Aurora Adware ? [RESOLVED]
Started by
buildreamcb
, Sep 05 2005 06:04 PM
#16
Posted 10 September 2005 - 12:05 AM
#17
Posted 10 September 2005 - 09:03 AM
It doesn't allow me to copy/ paste the scan results and of course it won't delete the malware as I mentioned in an earlier post.
I did write the files down. though
01265912-1B27-4A Adware.Aurora
38CA2009-6100-43
499D7701-82AB-4B
5A089208-6C25-4C
5F7A4BBE-3609-4B
68833A37-83A1-48
8E2A3211-F1F0-46
AB529057-CFE7-4C
BBF80057-12E2-43
D5B83A66-E358-AD
FF437C8D-6002-4C
qkbzqvqsp.exe
tbslwb.exe
xkqqzxi.exe
I hope this helps.
I did write the files down. though
01265912-1B27-4A Adware.Aurora
38CA2009-6100-43
499D7701-82AB-4B
5A089208-6C25-4C
5F7A4BBE-3609-4B
68833A37-83A1-48
8E2A3211-F1F0-46
AB529057-CFE7-4C
BBF80057-12E2-43
D5B83A66-E358-AD
FF437C8D-6002-4C
qkbzqvqsp.exe
tbslwb.exe
xkqqzxi.exe
I hope this helps.
#18
Posted 10 September 2005 - 09:10 AM
Norton should give you the path to these files
qkbzqvqsp.exe
tbslwb.exe
xkqqzxi.exe
For instance C:\windows\system32\xkqqzxi.exe
or C:\windows\xkqqzxi.exe
Please let me know if it does and what they are
Thanks
qkbzqvqsp.exe
tbslwb.exe
xkqqzxi.exe
For instance C:\windows\system32\xkqqzxi.exe
or C:\windows\xkqqzxi.exe
Please let me know if it does and what they are
Thanks
#19
Posted 10 September 2005 - 11:35 AM
OK,
Only shows 13 threats now and 11 are in my Microsoft Antispyware Quarantine, which I cannot seem to locate. The paths are very long and will take a long time for me to write each one down. Must be an easier way.
Can you advise?
The other 2 are located here:
C:\WINNT\qkbzgrgsp.exe
C:\WINNT\tbslwb.exe
Thanks loophole
Only shows 13 threats now and 11 are in my Microsoft Antispyware Quarantine, which I cannot seem to locate. The paths are very long and will take a long time for me to write each one down. Must be an easier way.
Can you advise?
The other 2 are located here:
C:\WINNT\qkbzgrgsp.exe
C:\WINNT\tbslwb.exe
Thanks loophole
#20
Posted 10 September 2005 - 02:51 PM
Ok great
The items in microsoft quarantine are harmless. Unfortunately I dont use the program and dont know how to delete them out of quarantine. I will ask around.
Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there
C:\WINNT\qkbzgrgsp.exe
C:\WINNT\tbslwb.exe
Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.
Are you having any problems other than the microsoft quarantine one?
thanks
The items in microsoft quarantine are harmless. Unfortunately I dont use the program and dont know how to delete them out of quarantine. I will ask around.
Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there
C:\WINNT\qkbzgrgsp.exe
C:\WINNT\tbslwb.exe
Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.
Are you having any problems other than the microsoft quarantine one?
thanks
#21
Posted 10 September 2005 - 06:17 PM
Allright loophole,
I'm running another scan because apparently 1 file renamed itself from
C:\WINNT\tbslwb.exe
It is now
C:\!Submit\tbslwb.exe............amazing!
I'll be back in ten.
Thank you
I'm running another scan because apparently 1 file renamed itself from
C:\WINNT\tbslwb.exe
It is now
C:\!Submit\tbslwb.exe............amazing!
I'll be back in ten.
Thank you
#22
Posted 10 September 2005 - 06:25 PM
thats fine too .killbox created thet folder for submitting files it can be deleted
how is the computer running?
how is the computer running?
#23
Posted 10 September 2005 - 07:29 PM
Hey it looks like we killed the .exe files.
I still don't know where the 14th threat dissappeared to.
I'll keep trying to delete the quarantine files in MS antispyware.
If you find out about it, let me know. I want this crap off my PC.
The computer is running great
Thanks loophole!
I still don't know where the 14th threat dissappeared to.
I'll keep trying to delete the quarantine files in MS antispyware.
If you find out about it, let me know. I want this crap off my PC.
The computer is running great
Thanks loophole!
#24
Posted 10 September 2005 - 07:35 PM
No problem I will look into it and let you know
#25
Posted 10 September 2005 - 09:47 PM
Hey loophole,
I just found something very interesting.
The files I was searching for are not in MS antispyware, they're here:
The file C:\Program Files\Microsoft AntiSpyware\Quarantine\A0888C61-03CA-4465-B9FC-56079A\01265912-1B27-4A1E-9379-A28A89 is an adware threat.
I'm sorry, I overlooked the program files part.
This is 1 of 12 folders with 1 of the folders being empty.
(Recap- There are 11 threats existing now)
I didn't know the proper way to delete them so I would like you to take me step by step, if you would, to remove these folders the right way.
I'm hoping I don't have to write each folder down for you, as you can see they're long. If I could have copy/ paste earlier, we wouldn't be here now.
I found 12 folders in this file but didn't make the connection until I ran the mouse arrow over it's path and "BINGO", the hidden number appeared.
Anyway, I'm here waiting for your reply.
Thanks
I just found something very interesting.
The files I was searching for are not in MS antispyware, they're here:
The file C:\Program Files\Microsoft AntiSpyware\Quarantine\A0888C61-03CA-4465-B9FC-56079A\01265912-1B27-4A1E-9379-A28A89 is an adware threat.
I'm sorry, I overlooked the program files part.
This is 1 of 12 folders with 1 of the folders being empty.
(Recap- There are 11 threats existing now)
I didn't know the proper way to delete them so I would like you to take me step by step, if you would, to remove these folders the right way.
I'm hoping I don't have to write each folder down for you, as you can see they're long. If I could have copy/ paste earlier, we wouldn't be here now.
I found 12 folders in this file but didn't make the connection until I ran the mouse arrow over it's path and "BINGO", the hidden number appeared.
Anyway, I'm here waiting for your reply.
Thanks
#26
Posted 10 September 2005 - 09:50 PM
do they say this in them Microsoft AntiSpyware\Quarantine or quarantine in them?
Edited by loophole, 10 September 2005 - 09:51 PM.
#27
Posted 10 September 2005 - 09:53 PM
All 11 of them, just as I wrote it out only with their own numbers, etc.
#28
Posted 10 September 2005 - 10:01 PM
If it would help you, I'd be happy to write each one out for you. I'm familiar with this file now.
Did I answer your question?
Did I answer your question?
#29
Posted 10 September 2005 - 10:21 PM
No need they are harmless . The scanners detect them but they are locked in the microsoft quarantine. Thats also why it cant clean them. I'm still trying to figure out how to delete them out of there .they aren't a threat. Do you understand what I mean?
#30
Posted 10 September 2005 - 10:35 PM
So let me understand this.
Even though the quarantine area in MS spyware doesn't show any threats after a scan, the program files hosting these threats cannot be deleted?
And if this is true, most quarantine areas auto- delete after a while, does this not happen here?
Even though the quarantine area in MS spyware doesn't show any threats after a scan, the program files hosting these threats cannot be deleted?
And if this is true, most quarantine areas auto- delete after a while, does this not happen here?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users