Help needed in removing VX2/Aurora spyware

[NeoPTLD]

My computer picked up the Aurora hijack that causes pop ups when IE is used. Before I go any further, if you're going to tell me "dont' use IE, use Firefox", please don't say anything.
There are times when applications start up IE, such as AIM and certain pages makes it impossible to not use IE.


I ran Adaware, which cleans up the registry entries, but as soon as IE is used, they all come back. I downloaded the VX2 add-on from lavaware, but it doesn't detect anything. Latest version of Symantec anti-virus picks up nothing.

Anyone have advise on how to COMPLETEY remove Aurora spyware? I'm not going to use www.mypctuneup.com/aurora as from what I read, this program installs other spyware in exchange for removing Aurora.

 

[cjbee]

Yeah, that's a BHO (browser helper object). It is a common tactic used by spyware that reinfects you whenever you open an Explorer window, although you thought you removed it.

Refer to TheFlyingPenguin's guide to removing it. It's very in-depth and should work for you...http://theflyingpenguin.com/spyware-removal.shtml

 

[kobymu]

hijackthis from safe mode

 

[daveybrat]

Even hijack this in safe mode will remove it, but it will continue to come back every time you run it.

I have found no way of removing it yet, and i've had to format the 2 customer's computers i've worked on that had it.

I tried every suggestion, ran every spyware utility, and tried that aurora uninstall utility which is useless, and even the command line version all to no avail.

All of this was in safe mode of course and after cleaning all temp folders.

It's a crazy one that there isn't a lot of info on yet unfortunately.

Good luck with it.

 

[kobymu]

Originally posted by: daveybrat
Even hijack this in safe mode will remove it, but it will continue to come back every time you run it.

I have found no way of removing it yet, and i've had to format the 2 customer's computers i've worked on that had it.

I tried every suggestion, ran every spyware utility, and tried that aurora uninstall utility which is useless, and even the command line version all to no avail.

All of this was in safe mode of course and after cleaning all temp folders.

It's a crazy one that there isn't a lot of info on yet unfortunately.

Good luck with it.

have you tried the following:
1. editing the .dll/.exe to zero size and than mark it read-only+system+hidden (preferable in command-line console from the CD)
2. searching the registry key identifier (if it has one) manually in the registry and removing it

 

[toant103]

go here to download a program call trojan removal

http://www.simplysup.com/tremover/

 

[Scrubber]

VX2 Finder removal

 

[corkyg]

This thread is well covered here:

Nailed