P
plun
Official release, cleaner for Aurora and VX2 infections,
http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
A
AndyManchesta
Thanks for the news Plun !!
One less piece of junk to worry about for now anyway till
they change things again
Regards Andy
One less piece of junk to worry about for now anyway till
they change things again
Regards Andy
A
AndyManchesta
Just checked this and its still killing Aurora, Its abit
different to the beta one I posted, the messages are
clearer to understand now and its 200kb larger in size.
It still leaves the temp files and the 2 files in the
windows folder though
C:\WINDOWS\ffsnvqmgpiy.exe
C:\WINDOWS\rramcx.exe
But they are not active so they can be removed easily and
the temp files can be removed manually or with Ccleaner
Nice to finally have a easy fix for this
Andy
different to the beta one I posted, the messages are
clearer to understand now and its 200kb larger in size.
It still leaves the temp files and the 2 files in the
windows folder though
C:\WINDOWS\ffsnvqmgpiy.exe
C:\WINDOWS\rramcx.exe
But they are not active so they can be removed easily and
the temp files can be removed manually or with Ccleaner
Nice to finally have a easy fix for this
Andy
P
plun
Hi Andy
I want to test it myself, everything from
abetterinternet is Ceres infections, Free Phone, Mahjong
etc and where can I find a real Aurora download to test with ?
I want to test it myself, everything from
abetterinternet is Ceres infections, Free Phone, Mahjong
etc and where can I find a real Aurora download to test with ?
A
AndyManchesta
Is that your real email address there Plun if not email
me at my address with your email.
I dont want to post it on here but if you get the
downloads of thier site including Freephone you will
probably be infected with Ceres,
I know a few links that download the full package of junk
like Aurora.trojans,elite,sah agent,Qoologic etc.. all
without EULA's, You remember that list I posted last time
I was testing Spybot & Aurora so will not post them
either
I have the download address which will just give you
Freephone and Aurora so then Freephone can be uninstalled
using the add/remove screen and Adaware's Cleaner takes
care of Aurora
Im testing things myself here and MSAS is useless with
Aurora it detects drpmon.dll and says it cleans it but
its there the next time you scan also the same happening
with Aproposmedia and Qoologic plus the Navidad worm
detection MSAS gives isnt the worm at all its a trojan
downloader but hopefully they can get some updates soon,
I can give the link to just Aurora & Freephone and then
the cleaner from Adaware will take care of it if you want
but dont forget to remove them 2 files I posted and clear
the prefetch and temp folders after you finish
Let me know if you want the link sending to you via email
or any help with the clean up
Andy
me at my address with your email.
I dont want to post it on here but if you get the
downloads of thier site including Freephone you will
probably be infected with Ceres,
I know a few links that download the full package of junk
like Aurora.trojans,elite,sah agent,Qoologic etc.. all
without EULA's, You remember that list I posted last time
I was testing Spybot & Aurora so will not post them
either
I have the download address which will just give you
Freephone and Aurora so then Freephone can be uninstalled
using the add/remove screen and Adaware's Cleaner takes
care of Aurora
Im testing things myself here and MSAS is useless with
Aurora it detects drpmon.dll and says it cleans it but
its there the next time you scan also the same happening
with Aproposmedia and Qoologic plus the Navidad worm
detection MSAS gives isnt the worm at all its a trojan
downloader but hopefully they can get some updates soon,
I can give the link to just Aurora & Freephone and then
the cleaner from Adaware will take care of it if you want
but dont forget to remove them 2 files I posted and clear
the prefetch and temp folders after you finish
Let me know if you want the link sending to you via email
or any help with the clean up
Andy
P
plun
Hi Andy
Send it to me
Send it to me
A
AndyManchesta
Sent !
Let us know how you get on Plun
Andy
Let us know how you get on Plun
Andy
B
Bill Sanderson
Maybe you should write to the president of the company and ask why his
product is not more easily available?
--
product is not more easily available?
--
P
plun
Hi Bill
It seems to be avvailable (a lot) but not within sites i visit
It seems to be avvailable (a lot) but not within sites i visit
P
plun
AndyManchesta explained :
Hi Andy
Thank you for your mail.
This was indeed fun TrendMicro was most difficult to overcame !
It detects Nail.exe and quarantine it directly.
Story with some screen dumps:
http://hem.bredband.net/b288305/aurora.htm
And as you have mentioned before what is MSAS doing ? Lavasofts
VX2 cleaner removes this pest great and also some more abetterinternet
junk !
Sent !
Let us know how you get on Plun
Andy
Hi Andy
Thank you for your mail.
This was indeed fun
TrendMicro was most difficult to overcame !It detects Nail.exe and quarantine it directly.
Story with some screen dumps:
http://hem.bredband.net/b288305/aurora.htm
And as you have mentioned before what is MSAS doing ? Lavasofts
VX2 cleaner removes this pest great and also some more abetterinternet
junk !
A
AndyManchesta
Hey Plun !
Thats excellent, Thanks for uploading the screenshots.Its
also great to hear you didnt have any problems
Its good to see Trend is also blocking Nail. MSAS is in
serious need of a update in my view even though it gives
them detections if you remove them and reboot and scan
again it will detect the same ones, This changed weeks
ago in July so why have they not updated this yet. Its
not just missing Nail & Svcproc it misses the random
named file and alot of registry entries plus them other 2
files I listed,
I think Its starting to fall behind, Alot of beta users
cannot help them out because the send spyware reports
gives a proxy error even though in my case there is no
proxy settings in place and it doesnt have a problem
getting updates.
Its tagging things as worms which are not worms although
it was a trojan downloader the thought of the navidad
worm damaging the system and spreading through networks
causes alot more concern than is needed for a simple
trojan downloader.
Unclassified spyware 61 on the tests Ive done is just
PacerDmedia and most parts of this are not even detected
such as the initial infectant called wmplayer.exe.tmp,
Aproposmedia isnt fully removed by MSAS niether is
Qoologic/SAH Agent or Elitebar. This is only a small
example which I found earlier today when testing and if I
can find all this info within 1 hour why isnt the MS team
up to date on this ?
Hopefully with posts like this they will recheck the
definitions soon and make the fixes hold, I can post full
info of what is being missed from the testing and what
the navidad worm really is if its needed. Id like to help
the MS team out in the same way I do for ewido and
lavasoft by sending them the suspect files but I cannot
do this for MSAS the reports do not work plus there is no
upload site for suspect files like the other two sites
which is fine if they have the definitions in place
already but from what Im seeing its having some problems
recently.
They deserve credit for all they have achieved since the
beginning of the the year but they also need to keep up
with the junk to be effective and worth recommending to
other users.Keep Up the good work MS and help us all put
a end to this junk !
Andy
Thats excellent, Thanks for uploading the screenshots.Its
also great to hear you didnt have any problems
Its good to see Trend is also blocking Nail. MSAS is in
serious need of a update in my view even though it gives
them detections if you remove them and reboot and scan
again it will detect the same ones, This changed weeks
ago in July so why have they not updated this yet. Its
not just missing Nail & Svcproc it misses the random
named file and alot of registry entries plus them other 2
files I listed,
I think Its starting to fall behind, Alot of beta users
cannot help them out because the send spyware reports
gives a proxy error even though in my case there is no
proxy settings in place and it doesnt have a problem
getting updates.
Its tagging things as worms which are not worms although
it was a trojan downloader the thought of the navidad
worm damaging the system and spreading through networks
causes alot more concern than is needed for a simple
trojan downloader.
Unclassified spyware 61 on the tests Ive done is just
PacerDmedia and most parts of this are not even detected
such as the initial infectant called wmplayer.exe.tmp,
Aproposmedia isnt fully removed by MSAS niether is
Qoologic/SAH Agent or Elitebar. This is only a small
example which I found earlier today when testing and if I
can find all this info within 1 hour why isnt the MS team
up to date on this ?
Hopefully with posts like this they will recheck the
definitions soon and make the fixes hold, I can post full
info of what is being missed from the testing and what
the navidad worm really is if its needed. Id like to help
the MS team out in the same way I do for ewido and
lavasoft by sending them the suspect files but I cannot
do this for MSAS the reports do not work plus there is no
upload site for suspect files like the other two sites
which is fine if they have the definitions in place
already but from what Im seeing its having some problems
recently.
They deserve credit for all they have achieved since the
beginning of the the year but they also need to keep up
with the junk to be effective and worth recommending to
other users.Keep Up the good work MS and help us all put
a end to this junk !
Andy