# *%#@+^~ Spyware



## ntexasdude (Jan 23, 2005)

For the past several weeks I've been battling a sneaky adware program from ABI ( A Better Internet or Aurora). I've tried till I'm blue in the face to get rid of this crap with no luck. Whenever I surf it keeps popping up ads despite Norton AV & firewall, Windows XP pop up blocker and Google pop-uo blocker. I also use Ad-Aware, Spybot, Yahoo Spy Blocker, MS Anti-SPy and HiJack This. They all identify the culprit and say they have removed it but it just keeps morphing and regenerating itself. I've been to the various help sites, tried registry edits, booting and scanning in safe mode. None of it seems to work.

Now on top of all this I'm getting pop-ups labeled "The Best Offers". It seems to work the same way. If I type something in Google like "cars" I immediately get pop-ups for "cars". As of now I can't find any internet on the "The Best Offers" and the spyware scanners don't seem to even recognize it.

Anybody having similar experiences? Any ideas/suggestions would be greatly appreciated. I about ready to f-disk and re-install everything. Drastic measure but I don't know what else to do.


----------



## DonLandis (Dec 17, 2003)

If you set your google popup blocker to block all popups, and then just enable manually a popup for each session, won't that work? It does for me.


----------



## pweezil (Oct 11, 2002)

ntexasdude, here's quite a lengthy thread that seems to be about your exact problem: Aurora ABI Spyware 
Hopefully, it will help.


----------



## Mark Holtz (Mar 23, 2002)

Meanwhile... PeopleOnPage :bonk1: keeps coming up on my mom's Win98 box.


----------



## pweezil (Oct 11, 2002)

Mark, Try this: People On People

Jeepers, that one looks particularly nasty. Good luck.
Oh, and Happy Birthday.


----------



## ibglowin (Sep 10, 2002)

So easy to fix....

Just get a Mac!


----------



## Steve Mehs (Mar 21, 2002)

> Any ideas/suggestions would be greatly appreciated. I about ready to f-disk and re-install everything. Drastic measure but I don't know what else to do.


If I ever got a virus or spyware, I'd probably do just that. I trust Ad Aware and MS Antispyware to find malware, but removing is a different story. On other peoples computers that I have worked on both programs will find hundreds of hits, and I'll remove them, reboot and a few will still stay there after repeated scans. I don't have the patience so with the persons consent I copy all their docs and pics to my flash drive or blank CD and reformat. I'm not willing to take the 10-15 minutes to do a search, edit registry keys, run more scans, download and install more antispyware programs, when by the time all that is complete I could be over halfway do installing Windows and who knows if everything I would attempt to get rid of it would even work. With a clean install of Windows or System Factory Restore, I know all the crap they picked up is gone, and the computer is nice and clean, corrupted or damaged system files are back and it's a smoother running computer all around.

On my own machine, on the Windows XP boot screen, if that blue status bar makes more then 3.75 trips and/or it takes more then 30 seconds to go from off to completely booted up, it gets a factory restore. With a 3.2 GHz P4 and 1.0 GB of PC3200 DDR RAM anything below my standards is completely unacceptable. My Other computer is only 700 MHz, but still I have standards for the Windows 2000 partition, the XP partition is what I use to experiment with, so I could careless.

I love reformatting, if a bridge has a pot hole, I don't fill it in, I knock down the bridge and build a new one


----------



## Capmeister (Sep 16, 2003)

ibglowin said:


> So easy to fix....
> 
> Just get a Mac!


But, what if you want a COMPUTER?


----------



## SimpleSimon (Jan 15, 2004)

Have you tried a Safe Mode bootup and then run the cleaners?


----------



## ntexasdude (Jan 23, 2005)

SimpleSimon said:


> Have you tried a Safe Mode bootup and then run the cleaners?


Yes, even disabled system restore before booting into safe mode. Did this at least 5 times. The frelling spyware just keeps regenerating and morphing!


----------



## n8dagr8 (Aug 14, 2004)

try PCTools Spyware doctor. Should have a trial version.


----------



## Richard King (Mar 25, 2002)

People who do this to other people's computers should be taken out and shot, or at a minimum have any fingers that they use to type chopped off.  I have been throught the people on page mess myself a while back. Somewhere I found someone who stated that if you go to the PonP homepage they have a deletion method that works and they don't get you again. If I recall correctly I did that and haven't had a problem since (knock on wood)


----------



## Redster (Jan 14, 2004)

I have noticed that sometimes the spyware checker does not delete all the files. Most of the time they are hiding in your temp internet files but they also hide under the all users profile. I as a habit clean out both profiles for any temp files and you may want to also make sure your windows temp files are cleaned out too. The people on page one is nasty, it goes hand in hand with shopping at home,, they both like to hide in the profile folders and I have seen them put an exec in the windows folder,, pretty much just have to do some wildcard searches to find everything,, people*.* type or shop*.* .


----------



## Steve Mehs (Mar 21, 2002)

Richard King said:


> People who do this to other people's computers should be taken out and shot, or at a minimum have any fingers that they use to type chopped off.


I agree, and that means family. Well mothers cousins daughter.  My great uncle had 4 kids, 3 of them moved out to California and started families. He lived in Buffalo and when he died his funeral was held here. One of his grandkids, Anne worked for Yahoo at the time. She worked in marketing and worked with their advertisers on designing ads, both banner and pop up/under. Now Anne works for I forget who, but they put out one of those toolbars that contain spyware.


----------



## Richard King (Mar 25, 2002)

Does she still have all her fingers? :lol:


----------



## Steve Mehs (Mar 21, 2002)

Not sure haven't seen her since 1997


----------



## SimpleSimon (Jan 15, 2004)

Redster said:


> I have noticed that sometimes the spyware checker does not delete all the files. Most of the time they are hiding in your temp internet files but they also hide under the all users profile. I as a habit clean out both profiles for any temp files and you may want to also make sure your windows temp files are cleaned out too. The people on page one is nasty, it goes hand in hand with shopping at home,, they both like to hide in the profile folders and I have seen them put an exec in the windows folder,, pretty much just have to do some wildcard searches to find everything,, people*.* type or shop*.* .


 They can also hide under the defualt (new-create) user's profile which is somewhere under c:\Windows - maybe system or system32 - I don't quite remember offhand. It's not hard to find if you look.


----------



## ntexasdude (Jan 23, 2005)

Update: I've been screwing around with SAME spyware for weeks now. It doesn't seem to be particularly destructive but it just won't go away. I have pretty much tried everything including posting hijackthis logs to help forums and getting nowhere. As soon as I get time I'm going to fdisk and reinstall WinXP. I ran across some very interesting info. I found the name and number of the company and the name of the turdhead CEO in New York City who is responsible for this crap. I have called and written these scumbags. It won't do any good but hey, I feel better.

The "virus" runs in safe mode. It regenerates on every reboot. It calls registry keys so you can't delete them because they are in use. It's very smart and stealthy. It mimics Microsoft AntiSpy. It pops up windows that look exactly like MS AS alerts. I had a guy at the house who is a network admistrator for the local university - a very large network. He had no luck removing it. As a matter of fact he didn't know anymore than I did - but only because I spent hours researching the bug.

I did find some useful stuff on the net I thought I'd share - Ewido trojan scanner and active trojan preventer - very nice and a free download. Also found out some of the real pros use Kapersky Labs AV and firewall software. By some accounts Kapersky seems to be the world's leading AV software.

Any last miute suggestions before I fdisk?


----------



## djlong (Jul 8, 2002)

Theory:

Copy the registry file - put that file on another disk.
Use a registry editor to edit the bad guys out of the copy.
The nasty part is putting the edited registry back on C: - might have to remove the C: drive and put it on another computer just so you can overwrite the infected registry.

Not fun AT ALL.


----------



## n8dagr8 (Aug 14, 2004)

Did you run ad-aware in safe mode?

Trend-micro has a scanner that you can run over the web.

Good luck....maybe you could download Ubuntu?  Sorry, Linux. :lol:


----------



## ntexasdude (Jan 23, 2005)

I've run ALL the free scanners IN SAFE MODE. Safe mode makes no difference to this particular malware. It runs in safe mode. As soon as you finishng scanning and editing the registry and reboot it comes right back. It just won't die and I'll be danged if I can figure out a way to kill it.

I think DJ might be onto something. I will try his suggestion.


----------



## Jim Parker (Aug 12, 2003)

Dude
If you made a bootable CD from a clean computer, you might be able to boot from the CD and then edit the registry and over write it on the infected computer.

I have not done this in XP, but I seem to recall having done this in Win 95 to fix a corrupted file. It's been a while, so I could be wrong about how I did it.


----------



## Redster (Jan 14, 2004)

ntexasdude said:


> I've run ALL the free scanners IN SAFE MODE. Safe mode makes no difference to this particular malware. It runs in safe mode. As soon as you finishng scanning and editing the registry and reboot it comes right back. It just won't die and I'll be danged if I can figure out a way to kill it.
> 
> I think DJ might be onto something. I will try his suggestion.


I was google'ing your spyware, seems there is a program called VX2Finder that has been used to get rid of it and keep it from regenerating. I have never used it but from what I read it does involve editing the registry through the program. Not sure if you have looked into it but here is the link for download.

http://www.cybertechhelp.com/download/section/adware-spyware-removal


----------

