Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Robust version of Aurora


  • This topic is locked This topic is locked

#1
remintellegere

remintellegere

    Member

  • Member
  • PipPip
  • 34 posts
Well, let me start off by saying a few things about my particular experience with Aurora. I've been using computers for in excess of 10 years, I've talked to ALOT of professional programmers about this issue, and I do know my way around XP if you know what I mean.

My experience started off whenever my grandfather commented on Aurora being on his computer. countless hours later, it still pops up. I've scanned with AdAware, Spybot S&D, Ewido, Norton, AVG, Panda online, and even Hijack this only to come up with the same problem.

Using some brilliant tools developed by SysInternals, I've tracked down Aurora's source file. C:\Windows\system32\DrPmon.dll

Its using redundant dummy files with random names to deploy the program to avoid detection. I was able to track what files these dummy files were calling on and wound up at our source file.

SysInternals Access Eunumerator says access to the file is everyone however, Norton, PGP, and Explorer are unable to delete the file because access is denied. "Perhaps the file is in use". Not according to Process Explorer. And the dummy files can't have it open as I have those processes' suspended.

I've loaded the computer into DOS using a startup disk only to not be able to find my C drive.

Maybe I'm overlooking something simple, but please help.
  • 0

Advertisements


#2
remintellegere

remintellegere

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
If you would like to post advice in the Malware Forum, you must first go thru are training program. You can sign up here GeekU


~Excal :tazz:

Edited by Excal, 10 July 2005 - 05:55 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP