Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Adware ? [RESOLVED]


  • This topic is locked This topic is locked

#16
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
So Norton doesnt find them anymore?
  • 0

Advertisements


#17
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
It doesn't allow me to copy/ paste the scan results and of course it won't delete the malware as I mentioned in an earlier post.

I did write the files down. though

01265912-1B27-4A Adware.Aurora
38CA2009-6100-43
499D7701-82AB-4B
5A089208-6C25-4C
5F7A4BBE-3609-4B
68833A37-83A1-48
8E2A3211-F1F0-46
AB529057-CFE7-4C
BBF80057-12E2-43
D5B83A66-E358-AD
FF437C8D-6002-4C
qkbzqvqsp.exe
tbslwb.exe
xkqqzxi.exe

I hope this helps.
  • 0

#18
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Norton should give you the path to these files

qkbzqvqsp.exe
tbslwb.exe
xkqqzxi.exe

For instance C:\windows\system32\xkqqzxi.exe
or C:\windows\xkqqzxi.exe

Please let me know if it does and what they are

Thanks
  • 0

#19
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK,

Only shows 13 threats now and 11 are in my Microsoft Antispyware Quarantine, which I cannot seem to locate. The paths are very long and will take a long time for me to write each one down. Must be an easier way.
Can you advise?

The other 2 are located here:

C:\WINNT\qkbzgrgsp.exe
C:\WINNT\tbslwb.exe

Thanks loophole
  • 0

#20
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Ok great :)

The items in microsoft quarantine are harmless. Unfortunately I dont use the program and dont know how to delete them out of quarantine. I will ask around.

Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there

C:\WINNT\qkbzgrgsp.exe
C:\WINNT\tbslwb.exe



Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.

Are you having any problems other than the microsoft quarantine one?

thanks :tazz:
  • 0

#21
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Allright loophole,

I'm running another scan because apparently 1 file renamed itself from

C:\WINNT\tbslwb.exe

It is now

C:\!Submit\tbslwb.exe............amazing!

I'll be back in ten.

Thank you
  • 0

#22
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
thats fine too .killbox created thet folder for submitting files :tazz: it can be deleted

how is the computer running?
  • 0

#23
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey it looks like we killed the .exe files.

I still don't know where the 14th threat dissappeared to.

I'll keep trying to delete the quarantine files in MS antispyware.

If you find out about it, let me know. I want this crap off my PC.

The computer is running great :tazz:

Thanks loophole!
  • 0

#24
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
No problem :tazz: I will look into it and let you know
  • 0

#25
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey loophole,

I just found something very interesting.
The files I was searching for are not in MS antispyware, they're here:

The file C:\Program Files\Microsoft AntiSpyware\Quarantine\A0888C61-03CA-4465-B9FC-56079A\01265912-1B27-4A1E-9379-A28A89 is an adware threat.

I'm sorry, I overlooked the program files part.

This is 1 of 12 folders with 1 of the folders being empty.
(Recap- There are 11 threats existing now)

I didn't know the proper way to delete them so I would like you to take me step by step, if you would, to remove these folders the right way.

I'm hoping I don't have to write each folder down for you, as you can see they're long. If I could have copy/ paste earlier, we wouldn't be here now.

I found 12 folders in this file but didn't make the connection until I ran the mouse arrow over it's path and "BINGO", the hidden number appeared.

Anyway, I'm here waiting for your reply.

Thanks :tazz:
  • 0

Advertisements


#26
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
do they say this in them Microsoft AntiSpyware\Quarantine or quarantine in them?

Edited by loophole, 10 September 2005 - 09:51 PM.

  • 0

#27
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
All 11 of them, just as I wrote it out only with their own numbers, etc.
  • 0

#28
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
If it would help you, I'd be happy to write each one out for you. I'm familiar with this file now.

Did I answer your question?
  • 0

#29
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
No need they are harmless . The scanners detect them but they are locked in the microsoft quarantine. Thats also why it cant clean them. I'm still trying to figure out how to delete them out of there .they aren't a threat. Do you understand what I mean?
  • 0

#30
buildreamcb

buildreamcb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
So let me understand this.

Even though the quarantine area in MS spyware doesn't show any threats after a scan, the program files hosting these threats cannot be deleted?

And if this is true, most quarantine areas auto- delete after a while, does this not happen here?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP