found
don't try to look after it) after kill the task on the
task manager another one was started untill i got the last
one blocked with my firewall program (it block a task to
be created). So then I started looking after this
virus /ad /spy ware thing, but no references were found on
GL00GLE, neither on symantec, mcafee or trend. my
antivirus didn't detect any virus, and my spywares
reported me that my machine was clean. Only MS Antispyware
found this Aurora /MrDPMon things, but i'm not sure it was
the previus problem i had.
Thank anyway

Alessandro.

 

[Bill Sanderson]

Yes--aurora is the task which is creating the randomly named processes.

As I understand it, the current definition set - 5717 for Microsoft
Antispyware should detect Aurora, but it isn't clear whether it can clean
it. If it can, I would not be surprised if it required booting to safe mode
to do it.

Otherwise--look in these groups for references to Aurora, nail.exe, and
Bolger for more current information about how to clean this--I believe there
are specialized tools available now.

Here's one post from Ron Kinner about this bug, and how to deal with it:
------------------------
Just successfully removed two nail.exe infections today
with the procedure at:

http://forum.hijackthis.de/showthread.php?t=3172

The ABIRemover.exe is a miracle worker!

Ron

 

[Radardan]

Yes

Other files associated this this vicious threat are
Nail.exe
svcproc.exe
and files created with random lower case alpha chacters
such as "dvfsdf.exe"

You may also see a Program in Add/remove programs called A
Better Internet which is this threat.

There is also a process which must be killed called System
Startup Process.

MSAS now catches IEPlugin which is part of this threat.

I can verify that ABIRemover.exe is the only thing that
has helped me.