Another sucker for aurora

Hey,

Right, have been having very little fun for a few hours, attempting to get rid of this irritating problem. The aurora popups are getting a bit tedious and i've done a few things to get rid of the nail.exe and its friends. I looked at some similar threads and tried a few of the solutions, i.e. turning system restore off, viewing all file extensions/hiddens files, booted in safe mode and ran a variety of scanners... i reboot and i've still got the damn thing sitting smugly in the windows directory. Would be extremely grateful for any assistance anyone can spare me... as per other threads, i ran the latest version of HijackThis and have attached the log file, cheers!

 

a bit more info... i've tried using microsoft antispyware, adaware, spybot, about ccleaner, norton av, trendhouse online thing... all when the pc was in safe mode.

i've also tried using the cmd prompt, typing nail.exe /fullremove but this thing isn't shifting without a push....

also, this new logfile is run without msn and other stuff in the background.

 

online scan at Trend Micro's Free Online Virus Scan produced three results, i was hoping it would remove them but it couldn't. there were three different types of trojan, but it couldn't get rid of them.

adaware, this recognises around 30 issues mainly ones coded VX2, i've installed the plugin but cant get rid of them

microsoft antispyware recognises two "abetterinternet" aurora viruses and gets rid of them, only for them to reappear
.......................................................

couldnt find messenger plus 3 to remove, but have to go to work now so will be back later!

 

Right, have got so good progress so far it seems. Just another thing to mention, everytime i loaded the pc up, i got a request from something through ms antispyware ...

"Name: TODO: <Product name>
Description: TODO: <File description>
Publisher: TODO: <Company name>
Path: c:\windows\system32\wuugxw.exe"

anyway, didn't know what it was and only started happening yesterday, so blocked it each time. I went through all of the steps and made notes on what stuff happened...

ABI
I ran this first as you said, it ran fine didn't produce any messages or anything.

Getting prepped!
Did the disable system restore part, sorted out the system files so all were viewable and made sure all the tools i had were uptodate...

Online scanners -

first up, trendhouse....
-found three trojans... TROJ_AGENT.BA / TROJ_AGENT.F / TROJ_AGENT.ABS under these files, gristrx.exe / lcsquderkfn.exe / adqkmzc.exe

- couldn't remove any of them though, didn't say why... i had a ticket number etc, bit weird.

second Symantec
- found 11 viruses, but was about halfway through and the internet completely stopped working, only on my pc though, the other one was fine. I should've run norton av instead but forgot.

third, mcafee stinger
- found nothing

OK, used ccleaner next, followed by adaware. This found 11 threats, while aurora was active yesterday it would pickup 29 threats, delete them, and then rescan would find them all again, mainly vx2. Two of the files found were the same as ones found by trendhouse found earlier lcsquderkfn.exe and adqkmzc.exe. Clean rerun of ad aware, and i just did another one which came out clean... i also ran the vx2 plugin and it found nothing. Results of first scan are attached.

Spybot found nothing and neither did kill2me.

............................................................

Phew.

I rebooted right after that, was i supposed to turn windows restore back on at any point during this?? I rebooted and have turned it on, it wanted to restart but i wasn't sure if i should yet.

Anyway, it seems good, i ran hijackthis, have attached the logfile, and the nail.exe was gone - so no more pop-ups yet. The TODO request didn't come up either which is good, microsoft antispyware hasnt even flickered since i rebooted, apart from to let a symantec thing through - some directx addins i had to install to do their online scan.

Briefly onto your other points, i couldn't find messenger plus3 in my add/remove programs and when i ran msconfig, it was already on the setting you spoke of.

 

Another update...

i ran norton anti virus and it found 8 things, probably the same as the other problems which the online scanner saw before i lost the internet. It removed most of them, but left three on there which it couldn't remove. These were two apropos files, rehex.exe and rnsrw.exe, both running processes at the time as well. Went to search for a removal tool and there was a handy symantec addin for removing them, which it did once i'd stopped the processes. Gonna reboot now and hope none of it has come back...

... it also quarantined this...
Source: C:\Program Files\Microsoft AntiSpyware\Quarantine\DA6E2FD3-2E4B-42FB-A45C-ACA6FA\DD79B86F-E60C-41EC-A66E-E74CF9
Description: The file C:\Program Files\Microsoft AntiSpyware\Quarantine\DA6E2FD3-2E4B-42FB-A45C-ACA6FA\DD79B86F-E60C-41EC-A66E-E74CF9 is a Adware threat.
Click for more information about this threat : Adware.180Search

 

i rebooted and here's the hjt file...

one program on there wuauclt.exe, wasn't on the last one and is totally new to me! i don't reckon it should be there.

 

Thanks very much for the help mate, norton seems to have taken care of those two files (rnrsw.exe and rexhe220.exe), they aren't on the computer any more.

and that wuauclt.exe appears to have been a windows auto update thing...

based on this hjt, and if i get rid of:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

... am i in the clear!?

 

please ignore my previous post, i didnt realise the other lines were still in the hjt file!... i've now removed all the things you said in the hjt log, there weren't any files to delete as that had been done already, i think. Anyway, i've attached another log.

 

Cool, thanks very much for your time and help mate, is definitely appreciated after two weeks straight of hardware and software troubles... clear sailing ahead

 

One more thing...

should i turn system restore back on??!

Cheers!