Windows XP: Help!!! I'm being attacked with zombie adware!
Adware keeps POPPING
by golf club - 5/13/05 8:46 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseGuess i'm message number 26. I found that selecting the question mark at top of screen takes you to a download that will get rid of these popups. It worked great for me......Mel
try spybot
by ant1 - 5/13/05 9:09 AM In reply to: Adware keeps POPPING by golf clubhad the same problem, spybot removed it
Where is this "question mark" ?
by iiisoblue - 6/15/05 12:23 PM In reply to: Adware keeps POPPING by golf clubWhere is this "question mark" at the top of the screen that you are talking about? From a newbie.
Do this.
by nothing - 5/13/05 9:11 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseGo to the following URL and read it. Then do what it says. You can get all the help you need by typing "aurora+adware" into the Google search.
safe mode
by solson - 5/13/05 9:39 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseI had similar adware on a machine. I had to turn off system restore, and reboot in safe mode. Run the virus and spyware program in safe mode, then reboot. You may have to go directly into the system folder to ger rid of the offending file.
re "Aurora"
by avenger69 - 5/13/05 11:29 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheesehi, i had the same problem. you cannot remove it until you goto the aurora web site and download the removal program. its the only way to remove it unless you want to reinstall xp, as i have tried every way i could think of to remove it. hope this helps.
Aurora
by grysmoke - 5/13/05 1:57 PM In reply to: re "Aurora" by avenger69My wifes machine had this very same problem.I was even in the registry deleting the key and everything pertaining to it but it just kept coming back.I didn't trust Auroras uninstall program,after all they stuck that spyware on her system to begin with.I backed her stuff up on and reformatted and reintsalled everything.As soon as I had her connected to the net I installed Microsofts beta AntiSpyware program and we have'nt seen it since.Speaking of Micosoft Antispyware,it works great on our machines but you really need to install it on a spyware free machine.There were several spyware programs in her WINNT 32 system folder and although it would remove them,like Aurora they would keep coming back.
Grysmoke
this is a risky but sure way out
by sai1ram - 5/14/05 10:48 PM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheesehi,
have u ever tried fiddling around with your registry? this is a risky method but 1 helluva sure way to delete adwares/spywares. but if you are novice dont try this. but since u can identify processes in your task manager i trust u would have sufficient guts/brains to fiddle with registry.
first, before even u think of opening up the registry, please use the system restore for backup. this is very important! then go to RUN in Windows Start popup n type "regedit"
the registry opens up. then u shud go to HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->Current Version->Run tab. Here, u shud see only one entry : {default} with value : {no value set}". If this is only present ur system is absolutely fine. but here u shud be seeing a lot of entries which are all spyware n adware. These really slow up ur comp n in time u might not be able to load ur webpages at all. So, start deleting these other entries. These spyware writers cleverly embed these spywares in ur registry, so that they will replicate n b created again evenif u delete these programs physically from ur files n windows folder.
Well, what could be worse, these spyware writers dulicate these entries in more than 1 place in registry, so even the deleted registry entry is written again! so, use the search utility in registry 'Edit' dropdown menu, search for the registry entry in ur entire registry. Delete them one by one immedeatly.
But, one must be very careful when playing with the registry. the spyware writers are intelligent enough to disguise these entries by giving them a name similar to windows processes, so be careful n choosy when u start deleting registry entries.
some entries will be very authentic like mcafeshield.exe, look there is only one 'E'in mcafee! this is a small example of how intelligent these spyware writers are!
If possible try consulting another geek nearby who has experience of working with registry. Dont forget that backup first, though! in case anything goes wrong, please run the system restore utility.
WORD OF CAUTION!!! Dont blame me if you have deleted wrong entries n ur OS flunks out. I will not be responsible for that! please be careful.I have enough experience of working in the registry n have had sucesses with this method. Infact, this is the only way i clean my computer.None of the anti-spyware, anti-adware in the net are gud enough n infact, they themselves are indirect spware which collects information from ur computer. Please be aware if these problems when u download n install anti-spyware from the net.
Happy Computing!
Please mail me if ths is sucessful.
hope i was helpful.
bye
aurora bug.
by shirlntj - 5/15/05 11:43 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseI have found that when you load XP SP2, there is a critical security update that does not always load.I had to go to windows update site. In search type in 888113 and follow instructions. Within this update is a new windows scan and removal tool. You might have luck using this new tool to find and quarantine the offending ''aurora'' bug.
Good luck
Reply To- Help!!! I'm being attacked with zombie adware!
by UniLuvr - 5/15/05 12:21 PM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseHi I have found that not any one tool seems to do the trick, I use 3 tools that just happen to be free. First one is PopUp Stopper Free Edition, second I use Ad-Aware SE Personal Edition and last but not least I use AVG Anti Virus Free Edition, and between the 3 of these free tools I keep my PC in good running condition, I hope this information has helped. Good Luck!
zombie adware
by Maynarddad - 5/15/05 4:49 PM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseTry going to microsoft's download site and download Antispyware Beta and see if that takes care of your problem
(NT) Aurora,
by ragent - 5/15/05 5:31 PM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseThis is part of a program called betterinternet, very nasty it is protected by a file called delprot and is loaded usually by system.ini loading a file called NAIL.EXE
if you delete registry entries or files they are either rewritten or regenerated,
Go into safe mode and go start run regedit, make a back up from the registry menu.. Exportregistry all it regbkup or similar saves it to my documents so if you screw up you can double clik this file and it puts the registry back together.
OK delete the key HKLM\SYSTEM\CurrentControlSet\Services\delprot from the lefthand pane
look in HKLM\software\microsoft\windows\current version\run and all the runs like run services etc
for ffsearch.exe desktop.exe nail.exe remove keys
look for files in windows/isrvs nail.exe desktop.exe ffsearch.exe and delprot.sys and delete
then kill process via task manager Nail.exe and remove from startmenu/programs/startup
maybe if you are cluey eneough edit the system.ini file to take out the reference to nail.exe
ray
Another Aurora Uninstaller
by billzhills - 5/21/05 5:08 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseRan into this nasty yesterday. Used all the proceedures listed here plus a few of my own with no joy. Finally found this Beta removal tool at http://forum.hijackthis.de/showthread.php?t=3172
Scroll to bottom of page click on link to ABIRemover. (German?). Application gives the impression that it is installing to Windows. Do not expect to find any install/uninstall locations or the ability to run the application as the remover actually installs and runs. Post Spyware scans and reboots found no traces of Aurora.
Another dagger in P2P networking....
Client uses BitTorrent, installed application called ABC which installed Aurora.
Bill
.
Backup must be mentioned
by tlmurray - 5/24/05 8:03 AM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseI have not read all posts, but I think one topic must be mentioned: backup.
I have two partitions, a C and a D. I keep all my applications on C and my work files on D, and it makes for a swift recovery. Having files on D makes for quick backup, as I don't care about backing up applications.
My wife, even though protected with all sorts of products, got conned via "you need to to install this" dialogs into installing some major junk. It was so bad that I weighed spending a day cleaning (and perhaps not even then being 100% successful) against a few hours reinstalling Windows, and I took the latter. You see, by having her docs and things on D, I could comfortably and quickly format C from scratch. Drive D, of course, still needed to be examined, but scanning a drive with nothing but things like Word docs is a lot faster and thorough than scanning Windows and applications.
Help!!! I'm being attacked with zombie adware!
by jevenew - 5/29/05 6:22 PM In reply to: Help!!! I'm being attacked with zombie adware! by IndianCheeseJumping in late here, but I haven't read anything about trying to remove this thing in "SAFE MODE". AdAware finds and removes very stubborn software better in "SafeMode", when there is less chance the gatekeeper of the malware is awake. LOL
I have used this method before when the professional AdAware wouldn't remove something in normal mode.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
