I HAVE however removed about 2 or 3 other pieces of malware that were installed using the same malware multidropper payload from the crap I downloaded off of kazaa.
I am beginning to suspect that the Aurora popups have a REally effective hiding mechanism and may even be something along the lines of a rootkit, although scans with a freely available rootkit revealer came up negative.
I have also noticed a few of these aurora threads indicate that the popups occur both with IE AND FireFox, tragically.
I have also experienced the behaviour mentioned in other threads of Norton AV coming up disabled after reboot and needing manual re-enabling.
I also notice now that my popup killer app (puk) is coming up disabled, or being
disabled soon after boot.
This is a newer behaviour which has only started in the last day or so, of my now nearly month long infestation.
This makes me think that this malware is being actively updated as new suppresion techniques are discovered,,
One interesting feature of this cluster of vermin, is that it creates randomly named processes in the process list.
These named are rerandomized after each boot.
I have seen a number of forum threads attempting to address these processes by name, which seems to be wasted effort, since the process is REcreated from the windows prefetch cache upon boot and assigned a new random name each time.
The names are simple random strings of characters like "diglx.exe" or "rgflp.exe" etc. etc.
HAving said all this, I did manage to get rid of the rogue processes in my list using various registry tools, and the addition of a batch file that cleans my temp cache on reboot and shutdown.
BUT the Aurora popups still remain, and my fuse toward a complete wipe and reinstall is burning up.
Has ANYONE managed to free themselves of this beast for more than 24 hours straight?
I submit that you have NOT. as I have NOT.
PLEASE PROVE ME WRONG.
Love to you all, MANTHRAX
p.s - I am in posession of the original infection vector EXE that caused my infestation. If that would be useful to anyone, please pm me and we can discuss.