Aurora pop ups

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have an executable file that keeps attaching to my hard drive. I
downloaded the new Microsoft Beta spyware and it "found it" and removed it.
It keeps coming back and the spyware isn't fining it anymore. It attaches as
C:\windows\prefetch. When I search Aurora it appears as
sdcttxgztm.exe-09F32744.pf. I then delete it and it reappears everytime I
open Explorer. The pop ups that appear (constantly) say Aurora on the
boarder. Any help would be greatly appreciated!
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Using MSAS, do a Full system scan with all 3 options boxes checked in
normal Windows mode. Then do another one. If that doesn't remove it,
boot to Safe Mode and do another Full system scan.

If you could, before doing the scanning, see if you can locate the file
in another location besides the Prefetch folder. Rename it's extension
from .exe to .ixi, compress it to a .zip folder, password protect it,
and then email it me along with the password, please.
Send it to mowgreen aT gmail dot com. ( See if you can decipher the
address ;) I'll forward the file to MS.

MowGreen [MVP 2004-2005]

===============
*-343-* FDNY
Never Forgotten
===============

GiantsFan wrote:

> I have an executable file that keeps attaching to my hard drive. I
> downloaded the new Microsoft Beta spyware and it "found it" and removed it.
> It keeps coming back and the spyware isn't fining it anymore. It attaches as
> C:\windows\prefetch. When I search Aurora it appears as
> sdcttxgztm.exe-09F32744.pf. I then delete it and it reappears everytime I
> open Explorer. The pop ups that appear (constantly) say Aurora on the
> boarder. Any help would be greatly appreciated!
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks for the response. I searched my drives and the sdcttxgztm shows up as
an application under my C:/windows location. I did a scan with the MSAS and
it doesn't find anything. I also did a scan with the Cox Communications
spyware and it found "shopathome" software - which seems to be the same
thing. I attempted to go in and delete the sdcttxgztm application and get a
message that access is denied. I have deleted previously, but it just keeps
coming back. When I highlight it the description is: buddy and the company
is: direct revenue.

"MowGreen [MVP]" wrote:

> Using MSAS, do a Full system scan with all 3 options boxes checked in
> normal Windows mode. Then do another one. If that doesn't remove it,
> boot to Safe Mode and do another Full system scan.
>
> If you could, before doing the scanning, see if you can locate the file
> in another location besides the Prefetch folder. Rename it's extension
> from .exe to .ixi, compress it to a .zip folder, password protect it,
> and then email it me along with the password, please.
> Send it to mowgreen aT gmail dot com. ( See if you can decipher the
> address ;) I'll forward the file to MS.
>
> MowGreen [MVP 2004-2005]
>
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
> GiantsFan wrote:
>
> > I have an executable file that keeps attaching to my hard drive. I
> > downloaded the new Microsoft Beta spyware and it "found it" and removed it.
> > It keeps coming back and the spyware isn't fining it anymore. It attaches as
> > C:\windows\prefetch. When I search Aurora it appears as
> > sdcttxgztm.exe-09F32744.pf. I then delete it and it reappears everytime I
> > open Explorer. The pop ups that appear (constantly) say Aurora on the
> > boarder. Any help would be greatly appreciated!
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

GiantsFan ... sorry about the delay in getting back to you. Aurora is a
fairly recent variant of VX2/betterinternet. Direct Revenue is the
company that is behind it. Check this thread to see how it was removed
on one victim's system : http://castlecops.com/postp520003.html
Hopefully, Microsoft AntiSpyware will soon have the definitions to deal
with it. MS has been sent suspected files/samples of it.

MowGreen [MVP 2004-2005]

===============
*-343-* FDNY
Never Forgotten
===============

GiantsFan wrote:

> Thanks for the response. I searched my drives and the sdcttxgztm shows up as
> an application under my C:/windows location. I did a scan with the MSAS and
> it doesn't find anything. I also did a scan with the Cox Communications
> spyware and it found "shopathome" software - which seems to be the same
> thing. I attempted to go in and delete the sdcttxgztm application and get a
> message that access is denied. I have deleted previously, but it just keeps
> coming back. When I highlight it the description is: buddy and the company
> is: direct revenue.
>
> "MowGreen [MVP]" wrote:
>
>
>>Using MSAS, do a Full system scan with all 3 options boxes checked in
>>normal Windows mode. Then do another one. If that doesn't remove it,
>>boot to Safe Mode and do another Full system scan.
>>
>>If you could, before doing the scanning, see if you can locate the file
>>in another location besides the Prefetch folder. Rename it's extension
>>from .exe to .ixi, compress it to a .zip folder, password protect it,
>>and then email it me along with the password, please.
>>Send it to mowgreen aT gmail dot com. ( See if you can decipher the
>>address ;) I'll forward the file to MS.
>>
>>MowGreen [MVP 2004-2005]
>>
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>GiantsFan wrote:
>>
>>
>>>I have an executable file that keeps attaching to my hard drive. I
>>>downloaded the new Microsoft Beta spyware and it "found it" and removed it.
>>>It keeps coming back and the spyware isn't fining it anymore. It attaches as
>>>C:\windows\prefetch. When I search Aurora it appears as
>>>sdcttxgztm.exe-09F32744.pf. I then delete it and it reappears everytime I
>>>open Explorer. The pop ups that appear (constantly) say Aurora on the
>>>boarder. Any help would be greatly appreciated!
>>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi There Giants Fan!!

Wow I just realized that Im not sure WHAT Giant fan you are come to
think about it! I would appreciate it if you guys would write SFGiants fan or
NY Giants fan..........also spelled Gints..........Jints and so forth for the
NY Giants! I seen the name and decided to respond to see if you had any luck
with this removal at all? Its a tough nut to crack but looking at how old the
post is I guess you got it by now. Otherwise I have all the help you may
need! Just lemme know if your still in trouble fellow Giant Fan! : )







"GiantsFan" wrote:

> I have an executable file that keeps attaching to my hard drive. I
> downloaded the new Microsoft Beta spyware and it "found it" and removed it.
> It keeps coming back and the spyware isn't fining it anymore. It attaches as
> C:\windows\prefetch. When I search Aurora it appears as
> sdcttxgztm.exe-09F32744.pf. I then delete it and it reappears everytime I
> open Explorer. The pop ups that appear (constantly) say Aurora on the
> boarder. Any help would be greatly appreciated!
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom