Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora and Buddy popups/malware[RESOLVED]


  • This topic is locked This topic is locked

#1
ladca2003

ladca2003

    New Member

  • Member
  • Pip
  • 6 posts
Hello, my computer has been infected with abetterinternet virus, along with it or as part of it, as soon as I go in the internet, aurora comes to greet with her friend buddy.

I have updated the virus def. in Nortorn and I notice that norton does finds the program but it comes back again. I have not seen the names that I get for malware in the forum or maybe I have not done my homework correctly, the thing is that one of the names is "ikgthromzsf.exe" and it keeps duplicating in the registry, I have also upgraded Ad-Aware and it does not help. I wonder if anyone can help me run a few test or if they have experinced the same problem. Thank you.
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there.
Which version of ad-aware you have? Pro, personal or Plus?
  • 0

#3
ladca2003

ladca2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ad-Aware personal
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Okay, maybe you should do this.
Follow these instructions (also delete all tracking cookies from your system);
http://www.geekstogo...showtopic=16830
and post fresh ad-aware log to Lavasoft support - category.
Thanks,

- Rawe :tazz:
  • 0

#5
alpha omega

alpha omega

    New Member

  • Member
  • Pip
  • 1 posts
A free uninstaller can be found at removed - Metallica. They claim to have live support, but I haven't tried it.

Edited by Metallica, 11 May 2005 - 06:43 AM.

  • 0

#6
ladca2003

ladca2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you Rawe for replying and helping out, however I check out the link from "alpha omega" and it worked like a charm. Maybe the moderators are to take a look at this link, I think it can help a lot of people. Thanks everyone, problem solved and thanks to Geeks to go for an excellent forum. :tazz:

Edited by ladca2003, 18 April 2005 - 06:07 PM.

  • 0

#7
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
ladca2003

Can I get you to post a fresh HiJackThis log so we can verify that things are indeed better?

To everyone else who has posted advice to this thread.

Read the forum rules

ONLY Geeks to Go Staff members are allowed to reply to topics in this forum. This is due to damage that can be caused by improper advice.

You will find this line at the top of every page in the malware removal forum.

If you want to post help in the Malware Removal forum here at GTG, you need to be a staff member. Click here to join Geek U.

ScHwErV :tazz:
  • 0

#8
vpratt

vpratt

    New Member

  • Member
  • Pip
  • 6 posts
I am finding I am having the same problems like alot of you. All of a sudden starting Sunday, I have been getting these stupid Aurora pop-ups. As with many others. I have done ad-aware and now spybot. Keeps coming up. Plus now starting today there is this new search bar above my task bar. I can't get rid of that either. PLEASE HELP!! I would appreciate any help.
  • 0

#9
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
vpratt

Please read the forum rules at the top of each page.

Do not post your problems into other open logs saying "I have the same issue, here is my log" etc. This is too confusing for everyone involved. Also, please stay with your original topic when posting follow ups.

Please start your own thread.

ladca2003

If you still need help.

Please read this post and follow the instructions there.

In order to get a better idea of whats happening with your computer:
  • Please download the latest version of HiJackThis from either Site 1 or Site 2
  • Copy it into its own folder, doubleclick HijackThis.exe, and hit "Do a system scan and save a logfile"
  • When the scan is finished, it will ask you to save the log. Just save it anywhere that you will remember like your desktop.
  • After you save it, the log will open in notepad. In notepad, press Ctrl-A to Select All, and copy its contents in a reply to this post.
  • Most of what it lists will be harmless or even essential
  • Don't Fix Anything Yet
Good Luck

ScHwErV :tazz:
  • 0

#10
ladca2003

ladca2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you, here is my log, have not been around for the last day. Thanks for the help.


Logfile of HijackThis v1.99.1
Scan saved at 3:56:13 PM, on 04/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,20/mcgdmgr.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#11
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
ladca2003

Your log is clean. Are you still having symptoms?

ScHwErV :tazz:
  • 0

#12
ladca2003

ladca2003

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Nope, it seems as if all cleared up. Thanks for taking the time and the help.
  • 0

#13
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP