"Reader Tips: Do Away with Spyware
Many programs block spyware, but few know how to get rid of it. Redmond readers offer some clever ways to banish these nasties.
March 2006 • by Doug Barney
We all know spyware is bad stuff, the real question is: How to get rid of it. To find out, we went to the experts -- you, the Redmond reader. Dozens of you responded to our pleas. Here are the best bits of spyware removal advice, sprinkled with a healthy dose of anger and frustration.
Aurora is a nasty bit of adware/spyware that can be a real pain to root out. Redmond reader and IT Specialist Robert Butler knows. "I've discovered that Aurora changes the file names of the files it uses to re-infect the host. Aurora also apparently hijacks some legitimate running processes," Butler explains.
-- advertisement --
Butler has spent hours trying to clean Aurora out of sytems. "I've found that one needs to boot in command prompt safe mode and delete the file c:\winnt\ceres.dll. The file will not delete in normal mode and will regenerate the software if not deleted. No anti-spyware software will delete the file either."
Aurora also seeds confusion, says Butler. "Aurora is part of a group from Direct Revenue that includes: ABetterInternet, ABI Network, Ceres, Aurora, WinFixer, Direct Revenue and Search Assistant."
The confusion extends to Aurora Networks, a technology company that has nothing to do with the spyware, but finds itself mistaken for the malefactor. The firm has gone so far as to publish helpful updates and links for managing the Aurora spyware threat on its Web site.
That site includes a link to the Aurora authors' own removal tool. It would seem foolish to trust such a tool, but at least one reader, Scott Davidson, owner of ARX Computers, had good luck with the Aurora-built fix.
"In the effort to stay ‘legal,' many spyware purveyors offer uninstall programs. They don't make it easy to find, but they're out there on a regular basis," says Davidson. "You may be leery of using it, but I figure this company has already had its way with this computer, so going back for more shouldn't do additional damage. The uninstall program for Aurora works like a charm. However, remember the best tool for fighting spyware in general is System Restore."
Matt Yeager also tried the Aurora removal tool, after seeing positive feedback on a number of forums. He says the tool removed the pernicious spyware.
"A malware company you can trust? I don't think so," Yeager writes. "A malware company that's worried about prosecution is probably more like it."
[/quote]A Bloody Irish Answer
By Kevin Jordan
How can IT professionals hope to put an end to the malware scourge? Kevin Jordan, of Belfast, Ireland, offers an idea.
"Here in Belfast we have a shop called B&Q and it's a hardware/home/garden improvement type of place. Now in there they sell nice, handy lengths of timber. Sand one end until it's rounded and provides a nice tight grip, allowing both hands to hold roughly four feet of 6x4. Find out from the local authorities who the onion is that wrote the spyware code. Go around to his/her (you never know) workplace or home using transport of your choice -- preferably low-budget airline or bus because you're already out the price of the lumber. Apply the said piece of timber several times to the body of the numpty who's responsible for causing this irritation. Before he/she loses consciousness, try to find out anything about his/her contacts and pass this info on to like-minded people you know.
Hopefully this will mitigate the cost of the timber and transport by spreading it about and eventually these people will give up their activities since it's hard to type with broken fingers.
Incidentally, in order to comply with health and safety legislation, it may be prudent to wear some form of protective gloves and visor, just in case some loose splinters are flying about."
Kevin Jordan is a presales IT consultant. [/quote]....."