Pop-Ups won't go away...Please view my Hijack this

Status
Not open for further replies.

tukash

Posts: 6   +0
I am so frustrated it is ridiculous.

I got this Aurora thing installed on my computer somehow, and now I cannot get rid of it. I have tried everything. All of the anti-spyware stuff I have finds it, but doesn't permanetaly delete it. Can someone please look at my hijack this log and tell me what to do to get rid of it please?

Thanks in advance!

Logfile of HijackThis v1.98.2
This is an OLD version. file removed.
 
Thanks for the help, sorry about the rookie mistakes! :D

I followed everything from that link step by step, but Aurora is still coming back. I just don't get it.

Attached you will find the 2 log files requested. Thanks again for all the help getting rid of this major annoyance.
 
Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager.

On Windows 95/98/ME, press CTRL+ALT+DELETE.
On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there), click End Process for:
imtnck.exe
dxkvkjxjhcy.exe
Abilux.exe
nail.exe

Next, click Start/Run and type cmd and hit Enter. When a command prompt opens, type:
nail.exe /FullRemove and hit Enter.

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\Abilux\Abilux.exe

Next, click Start/Run and type services.msc and click OK. Look for the service:
svcproc.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
C:\WINDOWS\System32\imtnck.exe
C:\WINDOWS\dxkvkjxjhcy.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [hyjyst] C:\WINDOWS\System32\imtnck.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dxkvkjxjhcy.exe
O4 - HKCU\..\Run: [Abilux] C:\Program Files\Abilux\Abilux.exe -tray
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup155.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.

To be sure, run this stuff again:
How to remove Aurora/Nailfix
 
They came back...

It seems Aurora went away, but not in full. There is something else still giving me pop-ups. I have run so many versions of spyware recognition software, and nothing finds it. I even used registry mechanic to no avail.

I am not sure what it is that keeps popping up. Search and Destroy found a SurfSideKick program that it cannot delete. It says it is something running in the system. This has top be the problem right?

Here is the HJT log file. Hopefully someone can find what the problem is.

Thanks in advance

EDIT: I run xoftspy and it cleans up, but states I have 50 running processes. How do I delete these running processes?

EDIT#2- I upgraded my Ewido and Xsoftspy in hopes of clearing it up. Here is a new HJT file since some were hopefully deleted.
 
As long as you keep running questionable crap such as these, you WILL keep getting infections!
Uninstall that crap and PAY for a change for what you would illegally download!
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\eMule\emule.exe

First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/U/ UNinstall anything to do with this
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
R3 - Default URLSearchHook is missing
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - blank (file missing)
/P/U/ O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup155.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWthc2gA\command.exe (file missing)
...................................................................................................
 
Thank you for the help. I did everything you said, and so far it looks like it worked.

I do have a question though. What was the problem with MSN Messenger? And why did you have me delete the entire directory? You didn't ask me to uninstall it from "Add or Remove Programs" so I did that on my own after I rebooted, since there were no files left to actually run it. Is that something I can reinstall now? Or is there an adaware problem associated with it?

Thanks again for your help. I really appreciate it. :) I am attaching another HJT log just in case I missed anything.
 
Well I am still getting pop-ups. They are not as bad as before, but they are there still.

Hopefully the HJT log I left you will allow you to find something I may have missed.
 
There was no MSN running otherwise, so it looked like an orphan.
Anyway, MSN Messenger is a prime candidate for sleucing in trojans and virii, so you are better off without it. AIM is just as bad.

Nothing wrong with your log, except you are using IE.
Go to www.getfirefox.com
Firefox has an excellent built-in popup-stopper.
 
I do have Firefox installed on my computer, and really like it, however it doesn't load java based pages well. I am a big sports buff and use sites that have automatic game trackers (sportsline.com, espn.go.com, etc) Firefox doesn't load those page properly.

There was a a link someone gave me a while back that had a whole bunch of plug-ins for Firefox, but there was no java update. Has that changed? If so, you don't happen to have that link do you?

Thanks again for everything. I wonder why I am still getting pop-ups? I ran ewido again yesterday and it found 6 things. I deleted them so hopefully that does it.
 
Status
Not open for further replies.
Back