My experience started off whenever my grandfather commented on Aurora being on his computer. countless hours later, it still pops up. I've scanned with AdAware, Spybot S&D, Ewido, Norton, AVG, Panda online, and even Hijack this only to come up with the same problem.
Using some brilliant tools developed by SysInternals, I've tracked down Aurora's source file. C:\Windows\system32\DrPmon.dll
Its using redundant dummy files with random names to deploy the program to avoid detection. I was able to track what files these dummy files were calling on and wound up at our source file.
SysInternals Access Eunumerator says access to the file is everyone however, Norton, PGP, and Explorer are unable to delete the file because access is denied. "Perhaps the file is in use". Not according to Process Explorer. And the dummy files can't have it open as I have those processes' suspended.
I've loaded the computer into DOS using a startup disk only to not be able to find my C drive.
Maybe I'm overlooking something simple, but please help.