Not another Norton Triumph...

[caddyman]

It appears that simply installing Norton on a PC isn’t enough to get rid of aurora. Neither is using the latest versions of adaware and no-adaware.

So far, other than slowing my machine down quite noticeably, and forcing me to surrender to certain applications’ insistence on net access, because of the constant warning pop-ups that prevent me from doing anything else, I’m not sure that Norton has delivered any benefit.

The next stage in my attempts to get rid of Aurora is to follow this procedure:

1. Start computer in safe mode.
2. search your computer for ceres.dll and delete it.
3. search for buddy.exe and delete it.
4. run a registry editor. I just use the standard regedit
5. search the entire registry for "ceres" but don't delete everything that comes up, only the entries that have "ceres" or "ceresdll" exclusively, so don't delete stuff like TWCEResources (example), they will come up because they have "CERes"
6. Search the entire registry for buddy.exe and delete away.
7. Restart your computer and you should have killed it!

Before I do, however, can one of you techie types confirm for me that ‘regedit’ is a windows application hidden away somewhere in XP, or do I have to go elsewhere for it?

Any thoughts welcomed.

Comments

[bibliogirl.livejournal.com]

Regedit should be a standard part of Windows AFAIK, yes.

[westernind.livejournal.com]

If you're running Windows XP, you should also disable System Restore before doing this procedure (step 0.), and re-enable it afterwards. (step 8) Otherwise, if at some point in the future you revert to a previous backup, the virus will reappear on your machine.

Also, when you have deleted ceres.dll and buddy.exe, empty the Recycle bin. (step 3a)

Regedit is indeed a windows app. You get to it by Start -> Run -> type 'regedit'.

[keith-london.livejournal.com]

Here is my limited understanding: "Regedit" is Window's "Registry Editor", which can be accessed through "STart" (bottom lft hand corner) --> RUN --> (type in) regedit. This will bring you to a split screen, and a folder structure that enables you to look for the specific regsitry files to edit (alter). All I would say about Regedit is - I am deeply suspicious of it, in case one does something on bad advice. I have only ever used Regedit directly just once. I made a change, but it didn't seem to help. My greatest fear is - do something wrong on Regedit, and the computer might not reboot!

In summary, I would either double check with a real techie or do inordinate anounts of "research" (on the internet forums) to reassure myself before I edited any regsitry keys.

[ephraim.livejournal.com]

The registry is a source of much fear for people, but as long as you don't go randomly deleting stuff, you should be fine.

Read the instructions you've put above. Then open regedit. Then read the instructions again, just to be sure. Then go to it.

if you're nervous...

[westernind.livejournal.com]

...export the entire registry to somewhere safe. Once in Regedit, it's File -> Export. It's a big file - just tried, and mine's something like 73Mb.

NB Make sure you set the export range to All. The export range is at the foot of the Export screen. Don't choose the option 'Selected Branch'

Disclaimer: I am a seat-of-the-pants merchant and have never actually bothered backing up my registry. Anyone know how to re-import the data in the case of cockup? Do you have to be in Safe Mode?

Re: if you're nervous...

[ephraim.livejournal.com]

Nah - you can import the file just using the "import" function. Basically you are safe as long as you can get regedit to work...

[pax-draconis.livejournal.com]

Ignore them all. If you TOUCH your registry settings your HEAD will CATCH FIRE and it will BURN for NINE GENERATIONS. Plus, your computer still won't work.

[caddyman.livejournal.com]

Good to see you back.

There was a Pod online last night pretending to be you, you know.

[pax-draconis.livejournal.com]

Damn pods. Getting everywhere nowadays. I bet it was pretending to be me in a good mood as well.

[blue-room.livejournal.com]

If nothing else works then downloading a copy of Highjack This (http://www.spywareinfo.com/~merijn/downloads.html Might help.
It scans your registry and presents it in an easy to view and edit way (also an easy to edit and destroy your computer as well).

Then post a copy of you log file from Highjack this on the http://forums.spywareinfo.com/ and someone should tell you what to to delete using highjack this. Alternatively search those forums and look for someone with the same problem and follow the advice given.

Then stop using IE and get yourself Firefox so you won't ever have to do this again.

[westernind.livejournal.com]

Firefox dunt work on the Abel & Cole organic vegetable delivery service website :-(

*pssst*

[westernind.livejournal.com]

shall we tell him he has to wear nylon Y-fronts so the static electricity doesn't auto-clear the registry?

[pauln.livejournal.com]

That was how we knew it wasn't really you.

Re: *pssst*

[ephraim.livejournal.com]

Absolutely. We'll also tell him to shave off his beard for fear of static facial hair follicles and to wear a bathing cap.

[blue-room.livejournal.com]

Mark W: Write a letter of complaint forthwith, no excuse for that really this late in the day. Only site you should need IE for is the microsoft update site and that's it, web standards uber alles...*ahem* I'll go have that cup of camomile tea now.

Re: *pssst*

[caddyman.livejournal.com]

You can stop whispering, you two.

I already have the protective propeller beanie, so I am safe.

[caddyman.livejournal.com]

Sad to say, I do use Firefox.

[cowjam.livejournal.com]

pre-emptive edit: I've just read all the replies and most of this has been said anyway...

Those insturctions should do you well.

I can't remember what you posted previously, and sorry if this is teaching you to suck eggs, but make sure that you've got service pack 2 installed, get microsoft antispyware (it's beta but still rather good), avg free (from here) is better than norton, get security task manager from here, that'll list everything that's running and attempt to remove anything you don't like (go easy with it though, it's powerful).

Delete all temp files by doing a disk cleanup then removing windows/temp.
Turn system Restore off. Sounds dangerous but some things hide in there and you can't get them. You can turn it back on once you're clean.

After that you'll still need to go through your registry. Start, Run then type regedit and it'll open. Go easy with this too. Like step 5 says, don't go deleting things willy nilly cos you can fuck everything up.

If you want any help you can mail me on cowjam at cowjam dot co dot uk - I clean machines as part of my job (c:

[caddyman.livejournal.com]

Thanks for the offer - I may well do that if it all goes tits up over the next few days.

It took me two attempts tonight, but so far, I think it's clear. Though when I've finished general faffing around, I'll do the disk clean up thang.

[blue-room.livejournal.com]

Mark W: WTF! Any idea how you got infected? Something off bit-torrent that got past the virus checker?

[caddyman.livejournal.com]

Yeah, I think it self-extracted out of .rar file I downloaded.

No more of them for me.

[crazedgiggles.livejournal.com]

The best cure for PC problems is usually:
1. Chuck PC in the trash
2. Buy a Mac :)