Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Aurora Problems

  1. #1
    Joined
    Sep 2005
    Posts
    20

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    Hi,

    I have been having problems the past 2 weeks with Aurora ABI popups, nail.exe, and svcproc.exe. I started following the removal instructions you posted. Here is the hijkackthis log. I use Mozilla Firefox as my browser. Thanks so much for your help!

    Logfile of HijackThis v1.99.1
    Scan saved at 8:37:47 PM, on 9/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\bzeotau.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\SARAHB~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshzlwp.dll
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKLM\..\Run: [mcwqwjw] C:\WINDOWS\system32\bzeotau.exe r
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
    O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
    O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1099456446914
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
    O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - http://172.21.0.10:8080/registration/CAT/CNICAT.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...97/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/...x/HMAtchmt.ocx
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rzxkvms.exe

  2. #2
    Joined
    Sep 2005
    Posts
    20

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    It's been about a day since I first started doing what Chuck's instructions said...I'm not getting those ABI popups anymore, but AVG is still detecting many trojan.amw viruses in C://Volume Information/ And moving them to the virus vault.

    Any ideas? Here is an updated hijack this log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:49:49 AM, on 9/5/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\AIM\aim.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\SARAHB~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshzlwp.dll (file missing)
    O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
    O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1099456446914
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/sh...,2/mcmysec.cab
    O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - http://172.21.0.10:8080/registration/CAT/CNICAT.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...97/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/...x/HMAtchmt.ocx
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\rzxkvms.exe (file missing)
    Last edited by sarah508; 09-05-2005 at 10:47 AM.

  3. #3

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    Hi sarah.
    I ran your log file thru the analyzer, which can be found here:
    http://www.hijackthis.de/
    It found several things that need to be attended to immediately.
    Also. If you use Firefox it's important that you make sure "Allow websites to install software" is unchecked.
    This setting can be found in Tools/Options/Web Features.

    It's All About Having Fun ..... Isn't It?

    Gigabyte GA-990FXA-UD3 | AMD FX8350 Black Edition | CoolerMaster Hyper 212 EVO | Corsair XMS3 16GB DDR3
    XFX Radeon HD 7950 3GB DDR5 | Acer G246HL 24" WideScreen
    Samsung 840 EVO 500GB | Western Digital Caviar Black 500GB (Storage) | Samsung SH-S224 DVD Burner
    HT|Omega Claro | Technics SL-1210 MKll ~ Stanton 681EEE MKlll
    Esoteric Sounds Rek-O-Kut Professional Phono Preamp MKII
    Klipsch Pro Media v4.1 | Sennheiser HD 580 Precision ~ Sennheiser PC165 (Mic/Headset)
    Lian Li Lancool PC-K7B w/ Enermax NAXN 82+ 750W
    Win7 x64

  4. #4
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    Quote Originally Posted by sarah508
    It's been about a day since I first started doing what Chuck's instructions said...I'm not getting those ABI popups anymore, but AVG is still detecting many trojan.amw viruses in C://Volume Information/ And moving them to the virus vault.

    Any ideas?
    Sarah,

    C://Volume Information/, or system volume information is used to store System Restore points. You'll need to turn off System Restore, clean your machine, and then turn System Restore back on once you're happy it's totally clean. Sometimes nasties can be restored from the System Restore when you remove them.

    Ned

  5. #5
    Joined
    Sep 2005
    Posts
    20

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    OK, I did what GhostDog said and unchecked the install software option. Thanks Ned so much for the tip! But how exactly do I go about doing that? (System restore off) I'm fairly knowledgeable, so if I had it step by step, I could do it. I run HP pavilion ze4800 XP SP2....Thanks again so much!

    EDIT: OK I looked at the analyser...so how do I delete the things marked in red? I just have to find them myself and delete them? Also, my ewido scan results...some 154 infected objects....

    Last edited by sarah508; 09-05-2005 at 12:10 PM.

  6. #6
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    Re: Aurora Problems

    I split this off into its own thread for better visibility. To turn off system restore on Windows XP do the following.

    Click on START > All Programs > Accessories > System Tools > System Restore

    Once you have System Restore Open click on System Restore Settings and then check the box marked Turn off System Restore. Do this on all drives if it has more than one listed.

    Now run your antispyware and antivirus apps.

  7. #7
    Joined
    Sep 2005
    Posts
    20

    Re: Aurora Problems

    Awesome! OK I just turned off system restore...I will run the AVG and the Ad-Aware....do I need to reboot or anything? Thanks again...this is so nerve-wracking. The IT Department here at my college is so backed up...they wouldn't even be able to see me for at least 3 weeks...and I'm pretty comfortable doing this on my own...I just needed some help because I don't know what/what not to delete...My AVG is a free network edition licensed by the school...I personally think it sucks, but then again I guess people with Norton, etc are having the same issues...I will put the results here when it finished...these scans take so long!
    Last edited by sarah508; 09-05-2005 at 12:22 PM.

  8. #8
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    Re: Aurora Problems

    You dont have to reboot after turning off system restore.

  9. #9
    Joined
    Sep 2005
    Posts
    20

    Re: Aurora Problems

    Alright...

    Now generally when I run Ad-Aware, Microsoft Anti-Spy, I get about 50 critical objects for deletion...now Ad-Aware is reporting 0 critical objects, AVG resident shield has yet to pop up, and Microsoft Anti-Spy found 1 transponder DrPmon which was deleted...

    So the next step is to go through and clean everything while system restore is off...

    Thanks,
    Sarah

  10. #10
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Aurora Problems

    Sounds like you're making progress

    Also, take 5 minutes to read the Cleaning Your PC (post #3) in this thread:

    http://forums.pcper.com/showthread.php?t=388472

    It contains lots of useful info plus all the tricks of the trade

    Let us know how you get on.

    Ned

  11. #11
    Joined
    Sep 2005
    Posts
    20

    Re: Aurora Problems

    Thanks so much for the help! I will definitely read that topic...I have to go to work in a bit, but I will definitely work on it all night tonight...

    Also, I also have the Opera Internet Browser...should I just do away with Firefox? Is there any way to delete Internet Explorer completely?

    My computer was running pretty slow...many of the programs would freeze up (not responding) and I'd have to end task every 2 seconds...

    Also, the hijack this analyser said that it did not detect a firewall on my computer...even though I use the Microsoft Updates as well as firewall! I also have resident shield on AVG and Microsoft Anti-Spy...

    Thanks again so much for your help everyone! I heard that the Aurora thing came from AOL/Instant Messenger...is this true? Because I use AIM but I do not use AOL as an ISP. But I know AIM installs little things into the system that are hard to get out...

    Back to work...
    Sarah

  12. #12
    Joined
    Jun 2004
    Location
    ocala, fl
    Age
    40
    Posts
    14

    Re: Aurora Problems

    Quote Originally Posted by sarah508
    should I just do away with Firefox? Is there any way to delete Internet Explorer completely?
    are you using WinXP? If so, that's impossible to completely remove IE.. it's integrated into the OS.

  13. #13
    Joined
    Sep 2005
    Posts
    20

    Re: Aurora Problems

    Yes I am running XP SP2...I figured as much....

    Things are getting better though...I'll take tonight and just try to do it all.

    Thanks,
    Sarah

  14. #14
    Joined
    Sep 2005
    Posts
    20

    Re: Aurora Problems

    OK...I ran in safe mode for awhile and did all my virus/spyware scans etc...

    BUT...I went to delete local settings/temp, local settings/internet files, and it told me it could not be deleted because windows needed it to operate...I was also issued warnings when I unchecked "hide protected folders"...etc...

    I have not gotten any more aurora popups whilst online or on AIM, and I haven't gotten the svcproc.exe virus popup on AVG either...

    But I still don't know what to do with the viruses in system restore? System restore is currently turned OFF on my system...

    Thanks for your help,
    Sarah

  15. #15
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: Aurora Problems

    Were you trying to delete the actual temp directories or just their contents? The directories are needed - it's just the contents you should delete.

    Don't worry about the warning on "hide protected folders" - that's normal

    When you turn off system restore, all restore points are deleted thus deleting any viruses that were stored there. When you've cleaned the machine and turn system restore back on you can create a new (clean) restore point.

    I would also recommend you maybe think about installing a second on demand backup AV scanner and run it about once a week. The free version of BitDefender is a great choice for this and has better detection rates than AVG:

    http://www.bitdefender.com/PRODUCT-1...e-Edition.html

    Note you should only have one product installed giving real time protection (AVG in your case) otherwise they'll conflict with each other. BitDefender Free is only available as an on demand scanner so you'll be fine with this.

    Alternatively, occasionally running any of the online virus scans should catch anything AVG misses. See here for links:

    http://forums.pcper.com/showthread.php?t=397163

    Ned

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •