[remintellegere]

Well, let me start off by saying a few things about my particular experience with Aurora. I've been using computers for in excess of 10 years, I've talked to ALOT of professional programmers about this issue, and I do know my way around XP if you know what I mean.

My experience started off whenever my grandfather commented on Aurora being on his computer. countless hours later, it still pops up. I've scanned with AdAware, Spybot S&D, Ewido, Norton, AVG, Panda online, and even Hijack this only to come up with the same problem.

Using some brilliant tools developed by SysInternals, I've tracked down Aurora's source file. C:\Windows\system32\DrPmon.dll

Its using redundant dummy files with random names to deploy the program to avoid detection. I was able to track what files these dummy files were calling on and wound up at our source file.

SysInternals Access Eunumerator says access to the file is everyone however, Norton, PGP, and Explorer are unable to delete the file because access is denied. "Perhaps the file is in use". Not according to Process Explorer. And the dummy files can't have it open as I have those processes' suspended.

I've loaded the computer into DOS using a startup disk only to not be able to find my C drive.

Maybe I'm overlooking something simple, but please help.

[Advertisements]

If you would like to post advice in the Malware Forum, you must first go thru are training program. You can sign up here GeekU


~Excal

Edited by Excal, 10 July 2005 - 05:55 PM.

[remintellegere]

If you would like to post advice in the Malware Forum, you must first go thru are training program. You can sign up here GeekU


~Excal

Edited by Excal, 10 July 2005 - 05:55 PM.