|
Aroura virus problem hijack-logfile posted help!!!!
|
|
Member
|
12. June 2005 @ 14:12 |
Link to this message
|
|
|
Advertisement
|
 |
|
|
|
rottingkd
Junior Member
|
12. June 2005 @ 15:02 |
Link to this message
|
|
ok I ran both programs, i keep getting those options I posted erlier. the Nail.exe is still in my C:\windows. i think Im just gonna have to format my drive! I give uP :( thanks for all your help....... and all your attepts.
|
Member
|
12. June 2005 @ 15:09 |
Link to this message
|
|
I forgot to have you do this, uncheck Nail from Startup (you should see Nail in the Startup tab when you go Start-Run-type "MSCONFIG" and go to the tab and unselect Nail). Then restart computer in safe mode and run AntiVir Xp.
This message has been edited since posting. Last time this message was edited on 12. June 2005 @ 15:17
|
|
ddp
Moderator
|
12. June 2005 @ 16:04 |
Link to this message
|
|
did you do this as i stated in my 1st post "than still in safemode go thru windows explorer to delete those files in these locations: C:\WINDOWS\Nail.exe &c:\windows\SvcProc.exe
check msconfig/system.ini & msconfig/startup that the 2 files are gone."
|
|
rottingkd
Junior Member
|
12. June 2005 @ 16:39 |
Link to this message
|
|
yes ddp I did as you said, delete both .Nail&Svcproc in safe mode but Nail kept appearing back. Im gonna try running antivir in safe mode see what happends.. thanks
|
Senior Member
1 product review
|
12. June 2005 @ 17:16 |
Link to this message
|
|
I can safely tell you that anti Virus will not pick this up. Microsoft anti-spy tries but is unable to. It will remove the affected REG entries but they show back up 10 seconds after doing so. Any correct solution to this will have to be done in safe mode. The REG entries will show back up even in safe mode. I think I had to go into Safe mode ADMIN for this one. Trying in normal mode will be like shooting yourself in the foot. I will look around and find the article that helped me I may have missed a step. Will post back when I find something.
-Del
|
Senior Member
|
12. June 2005 @ 17:33 |
Link to this message
|
|
Make a batch file with the information from the other site I gave you.You will probably have a better chance manually deleting it in command prompt.
...........................:SiG cReAtEd By Phantom69:............................ |
Senior Member
1 product review
|
12. June 2005 @ 17:33 |
Link to this message
|
OK Got something that may help. I hope anyway. Go here http://www.p2p-zone.com/underground/showthread.php?t=21601 .
Pay no attention to the very last 2 posts. They are bots and show up in many forums on this topic. Their wording is always exactly the same but the names are different. The link they give takes you to the place that created Aurora. There is a file there that claims to remove it. It will not. In fact it may make things worse.
-Del
|
Senior Member
|
12. June 2005 @ 17:43 |
Link to this message
|
Here try this out this a batch file I made that will remove the virus for you http://s49.yousendit.com/d.aspx?id=0EICW965Q1VB92GRE1VJSKV7B9 .All you have to do is boot up in safe mode then run the batch file.The reason the virus keeps duplicating is becuase you are not completely deleting the virus.You are missing a part of the virus which makes it keep duplicating over again.
...........................:SiG cReAtEd By Phantom69:............................
This message has been edited since posting. Last time this message was edited on 12. June 2005 @ 17:56
|
Senior Member
|
12. June 2005 @ 18:05 |
Link to this message
|
|
Oh and rottingkd ignore Mr_Del,this person talks of nonesense.You would be more likely to get a virus from a P2P forum than you would a virus removal site that is dedicated to removing viruses.Yeah I know I might sound like an arse,but trust me Del he is better off checking out the other sites earlier on this page man.
...........................:SiG cReAtEd By Phantom69:............................
This message has been edited since posting. Last time this message was edited on 12. June 2005 @ 18:21
|
Senior Member
1 product review
|
12. June 2005 @ 18:31 |
Link to this message
|
|
On the same note your are even more likely to get a virus from an individual.
-Del
|
Senior Member
|
12. June 2005 @ 18:38 |
Link to this message
|
|
True,but I'm not going to give him a virus they are pointless.Whoever made them should be hunted down and killed for even making them so popular.
...........................:SiG cReAtEd By Phantom69:............................
|
Senior Member
|
12. June 2005 @ 18:40 |
Link to this message
|
|
Oh and if I did put a virus on the file,don't you think it would be bigger than 4KB.Think about this viruses are small,but not that small.They normally average out to 100KB,so whatever man.
...........................:SiG cReAtEd By Phantom69:............................
This message has been edited since posting. Last time this message was edited on 12. June 2005 @ 18:44
|
Senior Member
|
12. June 2005 @ 18:48 |
Link to this message
|
|
Besides even you said the P2P forum you gave to him has 2 bots that direct people to the cause of the virus.That doesn't seem like a very reliable source to be honest,for all we know it could direct him right back to the virus.
...........................:SiG cReAtEd By Phantom69:............................
|
Senior Member
|
12. June 2005 @ 19:02 |
Link to this message
|
If I offended you then my bad alright,just under the weather today and am feeling cranky is all. 
...........................:SiG cReAtEd By Phantom69:............................
|
|
rottingkd
Junior Member
|
12. June 2005 @ 19:12 |
Link to this message
|
|
L buran just tried your file, and I guess I have the mother of AURORAS. didn't work. thanks though. I guess I'll take Jizmaks advise and just reformat the drive! thank you all for trying.
|
|
Advertisement
|
|
|
Senior Member
1 product review
|
12. June 2005 @ 20:22 |
Link to this message
|
If you have not already re-formatted your HDD I found what I missed. I did miss a step in my initial instructions. You need to get a program called Killbox. http://www.bleepingcomputer.com/files/spyware/KillBox.zip .
Follow all the steps above but first install the Ewido and update it fully. Now back in safe mode run Adaware and Spybot. Run that .REG file I posted. Run Hijackthis the same way I first mentioned. Run Ewido delete all it finds. Finally run Killbox. Delete all it finds.
On your next boot of Windows you may get an alert by Ewido that something is trying to load when you start IE. Block it and you no longer need Ewido unless you like it. These are the exact steps I did on the very system I am typing on and auroura is gone. In fact this computer has no virus protection on it. This is done intentionally. Just call it my guinea pig computer. Nothing important on it.
So there you have it, Sorry I forgot that step but now you know and hopefully not to late. BTW you could write a REG file under 3K with damaging entries. The victim runs the files then it is just as effective as a virus. So they can come in any file size. I am editing my previous post to remove that link. Turns out that information is Verbatim on many sites with this topic. I assure you that the REG file I posted will not damage your system. You ran it once already and it hurt nothing.
-Del
|
