TechSpot

Pop-Ups won't go away...Please view my Hijack this

By tukash
Aug 29, 2005
  1. I am so frustrated it is ridiculous.

    I got this Aurora thing installed on my computer somehow, and now I cannot get rid of it. I have tried everything. All of the anti-spyware stuff I have finds it, but doesn't permanetaly delete it. Can someone please look at my hijack this log and tell me what to do to get rid of it please?

    Thanks in advance!

    Logfile of HijackThis v1.98.2
    This is an OLD version. file removed.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. tukash

    tukash TS Rookie Topic Starter

    Thanks for the help, sorry about the rookie mistakes! :D

    I followed everything from that link step by step, but Aurora is still coming back. I just don't get it.

    Attached you will find the 2 log files requested. Thanks again for all the help getting rid of this major annoyance.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Next, open Windows Task Manager.

    On Windows 95/98/ME, press CTRL+ALT+DELETE.
    On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
    Click the Processes tab, select the process (if there), click End Process for:
    imtnck.exe
    dxkvkjxjhcy.exe
    Abilux.exe
    nail.exe

    Next, click Start/Run and type cmd and hit Enter. When a command prompt opens, type:
    nail.exe /FullRemove and hit Enter.

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\Program Files\Abilux\Abilux.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    svcproc.exe
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    C:\WINDOWS\System32\imtnck.exe
    C:\WINDOWS\dxkvkjxjhcy.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O4 - HKLM\..\Run: [hyjyst] C:\WINDOWS\System32\imtnck.exe r
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dxkvkjxjhcy.exe
    O4 - HKCU\..\Run: [Abilux] C:\Program Files\Abilux\Abilux.exe -tray
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup155.cab
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.

    To be sure, run this stuff again:
    How to remove Aurora/Nailfix
     
  5. tukash

    tukash TS Rookie Topic Starter

    They came back...

    It seems Aurora went away, but not in full. There is something else still giving me pop-ups. I have run so many versions of spyware recognition software, and nothing finds it. I even used registry mechanic to no avail.

    I am not sure what it is that keeps popping up. Search and Destroy found a SurfSideKick program that it cannot delete. It says it is something running in the system. This has top be the problem right?

    Here is the HJT log file. Hopefully someone can find what the problem is.

    Thanks in advance

    EDIT: I run xoftspy and it cleans up, but states I have 50 running processes. How do I delete these running processes?

    EDIT#2- I upgraded my Ewido and Xsoftspy in hopes of clearing it up. Here is a new HJT file since some were hopefully deleted.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    As long as you keep running questionable crap such as these, you WILL keep getting infections!
    Uninstall that crap and PAY for a change for what you would illegally download!
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\eMule\emule.exe

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /U/ UNinstall anything to do with this
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    R3 - Default URLSearchHook is missing
    O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - blank (file missing)
    /P/U/ O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup155.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWthc2gA\command.exe (file missing)
    ...................................................................................................
     
  7. tukash

    tukash TS Rookie Topic Starter

    Thank you for the help. I did everything you said, and so far it looks like it worked.

    I do have a question though. What was the problem with MSN Messenger? And why did you have me delete the entire directory? You didn't ask me to uninstall it from "Add or Remove Programs" so I did that on my own after I rebooted, since there were no files left to actually run it. Is that something I can reinstall now? Or is there an adaware problem associated with it?

    Thanks again for your help. I really appreciate it. :) I am attaching another HJT log just in case I missed anything.
     
  8. tukash

    tukash TS Rookie Topic Starter

    Well I am still getting pop-ups. They are not as bad as before, but they are there still.

    Hopefully the HJT log I left you will allow you to find something I may have missed.
     
  9. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    There was no MSN running otherwise, so it looked like an orphan.
    Anyway, MSN Messenger is a prime candidate for sleucing in trojans and virii, so you are better off without it. AIM is just as bad.

    Nothing wrong with your log, except you are using IE.
    Go to www.getfirefox.com
    Firefox has an excellent built-in popup-stopper.
     
  10. tukash

    tukash TS Rookie Topic Starter

    I do have Firefox installed on my computer, and really like it, however it doesn't load java based pages well. I am a big sports buff and use sites that have automatic game trackers (sportsline.com, espn.go.com, etc) Firefox doesn't load those page properly.

    There was a a link someone gave me a while back that had a whole bunch of plug-ins for Firefox, but there was no java update. Has that changed? If so, you don't happen to have that link do you?

    Thanks again for everything. I wonder why I am still getting pop-ups? I ran ewido again yesterday and it found 6 things. I deleted them so hopefully that does it.
     
  11. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...