help please with aurora (done everthin else)

hi all,

i've been experiencing problems with aurora these past few days. The program is always trying to download some stuffs that my avast antivitus described as trojans and blocked.
I have done all the previous instructions posted:
turned off system restore, show hidden files, etc.
boot into safe mode and done internet virus and trojan scans,
also done various scans (adware, spybot, ccleaner, cwshredder).
I think i followed every instructions, yet the problem kept on poppin up.

Please help me, below is my hijackthis log file.

PS: Thank you very much in advance ^_^

 

Your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes.

Please, download ABIremover and save it to a location like C:\ABIremove

NOW:
Reboot into Safe Mode, be sure you have ALL browsers closed while running this removal tool.

Next, start the ABIRemover.exe, press install, wait (explorer window will disapear)

Reboot and procede with the below online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you comlpete the above, reboot and post a fresh HJT log.

 

Thanks for the rapid response ^^
I did what u told me to do, and installed ABIremover in Safe Mode.
And also did the online scans.

RAVantivirus detected:
C:\WINDOWS\Nail.exe Trojan Downloader:Win32/Agent.Lo
but could not fix the file.

Also, Trojan Scan detected my C:\Program Files\mIRC\mirc.exe as a malware (described it as RiskWare.mIRC.6.16). Seemed peculiar to me... what do you think?

Currently, avast on-access scanner kept on detecting a malware it described as Win32:Trojano-1375[Trj] Located in C:\WINDOWS\System32\DrPMon.dll

What should I do next (here is my new hijackthis log)?

 

sorry, forgot to close task manager and other applications when running hijackthis. This is my new log file.
Thanks

 

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.bat and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the fix.bat file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop)

After you do the above, reboot and post a fresh HJT log.

 

here is my new hijackthis log file after running the fix.bat and rebooting

 

1) Download TrojanHunter

2) Install TrojanHunter, At the end of the install setup will prompt you to update definitions. Please do so!

3) Once installed and updated, select drive C:\ and do a Full Scan. Remove all found infections.

You must get the updates before this will remove this baddie!

After you run this scan, reboot into Safe Mode and run the ABI Remover again. Then reboot back into normal mode and attach a fresh HJT log.

 

First of all, thank you for helping me out and sticking with me up to this point. I'm glad that there are still some people out there like you working countless hours to help complete strangers like me.

As for my my problem, I did the trojan hunter scan just like you said. it detected a trojan running in memory:
c:\windows\system32\genqzg.exe, PID: 1736 (Agent.167)
and
File scan found:
trojan file: C:\WINDOWS\Nail.exe (Adware.BetterInternet)
trojan file: C:\WINDOWS\svcproc.exe (Stervis.100)
3 trojan files found.

After that, booted in safe mode and installed again the ABIremover.

Here's my hijackthis log file after all that. I hope this does it.
Thanks again

 

Again let me point out that your Operating System and Internet Explorer versions are WAY out of date and represent a major security risk. After we fix your current problems, you must get updated. You need to install Service Pack 2 for security purposes.

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: didttmvhemokeqsskwad - {d7c96719-c855-4e9b-828f-f3a005c70083} - C:\DOCUME~1\Mifza\APPLIC~1\dglgrhriqu.dll (file missing)
O3 - Toolbar: jchiehxotrs - {ed07758b-5753-47d6-a948-32385653e504} - C:\DOCUME~1\Mifza\APPLIC~1\dglgrhriqu.dll (file missing)

O4 - HKLM\..\Run: [lzwkdx] c:\windows\system32\genqzg.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

c:\windows\system32\genqzg.exe

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

okay, did everything. But when I went into safe mode and proceded to search for C:\windows\system32\genqzg.exe I could only find genqzg.exe.tcf
I deleted the file anyway.
here is my new log file.
please check for more of those baddies.

 

Your HJT log is clean!

Are you having any further problems?

 

phew finally thank you!!
no, no trouble as far as i know for now.
Just some questions though:

1. At this time I should be safe to enable system restore, before I install sp2 right?
2. is it necessary to update my internet explorer, as i'm currently using firefox?

That's all I can think of for the moment. Will let you know if I have more questions

Thanks

 

Installing Service Pack 2 will update your IE along with your OS. Yes, its ok to enable System Restore.

Also, you should follow the steps in this thread below.

How to Protect yourself from malware!

 

Okay, will do that.
Thank you again, bjgarrick!

 

Your Welcome!

Surf Safely!