Clean up from Aurora - Non Stop popups

Discussion in 'Malware Help (A Specialist Will Reply)' started by rschryver1, May 18, 2005.

  1. rschryver1

    rschryver1 Private E-2

    I am on the tail end of getting rid of this Aurora spyware that I inadvertently dloaded yesterday. I've used MS Antispyware, Lavasoft's Ad-Aware and Spybot a number of times as well as dloading the supposed clean up utility from mypctuneup.com. These programs were successful in getting ride of most everything that was creating the non-stop popup issue but there is still one file that I can't prevent from loading regardless of what I do. The name of this file is VCMnet11.exe. It show up in HJS on a single line as the following:

    O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe

    I've tried using HJS to identify and delete the instance of the file from the Registry as well from the C:\Windows directory. It doesn't show up in Safemode. Everytime I reboot though, the file comes back. Any ideas how to get ride of this last spyware remnant?

    Thanks,
    Rob
     
    rschryver1, May 18, 2005
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    After doing ALL of the above if you still have a problem:


    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    bjgarrick, May 21, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds