Aurora: not the pretty lights in the sky.
May 16, 2005 8:27 PM Subscribe
Two friends have been infected with the evil Aurora pop-up thing, and I've spent hours thinking about how to kill it. I've installed Avast on their systems and no dice yet. Is there an app that will destroy it, or is the fix deep DIY registry surgery? Thanks!
Found a shorter post with instructions - caveat: I didn't write it, haven't tried it, yada yada yada. Good luck - I hate those things!
posted by Aster at 8:40 PM on May 16, 2005
posted by Aster at 8:40 PM on May 16, 2005
I am so glad someone asked this, because I was about to. I tried the messages above. Went through safe mode, ran spysweeper, and STILL have aurora problems.
Please, PLEASE someone answer this. As far as I can tell, Aurora is like herpes: it's impossible to get rid of. Just when you think you're ok, there's some crazy flare up.
I don't want to format.
(PS: how can it be that these people are NOT in jail!?)
posted by absalom at 10:42 PM on May 16, 2005
Please, PLEASE someone answer this. As far as I can tell, Aurora is like herpes: it's impossible to get rid of. Just when you think you're ok, there's some crazy flare up.
I don't want to format.
(PS: how can it be that these people are NOT in jail!?)
posted by absalom at 10:42 PM on May 16, 2005
These two possible solutions look pretty similar (I don't know/don't have aurora)
posted by peacay at 1:13 AM on May 17, 2005
posted by peacay at 1:13 AM on May 17, 2005
I personally struggled with this one as well until I found and used the app at mypctuneup.com to successfully remove it. No obvious ill effects.
posted by whatisish at 8:07 AM on May 17, 2005
posted by whatisish at 8:07 AM on May 17, 2005
For what it's worth... I tried many of the online solutions and couldn't make them work for me. None of the MANY spyware apps could fix it either. Although I had reservations about using a vendor product, it seems to work exactly as advertised - without adding anything new. I only wish I had backup up my registry first to compare the before and after.
posted by whatisish at 8:17 AM on May 17, 2005
posted by whatisish at 8:17 AM on May 17, 2005
Just yesterday I worked on yet another computer with an Aurora (among others) infection. Multiple cleanings with Spybot, AdAware, and MS Antispy, in both normal mode and safe mode, have still not completely ridded it out. As this particular machine had some other issues as well, and I had already spent too much time on it, I recommended a wipe and reload. I know you said you didn't want to format, but at some point it's not worth it to keep fighting it; it's easier to just nuke the whole drive and start fresh. (Unless you just enjoy the challenge of spending potentially hours on end tracking down the last remnants of this crap.) Even if you do manage to completely eradicate it, it's fairly likely that it has insinuated itself so deeply into your system that removing it will break things like LSPs and winsocks, affecting your internet connectivity. Not to mention the fact that if System Restore is on (assuming XP) you likely have backups of Aurora still on your drive. It can't simply respawn itself out of the System Restore files, but if your system is rolled back, it reappears.
Also use a quality virus scanner, or even two, to be sure you have no lingering viruses, especially trojans. Scan the entire system (all hard disks/partitions) with the very latest definition files. I recommend AVG or AntiVir (both free), Leo Laporte (whom I highly trust) recommends Nod32 (not free, but apparently worth it). I wouldn't completely trust Norton or McAfee, but if you already have one of them, it's a good start.
And in the future:
Switch to Firefox. Or Opera. Or even plain Mozilla. Basically anything but Internet Explorer. If you don't know why - well, I won't take up the space here, ask your local geek about Active Scripting.
Even though now you've stopped using IE (right?), be sure to always immediately install any Windows updates. You'll have to use IE briefly to do this, but you'll be updating it, too. And you'll only use it to visit the Windows Update site, nothing else. (Right?) One could argue for waiting to be sure new patches and security fixes don't break something, but in general you want to implement them right away. As soon as they are released, that's an invitation for malware authors and crackers to exploit all the bugs the path fixes: now the security holes are public knowledge, and anyone who doesn't apply the patch is obviously still vulnerable.
Regular, timely updates also apply to any and all antivirus and antispyware programs. Don't overdo it - too many running at once, and they'll just fight with each other for resources. MS Antispyware is pretty decent for real-time protection (to prevent spyware/adware in the first place). Spybot and AdAware are currently the best free programs for weekly or at least monthly checks for anything that may have slipped through. Another Leo recommendation, for a non-free spyware scanner - Webroot's SpySweeper. Just don't install 5, 6, 10 different programs - more is not better. One antivirus is plenty to have installed and running all the time. Supplement it with an occasional online scan like Trend Micro's HouseCall. Just keep in mind that no one program will find/block all malware every time. Use up to four antispyware programs (one real-time) to cross check each other, one installed and up to two online virus scanners to do the same.
Use a router (on a broadband connection) and/or a quality software firewall. In general, I would trust the built-in Windows firewall (XP and up only), especially when paired with a properly-configured router. ZoneAlarm is another good choice. I would stay away from Norton Internet Security's Personal Firewall. Not that it doesn't work, it's actually too intrusive.
Educate yourself and others on good browsing habits. What not to do, not to click on, where not to go, etc. What you avoid doing can make as big a difference as what you do. I don't know of a resource for this off the top of my head; again, ask your local geek for a little training.
And of course, some would say: Switch! Ditch the PC and use a Macintosh. Or linux. Not always a viable option, but certainly a valid point.
On preview: mypctuneup seems ok at first glance, but I haven't used it. Might be worth a shot, though.
posted by attercoppe at 8:22 AM on May 17, 2005
Also use a quality virus scanner, or even two, to be sure you have no lingering viruses, especially trojans. Scan the entire system (all hard disks/partitions) with the very latest definition files. I recommend AVG or AntiVir (both free), Leo Laporte (whom I highly trust) recommends Nod32 (not free, but apparently worth it). I wouldn't completely trust Norton or McAfee, but if you already have one of them, it's a good start.
And in the future:
Switch to Firefox. Or Opera. Or even plain Mozilla. Basically anything but Internet Explorer. If you don't know why - well, I won't take up the space here, ask your local geek about Active Scripting.
Even though now you've stopped using IE (right?), be sure to always immediately install any Windows updates. You'll have to use IE briefly to do this, but you'll be updating it, too. And you'll only use it to visit the Windows Update site, nothing else. (Right?) One could argue for waiting to be sure new patches and security fixes don't break something, but in general you want to implement them right away. As soon as they are released, that's an invitation for malware authors and crackers to exploit all the bugs the path fixes: now the security holes are public knowledge, and anyone who doesn't apply the patch is obviously still vulnerable.
Regular, timely updates also apply to any and all antivirus and antispyware programs. Don't overdo it - too many running at once, and they'll just fight with each other for resources. MS Antispyware is pretty decent for real-time protection (to prevent spyware/adware in the first place). Spybot and AdAware are currently the best free programs for weekly or at least monthly checks for anything that may have slipped through. Another Leo recommendation, for a non-free spyware scanner - Webroot's SpySweeper. Just don't install 5, 6, 10 different programs - more is not better. One antivirus is plenty to have installed and running all the time. Supplement it with an occasional online scan like Trend Micro's HouseCall. Just keep in mind that no one program will find/block all malware every time. Use up to four antispyware programs (one real-time) to cross check each other, one installed and up to two online virus scanners to do the same.
Use a router (on a broadband connection) and/or a quality software firewall. In general, I would trust the built-in Windows firewall (XP and up only), especially when paired with a properly-configured router. ZoneAlarm is another good choice. I would stay away from Norton Internet Security's Personal Firewall. Not that it doesn't work, it's actually too intrusive.
Educate yourself and others on good browsing habits. What not to do, not to click on, where not to go, etc. What you avoid doing can make as big a difference as what you do. I don't know of a resource for this off the top of my head; again, ask your local geek for a little training.
And of course, some would say: Switch! Ditch the PC and use a Macintosh. Or linux. Not always a viable option, but certainly a valid point.
On preview: mypctuneup seems ok at first glance, but I haven't used it. Might be worth a shot, though.
posted by attercoppe at 8:22 AM on May 17, 2005
Also (looking at links in previous posts):
These solutions look as if they should work, but they are involved, "deep DIY registry surgery"-class, solutions. One I would not recommend is using any uninstaller provided by the spyware distributor/author, and leaving it at that. Removing spyware/adware with its provided uninstaller is fine, but still run a scan with a good antispyware program to clean up the remains.
As I alluded to before, depending on your level of infection, a wipe and reload may be less hassle. Plus it's sure to clear it out (include a full drive format). Just be sure to back up - and carefully - dragging and dropping entire folders wholesale can get you a backup of the malware.
Okay, I'll shut up now.
posted by attercoppe at 8:34 AM on May 17, 2005
These solutions look as if they should work, but they are involved, "deep DIY registry surgery"-class, solutions. One I would not recommend is using any uninstaller provided by the spyware distributor/author, and leaving it at that. Removing spyware/adware with its provided uninstaller is fine, but still run a scan with a good antispyware program to clean up the remains.
As I alluded to before, depending on your level of infection, a wipe and reload may be less hassle. Plus it's sure to clear it out (include a full drive format). Just be sure to back up - and carefully - dragging and dropping entire folders wholesale can get you a backup of the malware.
Okay, I'll shut up now.
posted by attercoppe at 8:34 AM on May 17, 2005
I had Aurora popups. Ran Hitman Pro 2 and now I don't have anymore. The unfortunate thing is Hitman Pro 2 is in Dutch, so you'll probably have to translate. (I used Altavista).
Hitman Pro 2 automatically installs, updates, and runs CWShredder, Ad-Aware, Spy Sweeper, and Spybot. I used default settings. In addition to that I ran Norton afterwards. My Microsoft Anti-spyware active protection initially removed several spyware files but Hitman Pro removed much more and got rid of the popups.
I'm still concerned I may have additional spyware on my comp, so I'm gonna try some additional methods mentioned above just to make sure... but at least the popups are gone.
posted by freshness at 2:14 AM on May 18, 2005
Hitman Pro 2 automatically installs, updates, and runs CWShredder, Ad-Aware, Spy Sweeper, and Spybot. I used default settings. In addition to that I ran Norton afterwards. My Microsoft Anti-spyware active protection initially removed several spyware files but Hitman Pro removed much more and got rid of the popups.
I'm still concerned I may have additional spyware on my comp, so I'm gonna try some additional methods mentioned above just to make sure... but at least the popups are gone.
posted by freshness at 2:14 AM on May 18, 2005
This thread is closed to new comments.
posted by jikel_morten at 8:36 PM on May 16, 2005