Currently, I am running the AVG Anti-Virus (as requested by the other forum). I have booted off of my D drive (alternate Windows), and my Panda Anti-virus is on the C drive.
Running the AVG has JUST picked up a Trojan horse that Panda missed! Wow. I pay GOOD money for that software. Arrgghhh. So, will remove this, then re-run Adware, and then HiJackThis. However, the question here is DO you want me to simply quarantine anything that comes up with Adware, or delete. The other tech's notes are also at the bottom of this post.
I am on a PC using XP Pro, with the service pack 2. My computer (Wednesday evening) was infected with Aurora, aka ABI. I could not remove it using Panda (latest version) or Spy Sweeper. I googled Aurora and found you guys.
I read your description on what to do, however, because of the constant closing of dreaded pop-ups (about one every two to three seconds - unbelievable!), I was unable to download the software that you guys described for the fix, and certainly wasn't able to run it!
Ran a quick search on how many files were "new files' created that day, and the file list simply kept growing before my eyes. Even though I was scared to shut off my machine, I also knew that I could not stop the constant pop-ups and files that were being created. The question then was which would be worse, more new files or turning off my machine? Also, since I had no clue how I had GOTTEN this Trojan/virus (via email, download, hacking), I was afraid that if I left my machine on that other people would become infected via my email. How does it spread, anyway? Unplugging from the Internet meant that others would not be able to use the system, and that I would not be able to use a different machine to search for answers.
It was getting very late (1:30 AM), and the new files being created continued to grow, so I turned off my system. Mistake. BIG mistake.
Next morning, turned on system, and computer went into constant reboot cycle. First it would boot up, then the computer would have an error message that said it was sorry for the inconvienance (blahhaha), but that it could not boot up, and which way did I want to continue, offering: Safe Mode, Safe mode with control prompt, Last known good setting, and another item which I can't remember. I chose ALL of them at different bootups. Nothing, just continued to reboot no matter what I did.
Thankfully, I have an alternate Windows on my D drive (courtesy of my son!) and I was able to choose the alternate Windows before the reboot cycles began. This worked, but it is a virgin Windows, with none of my software installed.
I worked on a different computer, and downloaded the software and printed out the steps steps outlined for getting rid of this pesky Aurora, etc. The software I used in the following order was: CleanUp, Ad-aware SE, CWShredder, Spybot S&D, Ewido Security Suite, HiJackThis. I saved the logs as requested.
However, I still cannot boot back into my old C drive Windows. I am OK with reinstalling all my software (&*%$#!!!! Arrggghhh), but there are a few files that I would like to save that are on my Desktop in the old Windows.
1. Is there a way to STOP the constant rebooting when using the old Windows?
2. If not, is there a way to reclaim 2 files from the old Desktop from the C drive Windows? All other files have been backed up, previously.
3. How is this DANG trojan spread? Does it come from an email, or hacking, or what? I have spyware, Panda Antivirus AND a hardware firewall. HOW did it make it through?
4. Can we SUE these blankety blank blanks!!
Once again, I do have the HiJackThis log, if it would help.
BTW, THANKS so much for your efforts for all of us users out here,
Hello my name is Werner and I'll be assisting you today.
It looks like you may have a serious threat on your PC which will need expert advice. But before going anywhere I recommend trying to get these great Free Programs.
1. AVG Anti Virus
2. Ad Aware SE Personal
After downloading these programs, make sure you update them to the latest definitions files.
Do a full scan with AVG first, and remove ANY threats that it detects.
Then do a Ad Aware scan and quarantine the files but DO NOT REMOVE THEM YET!
After doing the two scans, please go to the MALWARE forum and post your HJT log there. Also ask for advice there and how to deal with the files found by Ad Aware and AVG. The people there are qualified to read logs and most are Malware experts. You'll be in good hands there.
Hope all this helped, Good Luck!