I so I am cleaning this computer that had a bunch of spy ware installed on it, included auora/nail I ran thorugh the removal steps in the forms (thanks guys) and was able to clean most of it off. I dont see any abnormal services running on boot but some how I still getting spyware activity.
Couple of things that are happening:
1) I am still reciving cookies related to Look2Me and SurfSideKick.
2) under some unknown cirumstances AppWrap[1].exe ends up reappearing in the IE temporary internet folder.
3) HTTP requests are being redirected to ports 1052-1100 > 80.
I have pretty much ran every removal tool I can think of and Im thinking my only solution is to run a System File replace in windows xp.
I was wondering if anyone has heard of the proxy thing and if there was a way to remove it, because I think thats were I am receiving the infections.
Any help would be appericated. I Will post my HiJackThis logs when I get to the location shortly.
Couple of things that are happening:
1) I am still reciving cookies related to Look2Me and SurfSideKick.
2) under some unknown cirumstances AppWrap[1].exe ends up reappearing in the IE temporary internet folder.
3) HTTP requests are being redirected to ports 1052-1100 > 80.
I have pretty much ran every removal tool I can think of and Im thinking my only solution is to run a System File replace in windows xp.
I was wondering if anyone has heard of the proxy thing and if there was a way to remove it, because I think thats were I am receiving the infections.
Any help would be appericated. I Will post my HiJackThis logs when I get to the location shortly.