Aroura virus problem hijack-logfile posted help!!!!

nop, it reads like this

D:\awinsfx.exe is not a valid win32 application. it happens when i try to run the program

 

D:\ is my hard drive where I downloaded the awinsfx.exe. its from there that I try to open but I get that message.!

 

Ok softpedia and ken solved the problem, I don't get the pop-ups no more, but I get a warning box asking me what I want to do with the files. it askes " what shall be done with these files" and gives you options...
-move file to quarantine directory
-delete file
-wipe file
-rename file
-deny access
-allow access

I already tried delete, deny, wipe, files. but they keep poping up! help? again.

 

I would probably get a firewall; preferably Kerio Personal Firewall. Here's the link to download it: http://www.filepedia.com/network_software/firewalls/kerio_personal_firewall.cfm

Also, try using microsoft's anitspyware beta program from their site and see if that picks up anything.

Keep updating your results.

 

ok I ran both programs, i keep getting those options I posted erlier. the Nail.exe is still in my C:\windows. i think Im just gonna have to format my drive! I give uP thanks for all your help....... and all your attepts.

 

I forgot to have you do this, uncheck Nail from Startup (you should see Nail in the Startup tab when you go Start-Run-type "MSCONFIG" and go to the tab and unselect Nail). Then restart computer in safe mode and run AntiVir Xp.

 

yes ddp I did as you said, delete both .Nail&Svcproc in safe mode but Nail kept appearing back. Im gonna try running antivir in safe mode see what happends.. thanks

 

I can safely tell you that anti Virus will not pick this up. Microsoft anti-spy tries but is unable to. It will remove the affected REG entries but they show back up 10 seconds after doing so. Any correct solution to this will have to be done in safe mode. The REG entries will show back up even in safe mode. I think I had to go into Safe mode ADMIN for this one. Trying in normal mode will be like shooting yourself in the foot. I will look around and find the article that helped me I may have missed a step. Will post back when I find something.

-Del

 

Make a batch file with the information from the other site I gave you.You will probably have a better chance manually deleting it in command prompt.

 

OK Got something that may help. I hope anyway. Go here http://www.p2p-zone.com/underground/showthread.php?t=21601 .

Pay no attention to the very last 2 posts. They are bots and show up in many forums on this topic. Their wording is always exactly the same but the names are different. The link they give takes you to the place that created Aurora. There is a file there that claims to remove it. It will not. In fact it may make things worse.

-Del

 

Here try this out this a batch file I made that will remove the virus for you http://s49.yousendit.com/d.aspx?id=0EICW965Q1VB92GRE1VJSKV7B9 .All you have to do is boot up in safe mode then run the batch file.The reason the virus keeps duplicating is becuase you are not completely deleting the virus.You are missing a part of the virus which makes it keep duplicating over again.

 

Oh and rottingkd ignore Mr_Del,this person talks of nonesense.You would be more likely to get a virus from a P2P forum than you would a virus removal site that is dedicated to removing viruses.Yeah I know I might sound like an arse,but trust me Del he is better off checking out the other sites earlier on this page man.

 

On the same note your are even more likely to get a virus from an individual.

-Del

 

True,but I'm not going to give him a virus they are pointless.Whoever made them should be hunted down and killed for even making them so popular.

 

Oh and if I did put a virus on the file,don't you think it would be bigger than 4KB.Think about this viruses are small,but not that small.They normally average out to 100KB,so whatever man.

 

Besides even you said the P2P forum you gave to him has 2 bots that direct people to the cause of the virus.That doesn't seem like a very reliable source to be honest,for all we know it could direct him right back to the virus.

 

If I offended you then my bad alright,just under the weather today and am feeling cranky is all.