|
Aroura virus problem hijack-logfile posted help!!!! Part II
|
|
|
rottingkd
Junior Member
|
9. July 2005 @ 02:32 |
Link to this message
|
|
Ok, after all my (our) attempts to try to get rid of this pest, I finally had the Balls to just reformat my HD. After reformating my C drive and installed my Opert.SYs again Guess what HE came back!!!! Nail.exe and his buddy sproc or what ever its name was.. now I was just wondring I am not a PC wiz but I thougth that with the reformat everything would get deleted!?.
Now you (all who helped) think that maybe since it was partition it means thaT i have to format both C: and D: drives.
Thanks.
oh, and by all means this is not only for past help new imput by other smarts is welcome ! :)
|
|
Advertisement
|
|
|
|
|
cousin80
Member
|
9. July 2005 @ 05:26 |
Link to this message
|
|
Did you just scan your C drive with your virus program or all of your drives?
|
|
ddp
Moderator
|
9. July 2005 @ 07:07 |
Link to this message
|
|
|
|
rottingkd
Junior Member
|
9. July 2005 @ 10:41 |
Link to this message
|
|
thanks cousin, ddp. I'll do that today. I'll keep you posted.
|
|
rottingkd
Junior Member
|
9. July 2005 @ 15:10 |
Link to this message
|
|
sorry Cousin, no, I figure that the nail.exe was in my system32 in windows? so I only scand C:!
|
|
cousin80
Member
|
9. July 2005 @ 19:01 |
Link to this message
|
|
I dont see how that is possible if you reinstlled your os. Did you format your c drive(not quick format) before you reinstalled your os?
|
|
cousin80
Member
|
9. July 2005 @ 19:04 |
Link to this message
|
|
and also did you do your scan before you installed any other software? i would not install anything and then first thing do an online scan
|
AfterDawn Addict
|
9. July 2005 @ 21:27 |
Link to this message
|
|
What the hell is Opert.sys? Looks like the common denominator to me.
Life is good!
GrandpaBruce - Vietnam Vet - 1970 - 1971
Computer: Intel Core i7-920 Nehalim;Asus P6T Deluxe V2
|
|
ddp
Moderator
|
9. July 2005 @ 22:14 |
Link to this message
|
|
operating system
|
|
baabaa
AfterDawn Addict
|
9. July 2005 @ 23:12 |
Link to this message
|
|
Is your operating system disc an original?
It may actually be on the disc if it is not.
Also did you delete your partition before reformatting or just reformatted the partition?
...............PIO is no go, DMA all the way...............
Beware of the Pixies - they move in over night and turn your life upside down
|
AfterDawn Addict
|
10. July 2005 @ 00:05 |
Link to this message
|
|
I am confused, you got the virus AFTER you re-formatted. Did you go on the internet without your anti-virus installed?
@ rottingkd, could you give us an EXACT timeline of events after you re-formatted. As in when you got your 1st startup screen to the windows tour!
I NEVER partition my HD. I quite simply cannot see the point. When I re-formatt I erase the whole lot & start afresh.
Pulsar
Gif by Phantom69
 |
|
rottingkd
Junior Member
|
10. July 2005 @ 01:04 |
Link to this message
|
|
XP Home Original. And no, Im not trying to sound like an ass. :). And I deleted the partition first.
The reason I partition my HD, is mainly because of this, I have Moives, music & pictures, software, games all in different HD's just in case I get a virus. I only have to reformat that paticular Dirve?. but then thats just me. I did what DDp asked me to do, ( to disable system restore ) and finaly my pc is spyware & virus free, I no longer see my 2 month friend AURORA! lol. did a system scan again with links provided by ddp. and its all clear.
pulsar: yes the virus came after the reformat, but I guess it was just regenerating with system restore? maybe ddp could explain that one. :).
This message has been edited since posting. Last time this message was edited on 10. July 2005 @ 01:06
|
AfterDawn Addict
|
10. July 2005 @ 05:42 |
Link to this message
|
|
This is why I erase everything on a format. I have 3 HDs in my Pc, I also have a 120gig zip drive & my second PC has a 160gig HD. I keep all my music distributed amongst my HDs, just in case of probs.
Not sure how a virus could "regenerate" after a system restore. Again, a clean sweep clears away any doubts. HDs are SO cheap nowadays, it eliminates the sort of probs that you are having. All my HDs have XP on as standard.
Flexibilty is the key.
If I get a prob with one, I just access that HD through the other HDs. As the "corrupted" HD is only "ticking over", you can remove spurious files without the dreaded "This prog is being used by another service, unable to delete" scenario.
That system has saved my ass on several occasios. It also removes the need to start in safe mode. You have to be able to identify the spurious files. I know my prog files like the back of my hand. I know EXACTLY what should & should not be there, and take the according action. Disc clean ups also help to make sure that the files are zapped once the recycle bin is emptied.
Pulsar
Gif by Phantom69
This message has been edited since posting. Last time this message was edited on 10. July 2005 @ 05:42
|
|
ddp
Moderator
|
10. July 2005 @ 07:25 |
Link to this message
|
try this online scan & keep the system restore disabled for the test. scan all hd's. possible a site you like is infected as i have a customer always infected from 1 site http://www.bitdefender.com/scan8/ie.html
|
|
ryan1402
Newbie
|
26. July 2005 @ 05:35 |
Link to this message
|
|
i know how to remove aroura it's not a hard thing to do my friend has done this and works fine.if anyone still haveing problems let me know..
do not download removal tool from the company that made arora.this contains more problems..
|
AfterDawn Addict
|
26. July 2005 @ 10:04 |
Link to this message
|
|
If you have a solution, why do you not just publish it here instead of making people jump hoops? We are all here to help people, please do not forget that!
Gif by Phantom69
|
|
ddp
Moderator
|
26. July 2005 @ 12:16 |
Link to this message
|
|
or when you want help, we'll do the same to you as you are doing now & we don't want that to happen now, do we!!!
|
|
ryan1402
Newbie
|
27. July 2005 @ 01:56 |
Link to this message
|
|
read other posts below as well...
arora uses nail.exe & svcproc.exe
to remove do the following
first download and install ewido, hijackthis and crapcleaner(ccleaner)
read and apply the below thread now...
start pc in safe mode and ruan all three not once but twice
when finished while still in safe mode open task manager
open c:/window/sys32 and minimise to tray
open c:/window prefech and minimise to tray
nail & svcproc.exe use a random 6or7 digit exe process in task manager
if you end random process they restart
delete both
some processes come back
they will now be in prefech folder
DO NOT DELETE
but rename the whole folder to something else
then delete the whole content of this file.
end the processes in task manager thus giving nail&svcproc.exe nowhere to go.
then run ccleaner do a full clean including all temp and IE files
then restart, windows will then rebuild a new prefech file so it may be a little slow for the first few restarts
with any luck and carefull following of this,Arora is now dead...
don't forget before reboot check sys32 folder for the two .exe's
i have also been made aware of a download on majorgeeks.com, its on page 2 if you don't want to try the method above try this but it is just as involved...
note: be very cafefull with hijack this as you may delete some very important system files...
you have been warned..
This message has been edited since posting. Last time this message was edited on 27. July 2005 @ 09:55
|
|
ryan1402
Newbie
|
27. July 2005 @ 01:58 |
Link to this message
|
|
the reason i asked if any one still wanted help was because the tread was not a new one therefore i didn't know if any one was still having problems....all that was needed was a yes we do still need help...
This message has been edited since posting. Last time this message was edited on 27. July 2005 @ 05:36
|
|
ryan1402
Newbie
|
27. July 2005 @ 04:13 |
Link to this message
|
|
with crapcleaner installed go to,
options
custom folders
add these folders
c:\documents&setting\default user\local setting\tempory internet files
c:\ " " \(your computer name)\cookies
c:\ " " \( " " " )\local settings
c:\ " " \( " " " )\temp
c:\ " " \( " " " )\tempory internet files
c:\ " " \( " " " )\recent
c:\windows\sys32\config\systemprofile\localsetting\tempory internet files\content.IE5
then go to options
advanced
make sure box marked only delete files in temp folders less than 48hrs is UNTICKED
if these files/folders are not added ccleaner will not clean them
THIS IS WHAT I HAVE IN MY TASKMGR IN SAFE MODE
TASKMGR.EXE
EXPLORER.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
LSASS.EXE
SERVICES.EXE
CSRSS.EXE
SMSS.EXE
SYSTEM
SYSTEM IDLE PROCESS
|
|
rottingkd
Junior Member
|
27. July 2005 @ 12:14 |
Link to this message
|
|
thanks Ryan, but I already formated my hd.:( but thanks for taking the time to reply my post to help me
|
|
Advertisement
|
|
|
|
ryan1402
Newbie
|
27. July 2005 @ 12:54 |
Link to this message
|
|
that's cool may i recommend using ccleaner and configure it as in my last post...run it at least once a week will at least keep your fresh instal running well...
|
