Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
GiantsFan ... sorry about the delay in getting back to you. Aurora is a
fairly recent variant of VX2/betterinternet. Direct Revenue is the
company that is behind it. Check this thread to see how it was removed
on one victim's system :
http://castlecops.com/postp520003.html
Hopefully, Microsoft AntiSpyware will soon have the definitions to deal
with it. MS has been sent suspected files/samples of it.
MowGreen [MVP 2004-2005]
===============
*-343-* FDNY
Never Forgotten
===============
GiantsFan wrote:
> Thanks for the response. I searched my drives and the sdcttxgztm shows up as
> an application under my C:/windows location. I did a scan with the MSAS and
> it doesn't find anything. I also did a scan with the Cox Communications
> spyware and it found "shopathome" software - which seems to be the same
> thing. I attempted to go in and delete the sdcttxgztm application and get a
> message that access is denied. I have deleted previously, but it just keeps
> coming back. When I highlight it the description is: buddy and the company
> is: direct revenue.
>
> "MowGreen [MVP]" wrote:
>
>
>>Using MSAS, do a Full system scan with all 3 options boxes checked in
>>normal Windows mode. Then do another one. If that doesn't remove it,
>>boot to Safe Mode and do another Full system scan.
>>
>>If you could, before doing the scanning, see if you can locate the file
>>in another location besides the Prefetch folder. Rename it's extension
>>from .exe to .ixi, compress it to a .zip folder, password protect it,
>>and then email it me along with the password, please.
>>Send it to mowgreen aT gmail dot com. ( See if you can decipher the
>>address
I'll forward the file to MS.
>>
>>MowGreen [MVP 2004-2005]
>>
>>===============
>> *-343-* FDNY
>>Never Forgotten
>>===============
>>
>>GiantsFan wrote:
>>
>>
>>>I have an executable file that keeps attaching to my hard drive. I
>>>downloaded the new Microsoft Beta spyware and it "found it" and removed it.
>>>It keeps coming back and the spyware isn't fining it anymore. It attaches as
>>>C:\windows\prefetch. When I search Aurora it appears as
>>>sdcttxgztm.exe-09F32744.pf. I then delete it and it reappears everytime I
>>>open Explorer. The pop ups that appear (constantly) say Aurora on the
>>>boarder. Any help would be greatly appreciated!
>>