TechSpot

Aurora (et al) removal help, please!

By nwoodly
Aug 4, 2005
Topic Status:
Not open for further replies.
  1. Hi everyone,

    I could really use someone's help with sorting through the attached Ewido and HJT logs to get rid of Aurora and a suite of other nasties ( :mad: , :evil: , and :dead: ) on my friend's pc (running Windows XP Home).

    I'm new to the forums here, so please let me know if you need more info, etc.

    Thanks a million!
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    You don't have Aurora (yet).

    Uninstall this junk:
    C:\Program Files\Spyware Doctor\swdoctor.exe

    Then go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location NOT on your Desktop.
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    While doing so, include these in your clean-up:
    C:\WINDOWS\System32\goulfz.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dnaads.com/servlet/ajrotator/126189/0/viewHTML?zone=enternet
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ckozixoy.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
    O4 - HKLM\..\Run: [q79R3FV] avmiop.exe
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    4 - HKLM\..\Run: [zffejb] C:\WINDOWS\System32\goulfz.exe r
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

    Delete the highlighted files and/or directories.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.