Aroura virus problem hijack-logfile posted help!!!! Part II

Ok, after all my (our) attempts to try to get rid of this pest, I finally had the Balls to just reformat my HD. After reformating my C drive and installed my Opert.SYs again Guess what HE came back!!!! Nail.exe and his buddy sproc or what ever its name was.. now I was just wondring I am not a PC wiz but I thougth that with the reformat everything would get deleted!?.
Now you (all who helped) think that maybe since it was partition it means thaT i have to format both C: and D: drives.
Thanks.

oh, and by all means this is not only for past help new imput by other smarts is welcome !

 

Did you just scan your C drive with your virus program or all of your drives?

 

thanks cousin, ddp. I'll do that today. I'll keep you posted.

 

sorry Cousin, no, I figure that the nail.exe was in my system32 in windows? so I only scand C:!

 

I dont see how that is possible if you reinstlled your os. Did you format your c drive(not quick format) before you reinstalled your os?

 

and also did you do your scan before you installed any other software? i would not install anything and then first thing do an online scan

 

What the hell is Opert.sys? Looks like the common denominator to me.

 

Is your operating system disc an original?
It may actually be on the disc if it is not.

Also did you delete your partition before reformatting or just reformatted the partition?

 

I am confused, you got the virus AFTER you re-formatted. Did you go on the internet without your anti-virus installed?

@ rottingkd, could you give us an EXACT timeline of events after you re-formatted. As in when you got your 1st startup screen to the windows tour!
I NEVER partition my HD. I quite simply cannot see the point. When I re-formatt I erase the whole lot & start afresh.

Pulsar

 

XP Home Original. And no, Im not trying to sound like an ass. . And I deleted the partition first.
The reason I partition my HD, is mainly because of this, I have Moives, music & pictures, software, games all in different HD's just in case I get a virus. I only have to reformat that paticular Dirve?. but then thats just me. I did what DDp asked me to do, ( to disable system restore ) and finaly my pc is spyware & virus free, I no longer see my 2 month friend AURORA! lol. did a system scan again with links provided by ddp. and its all clear.
pulsar: yes the virus came after the reformat, but I guess it was just regenerating with system restore? maybe ddp could explain that one. .

 

This is why I erase everything on a format. I have 3 HDs in my Pc, I also have a 120gig zip drive & my second PC has a 160gig HD. I keep all my music distributed amongst my HDs, just in case of probs.
Not sure how a virus could "regenerate" after a system restore. Again, a clean sweep clears away any doubts. HDs are SO cheap nowadays, it eliminates the sort of probs that you are having. All my HDs have XP on as standard.
Flexibilty is the key.

If I get a prob with one, I just access that HD through the other HDs. As the "corrupted" HD is only "ticking over", you can remove spurious files without the dreaded "This prog is being used by another service, unable to delete" scenario.

That system has saved my ass on several occasios. It also removes the need to start in safe mode. You have to be able to identify the spurious files. I know my prog files like the back of my hand. I know EXACTLY what should & should not be there, and take the according action. Disc clean ups also help to make sure that the files are zapped once the recycle bin is emptied.

Pulsar

 

i know how to remove aroura it's not a hard thing to do my friend has done this and works fine.if anyone still haveing problems let me know..
do not download removal tool from the company that made arora.this contains more problems..

 

If you have a solution, why do you not just publish it here instead of making people jump hoops? We are all here to help people, please do not forget that!

 

read other posts below as well...

arora uses nail.exe & svcproc.exe
to remove do the following
first download and install ewido, hijackthis and crapcleaner(ccleaner)
read and apply the below thread now...

start pc in safe mode and ruan all three not once but twice
when finished while still in safe mode open task manager
open c:/window/sys32 and minimise to tray
open c:/window prefech and minimise to tray

nail & svcproc.exe use a random 6or7 digit exe process in task manager
if you end random process they restart
delete both
some processes come back
they will now be in prefech folder
DO NOT DELETE
but rename the whole folder to something else
then delete the whole content of this file.
end the processes in task manager thus giving nail&svcproc.exe nowhere to go.
then run ccleaner do a full clean including all temp and IE files
then restart, windows will then rebuild a new prefech file so it may be a little slow for the first few restarts
with any luck and carefull following of this,Arora is now dead...
don't forget before reboot check sys32 folder for the two .exe's

i have also been made aware of a download on majorgeeks.com, its on page 2 if you don't want to try the method above try this but it is just as involved...
note: be very cafefull with hijack this as you may delete some very important system files...
you have been warned..

 

the reason i asked if any one still wanted help was because the tread was not a new one therefore i didn't know if any one was still having problems....all that was needed was a yes we do still need help...

 

with crapcleaner installed go to,
options
custom folders
add these folders
c:\documents&setting\default user\local setting\tempory internet files
c:\ " " \(your computer name)\cookies
c:\ " " \( " " " )\local settings
c:\ " " \( " " " )\temp
c:\ " " \( " " " )\tempory internet files
c:\ " " \( " " " )\recent
c:\windows\sys32\config\systemprofile\localsetting\tempory internet files\content.IE5

then go to options
advanced
make sure box marked only delete files in temp folders less than 48hrs is UNTICKED

if these files/folders are not added ccleaner will not clean them

THIS IS WHAT I HAVE IN MY TASKMGR IN SAFE MODE
TASKMGR.EXE
EXPLORER.EXE
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
LSASS.EXE
SERVICES.EXE
CSRSS.EXE
SMSS.EXE
SYSTEM
SYSTEM IDLE PROCESS