No getting rid of Aurora/Abetterinternet

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sapo, Nov 17, 2005.

  1. sapo

    sapo Private E-2

    Spent hours doing every possible scan from ewido to anti adware, spybot,etc etc.
    It's so bad that it comes up when I'm running a scan to kill it.
    On Ewido last night I had something called:
    C:\windows\system32\cirtyun.exe that kept coming up.
    Also vm_01D70000

    I've gone into the registry and tried deleting the Aurora file, it goes away and then comes back after some time.
    Also have the same problem with TBONAS.
    When I run spybot I get: Abetterinet.aurora
    Shopathome and a third I can't recall.
    On Microsoft anti ...............
    I get DSrch 32 signatures as well as ABI.
    I'm no wizard so what can I do?
    HELP!!!!
     
    sapo, Nov 17, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the steps below:

    - download Nail/Bolder/Aurora Remover 0.3.1 Beta and save it to its own folder like c:\ABIremover
    - Now extract the abiremover.exe file from the ZIP file into the folder you created but do not run the EXE yet. We will run it later.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates for all programs.

    - Now while still in safe mode, run the abiremover.exe but make sure you are physically disconnected from the internet (unplug your cable to be sure). Just click install, wait (explorer window will disapear)

    - When abiremover finishes just reboot into normal and continue with the below steps.


    Also download HOSTER and then follow the below steps.
    • Unzip Hoster to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Original Hosts and then click OK.
    • Click the X to exit the program
    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis
     
    chaslang, Nov 17, 2005
    #2
  3. sapo

    sapo Private E-2

    Hi again,
    Went through all the other processes but not sure I did the Abiremover thing right. Couldn't figure out the Remove random key and random file.
    I tried a search on my computer for ABI and it came up with a bunch of ABI zip files that I tried to delete but it wouldn't let me.
    I made a text copy of the search and I will try to paste it here.
    Well couldn't attach it so I'll try again after I contact the forum manager.
     
    sapo, Nov 17, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please complete the steps I gave you in message # 2.
     
    chaslang, Nov 18, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds