aurora pop-up

i am constantly getting a pop-up that is titled "aurora." i just recently deleted a bunch of trojans off my computer.. but i know i still have some spyware..for instance: cydoor.. but it will not let me remove it. ive also tried to manually remove it from regedit..any help?

thank you

 

I too am having the same problem. Random websites spawn random popups all titled Aurora. I updated Spybot and tried searching for it and it came back with nothing. I used Ad aware and it found it twice and said it removed it, but after a 3rd restart it is still coming up and now Ad Aware doesn't see it.

I have not a clue what I can do to rid myself of this. I have tried searching the net for this problem but I keep getting Aurora, OH or some screen saver.

Any help would be appreciated, any help that resolves the problem will be worshiped.

 

Please create a new thread for your problem instead of posting in someone elses thread.

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

here is the log

 

i cant seem to attach the log correctly..

 

You attached the log successfully in your previous post. Allow me a moment to check it.

 

Are you familiar with Disspy & Free Surfer?

Also, its up to you but I would uninstall Ares Lite Edition.

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
(If you know this entry leave it, if not fix it)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\Nail.exe

C:\WINDOWS\svcproc.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

thanks. i did everything you told me to do...and i still am getting the aurora pop-up. just ran another hijackthis..and the nail file is still there after deleting it during safeboot. here is another hijackthis log.
any more help? i would appreciate it.

 

ive also used the program "disspy", and as a result ive gotten:
adware: cydoor which is then broken down into cydoor1-35.zip. each time i try to delete them; it does not let me and says: error delete: subscript out of range.

any help there? thanks

 

You didnt answer my questions, Do you know and are familiar with these 2 programs:

Disspy & Free Surfer

If you do not know them you need to go into Add/Remove Programs and uninstall them.

Let me know before we continue.

 

Quick and easy fix for this little POS!! View my new thread.....

http://forums.majorgeeks.com/showthread.php?t=60904&highlight=direct+revenue

 

Thanks CalRodeo but stick to your own threads please as this causes confusion. If we couldnt fix this users issue then I would have sent him to see that thread.

 

Well I apologize, however in my case, none of your solutions worked. I do realize many cases are different though, so I will leave this site. Thanks

 

Oh my word, I did not mean it in a rude way. When multiple users post in one thread it creates confusion, we work these problems one step at a time. Eventually If nothing else worked I would have sent the user there.