i keep getting a pop up and it tells me to go to a certain url to download a uninstallation tool should i trust it

i keep getting pop ups and when i press the ? button next to the close page button a internet explorer window pops up saying. . .You are seeing these ads because you have received software free of charge through an Aurora distributor. To support your free software and to help keep the product free, please do not uninstall Aurora. Aurora is not "spyware," does not collect any personal information about you, and is not malicious.

If you do choose to uninstall Aurora contextual advertising software, it can be safely and completely removed by going to www.mypctuneup.com/aurora to get the uninstall tool.

EULA

should i trust this message to get these pop ups to go away? and anyway, the same graphic that is in the title bar of the aurora pop up is the same as a graphic in my C:/windows folder and it is titled xldvhjbdrhu and firefox is my default browser which messes me up because the window opened in internet explorer when i clicked on the ? button

 

Do not trust that message. Aroura is a pain in the butt. I have removed it but takes times. this has also been discussed here. http://forums.afterdawn.com/thread_view.cfm/198045 . Read the first thing I posted and the very last post. That should fix you up.

-Del

 

well, it took a while but i finally finished. i think i got rid of it because the file that kept reappearing in my C:\windows folder is gone and those annoying ass pop ups haven't came back yet. but i haven't told my computer to boot up as normal yet. when i ran hijackthis i only found two of the entries listed in your post, and couldn't find any of the files. here is my report...

Logfile of HijackThis v1.99.1
Scan saved at 3:21:37 AM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\B Man\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
O1 - Hosts: 216.130.185.143 websearch.com216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


and another thing, what the hell is killbox? i couldn't even get it to do any type of scan. but i am pretty sure aurora is gone, we'll see though

 

@brandonb

The only thing u need to remove in your logs are

O1 - Hosts: 216.130.185.143 websearch.com216.130.185.143 websearch.com
O1 - Hosts: 216.130.185.143 www.adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com

CJC

 

thanks, i thought there was more stuff in there that looked like it didn't belong. i just got a pop up too, but it wasn't one of the aurora ones. i'm going to go back into safe mode, get er done and see what happens, i'll post back when i test it out and see whether i get some more pop ups. thanks for all your help guys or gals, whichever ya'll may be. but really, thanks i really appreciate ya'll helpin me out.

 

well i guess everything seems to be in order. no pop ups yet. thank god. well actually, thank you guys, ha ha, but anyway, should i go ahead and let my computer boot up as normal or should i just keep it booting customized. cuz everytime i start up my system configuration utility comes up and says its booting up specail and wants me to tell it whether to keep doing so or go back to normal. im not sure if i should go back to normal in worries that aurora might come back.

 

ok, so if i let it boot up as normal, then aurora will come back? so is the customized boot up the only thing keeping it from coming back?

 

No it is not keeping it back. Auroura does not run as a service. If you did all the stuff needed to rid of you should be fine. If you system works fine the way it currently is then just click the check box that says "Dont show this again at start up" and you will never see that message again

-Del

 

That seems like a lot of work. I forget exactly what I did to get rid or aurora. All I did was download something that removed it but don't remember what it was. I've heard from other places that the ? mark thing does work to remove it.

 

well aurora is gone, and it doesn't look like its coming back, i do occasionaly get pop ups though. they aren't aurora ones but they are just as annoying, i run all my spyware/adware checks everytime i get on my comp. is there anything else i can do because when i switched to firefox i quit getting pop ups. untill i moved back in with my mom and started using her internet now i get them again.

 

she has zoomtown broadband from cincinnati bell. but i took her computer off the internet and hooked up mine. now mine gets popups that it never did when i had it down in lexington hooked up through insight broadband /cable.