User Panel
Posted: 8/19/2005 4:33:07 PM EDT
The wife downloaded some bullshit poker game from the web and now I get a pop-up called "Aurora."
I have run Norton and Adaware to no avail. I did a search and pulled up the thread initiated by richardh247 that offered a few fixes, but I'd really like to get more of a consensus on what will get rid of this "malware." TIA! |
|
Ive had good luck with Spybot Search & Destoy. Run it in safe mode.
|
|
One of those poker sites is where I picked up a search/bug.
It was putting up pop ups quicker than I could click them off. I used system restore to go back to the day before I had visited that site and it took care of it. That also has worked since to get rid of other little nasties. |
|
It's your own fault for letting her browse the web on an Administrator account. Create a User account for her and none of these bugs can get installed in the first place. |
|
|
Explain that to us neophytes. |
||
|
I had this at work last week.
Google it for numerous cures. Getting rid of it is a long drawn out process. Dont waste your time with Adaware or spybot. I never did get it gone. it just keeps coming back. |
|
I would like to hear this one as well. How the hell can a simple user account prevent spyware? |
|||
|
Aurora can be a bitch to get rid of. I think it is also called nail. I remember cleaning it a few weeks back and it had a file called Nail.exe in the windows folder IIRC. I had to use hijackthis and killbox to smoke the file(s) and registry entries that is uses.
|
|
ah me... aurora.. thats almost as having sheehan come to stay and never leave..
my advice... find a computer savvy person and pray they have some patience. or buy a new computer. or blow your complete system away, format the disk and do a cold metal instal and QUICKLY install all service packs, firewalls and virus software... i deal with this with family members. I think the aurora may be one of the worst. it might actually send personal info to other sites. at a minimum it will fill your computer with popups and adds you wont be able to stop.... i think that the people who do this should have taliban justice. cut there fingers off so they cant type any more code.. i would almost be willing to do this myself if you could just bring them to the soccer field. .. and no novocaine please.... i have actually removed this from a computer. took two days of fiddling.. i have been in dp for 23 years. my background is vast.. this is one of the worst i have ever seen.... |
|
Hang around! There is a way to stop it with a user account. We are going to find out about it shortly. |
|
|
This is not about "fault." It is about "help." If you cannot provide "help," then stay the fuck out of my thread. |
||
|
He's wrong, it can't. |
||||
|
Believe it or not, a simple User account will prevent all spyware. In order for the spyware - or anything else for that matter - to be installed it has to be done with an Administrator account. But if you're loged in on a User account, you can't install anything. You can't even update a printer driver or load a browser plugin. And spyware, trojans, and browser hijackers can't install either. Windows won't let you, and it's already built in. Too many people only set up one account on their XP box - and Administrator account - and they use that for everything. Instead, set up seperate User accounts for your web browsing and for your wife to use. Only use the Admin account if you have to install software or make system changes. It really is that easy. You just have to do it. Read more here.
You're wrong, and you really need to refrain from commenting topics that you have absolutely no clue about. Which is pretty much everything. |
||
|
HAR! user account... which OS? Perhaps after he installs win2003 server and service Pack 1 for win2k3... at which point he will need a consultant to unscramble and set the security so he can even log on (Win2k3 SP1 is worse than the taliban's burka). Outside of that uid/pw security settings aint gonna do squat.. the problem is all the holes and exploits available.. especially if you are dumb enough to download something (usually a game) from some unknown site... |
||
|
Load on to your computer registery monitoriing software. It will warn you when something is serriptitously trying to installs software. If you encounter soemthing that you are not familiar alway answer NO. I'm usig Spybot's Teatimer.
Good luck, it took me nearly 2 weeks to get rid of the Cool-web Search virus. It's best to rid of these virus even thought it doesn't appear that they are doing anything malicious, but they could be logging your keystrokes, and when you key in your acct number others can see it. |
|
The only thing I see is you making the same ridiculous and unfounded claim! |
|
|
What Spybot can't kill...Webroot Spysweeper will.
Runs in the tray all the time and keeps your browser from being hijacked and keeps a list of "nasty" sites known and won't let you go to them...be fore-warned...some porn sites (if that's your thing) will be blocked...not all, but some (ones that are known to replicate in the reg keys) ETA post below this one: We both forgot to say...USE MOzILLA!!!!!!!!!!!!! |
|
Individual user accounts are an absoulte pain in the ass. I have had to clean machines that had over 5 User profiles for everyone in their family each loaded up with boatloads of browsers hijacks and malware.
The best thing to do is don't user Internet Explorer, or if you do at least keep it up to date. |
|
+1 Good one! |
|
|
Ok, looks like you need to be held by the hand and led through it - Link Link Link Link What XP Home calls a "Limited" account is a "User" account in XP Pro, Win2k, and Win2k3. Notice that Limited/User accounts are unable to install programs, and that includes spyware. By restricting your account permissions you eliminate nearly all these malware problems before they start. |
|
|
I will be honest with you panzersergeant... that spyware is probably the worst i have seen.. i was working on a customers computer the other day that was infected with that. I normally take the harddrive out of the system. slave it to another computer that has panda 2005 tru prevent edition. and fully scan the HD. and delete or disenfect anything it finds. I scanned this system probably 800 total infections. really not that many, but anyways.
I hooked the hardrive back into the system boot into safe mode with networking support. and start to run adware, spybot, ewido and several other programs. i walk away while the system is scanning. i came back to it a couple minutes later and the desktop was full of advertising pop ups. and auora pop ups. at that point i gave up. I called the person. we said hte best way to get rid of it is to do a fresh install of windows. I would suggest backing up what you can to cd-r's. Do a fresh install of windows install all your critical updates. and intall a limited user account for all the surfing. |
|
You really need to think about giving out bad advice. I just ran 3 tests on your theory and you are 100 percent WRONG! The limited account was able to download and run video files ,then I went to a site I know installs minor bugs and sure enough you were proved wrong again. Please people do not rely on this guys "expert" advice, he's dead wrong, try what I said for yourself. |
|||
|
Someone got busted ! Good call tc6969 |
||
|
By the way anyone thinking javaman is right just remember one thing, these malicious bugs don't need your permission to install themselves, they slip in through open ports and other path ways and of course when someone says "OK" , limited or not.
Beware of javamans advice. |
|
A solution that has worked thus far for me on numerous occasions is to boot with an ERD Commander CD and run...
Ad-aware Spybot S&D from the link on your desktop. ad-aware acts kinda punchy, but it works. You can clean it in about 20 min's (scan time for both App's and a reboot) it would also be wise to update both apps before booting into ERD. The reason it works is that windows isn't loaded (it looks alot like windows) so there are no rights or processes issues preventing the malware from being removed or moving itself, you could delete the whole windows dir. if you wanted to... but don't h good luck |
|
Think about it. If this actually was any kind of a solution the problem would be nonexistant within a week. |
|
|
Get Webroot...seriously...although it used to be free...now not so much...hmmmm webroot This thing blocks ports and ASKS you (so don't make dumb choices) what to do when something tries to get in... |
|
|
mandrivalinux.com graphic install and hardware recognition, no spyware or viruses and everything windows can do minus gaming
|
|
That was my first logical thought as it was for you. Now what would the motive be to post it as a "cure all" ? |
||
|
Sorry I work here and I'm not allowed to say. |
|
|
Post it from your troll account LOL J/K |
||
|
|
|
You might as well trash the hard drive and start over if you have aurora. That's the worst thing out there short of a virus.
|
|
that was one of the utilites i tried.... maybe it has a new fix for it |
|
|
www.google.com/search?hl=en&q=aurora&btnG=Google+Search |
|
|
I have it on my computer, along with Ad-Aware, Spybot S&D, and Spywareblaster. They all have to be updated just like anti-virus definitions. But I'm not going to install Aurora on one of my PC's just to see if I can get it off. |
||
|
According to who? Been there, done that, still ended up formatting. |
|
|
I use adaware and spybot also . Make sure you update the files and make sure you set it to scan all archives and low risk entries. After you have adaware and spybot downloaded unplug your network cable.I usually write down everything critical they find and search the registry for every one and delete the entries.Then go to your program folder and delete any of the folders for those spywares.User profiles don't do crap. I run adaware on my pc about 10 times a day. Every time i find a spyware i also add it to my list of restricted sites in the internet options settings folder under control panel under the securites tab.(example: *.2o7.net) They might get on once but not after their in the restricted sites. If all else fails backup all your files to CDR and reload windows. I think everyone should reload windows once a year anyways.You can also try webroot.com's Spysweeper .
Hope this helps. GlenR |
|
According to someone who said on another forum that it removed it from their computer. tc6969 do you think the guy might want to try every possible solution available before he nukes his hard drive? Step back from your sarcasm of people who are trying to help him (like he asked). I've spent up to 12 hours taking viruses and spyware off enough peoples computers that I make sure I don't get the crap on mine to begin with anymore. Some people don't build their own computers so they don't have a OS disc available and never burn a copy of their install disc when they buy some of these new computers which don't come with a restore disc. To tell the guy to just format his hard drive without knowing if he has the means available to reinstall doesn't make alot of sense. That being said, if you do have a Windows disc available and have a cable modem or other high speed internet service. Stick the Windows disc in, reboot and format the hard drive if you don't have to go to work tomorrow and you can probably be done reinstalling everything within a couple of hours. |
||
|
A search turned up "Aurora.exe" in C\windows\prefetch. Can I just delete this file?
|
|
|
Found a whole bunch of pissed off people here:
http://www.spywaredb.com/remove-aurora/ |
|
|
|
I picked up the M$ Spyware tool and its not that bad.
And yes, I am shocked by that considering I despise it, and if you have a registered version of Windows, its FREE. MS FREE Spyware Tool |
|
OK, I admit, I'm a novice. But, i have had to remove pop-up programs before.
I went thru all the spyware, adaware etc. programs which you should do. Then I went thru add remove programs and looked very carefully and I found 2 or three programs that I never heard of before. Turns out, there were programs running that would generate these pop-ups while online or they would redirect me if I screwed up a web address to thier crappy search site. When I tried to remove them, they made me go to thier web site and download removal programs. It was a pain in the butt, but it did work. I have done this 4-5 times now and I am pop-up free. BTW I think Ad-aware is a great program and I do run it regularly, but it won't stop this B.S. from happening. No promises, and I haven't had this Aurora, but at least look in add remove programs. |
|
I would not buy a product that is specifically made to remove one program. sounds kinda fishy |
||
|
it doesn't matter what browser you are using, just running windows you can be infected |
|
|
Not necessarily...Dunno 'bout Aurora, but some of these spyware programs are only in IE command run RegKey... Mozilla has pop up blocking normally (more so than IE) I get maybe 3 a week that get thru and I surf quite a bit. I run Mozilla behind 2 firewalls and 2 anti spyware and 1 AV...I still get probed and attempts made...but I'm female, so there ya go I don't use the big names out there (let's face it: viruses and their ugly ilk are aimed at foiling IE and Norton/Mcaffee/Adaware because that will affect the most users) and that's my 3 cents... |
||
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.