Aurora/ A Better internet just doesn't wanna go away.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by hooligan495, Sep 20, 2005.

  1. hooligan495

    hooligan495 Private E-2

    Hi!

    I'm looking for some help.

    I just spent the afternoon following chaslang's sticky thread on finding/removing spyware/viruses before running the abiremoval tool.

    Bitdefender found 3 issues, 2 of which were delete, and one fails to be deleted, this is because (I think) that it's in memory running, in fact when I delete the running task via task manager I see a new process immediately get spawned (all these processes have messed up names like : jpoahck.exe.

    I run through to using the ABIRemover and the Hoster programs as chaslang suggested for someone else. and this process doesn't go away.

    Obviously there is another process somewhere that is monitoring this. Maybe it's a service that is ensuring that the malware is always there. The thing is I'm not sure how to figure out which one it is. I've run Hijack this and I try to use it to remve the "jpoahck.exe" item and it does but again similar to killing a process, a new one appears when I run Hijack this again.

    Can anyone offer pointers as to how to proceed? Would posting the results of BitDefender/Hijack this be the thing to do?

    Thanks a bunch!
    Jay
     
    hooligan495, Sep 20, 2005
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    bjgarrick, Sep 20, 2005
    #2
  3. hooligan495

    hooligan495 Private E-2

    .

    Here is my HJT log (attached)

    Thanks in advance for any help you can provide :)
     

    Attached Files:

    hooligan495, Sep 21, 2005
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

    Sysclean Package

    Pattern.zip

    Once you have these downloaded into the folder you just created, REBOOT INTO SAFE MODE!

    Once in Safe Mode double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach a fresh HJT log.
     
    bjgarrick, Sep 21, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds