Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
No thanks needed Anand, but when you've tried cleaning the laptop, I'd like
to know if this was the problem or not.
--
Cheers,
Tinkerer
"Anand" <Anand@discussions.microsoft.com> wrote in message
news:5F51A527-7978-405A-BFA1-93A413C6E035@microsoft.com...
Hi Tinkerer,
Many thanks for your quick reply. Tried downloading the adware but corporate
firewall blocks it.
will get some internal help to install and clean the laptop as per the steps
you have given.
thanks again
regards
anand
"Tinkerer" wrote:
> I'm cutting and pasting from another group here. It looks as if it may be
> relelvant.
> Subject of the post is "Aurora Fix", posted by AndyManchesta
> ---------------------------------------------------------------------------------
> Lavasoft have come to the rescue and released a new VX2
> cleaner that kills Aurora, After many weeks of testing
> and being involved in different fixes for this I have to
> hand it to them, there's is the best fix for Aurora at
> present and shows us all how it should be done.
>
> This is a beta test so even though I will post the link
> (which may change in the next couple of weeks when it
> comes out of beta) anyone who wants to use it should
> consider signing up to Lavasoft as a beta tester to help
> them improve applications and definition files, You can
> sign up at this address then choose definitions or
> programs to take part:
>
>
http://www.lavasoftresearch.com/betaprogram
>
> First you need Adaware SE :
>
>
http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910..html?part=dl-ad-aware&subj=dl&tag=top5
>
> Then close Ad-aware SE and download the new VX2 Cleaner
> (Not the one of thier site as it will not detect Aurora)
>
>
http://www.lavasoftresearch.com/upload/app/vx2cleaner.zip
>
> Save the file where you can find it easily then Extract
> the files and copy them (Left click and cover the files
> and then right click and copy) then open Lavasoft's Ad-
> Aware "Plugins" folder and paste them into there(Right
> click and paste).
>
> (C:\Program Files\Lavasoft\Ad-Aware SE\Plugins)
>
> Run Ad-Aware and click the Add-ons button in the main
> window.Select VX2 Cleaner from the list.
>
> Click the "Run Tool" button in the lower right corner of
> the window.Click "OK" when asked if you want to execute
> this tool.It will say VX2 variant found then press
> clean.Next it will say to reboot and run a smart scan
> with Adaware.
>
> It does miss acouple of traces which I will list below
> but it kills the Nail infection and makes it look so easy.
>
> Delete these if found:
>
> C:\WINDOWS\ffsnvqmgpiy.exe
> C:\WINDOWS\rramcx.exe
>
> Then you can clear the Temp Internet files and the
> contents of the prefetch folder to remove the final
> traces if you wish:
>
> goto start menu and run and type %temp% delete the
> contents of this folder or at least the files that are
> not in use then start and run and type prefetch and
> delete the contents of this folder and its finished !
>
> Good Work Lavasoft
>
> Regards Andy
>
>
>
>
> --
>
> Cheers,
> Tinkerer
>
>
> "Anand" <Anand@discussions.microsoft.com> wrote in message
> news:E17C0E74-D72E-445A-AFFB-87CCCF52EA22@microsoft.com...
> Hi,
>
> Everytime i use my XP Professional Laptop, a suspicious .EXE also starts
> up
> after while. Everytime, it has a different name which is randomly
> generated.
> Ex. F5DCE.EXE or M5OR4.EXE and so on. Even if i kill the process from Task
> Manager, it reappears after 10 mins or so. It start from C:\TEMP
> directory. I
> have set my System and User env variable for TEMP to this directory.
>
> I have Windows XP SP 2, Windows Antispyware Beta (latest definition
> files),
> Trend Micro firewall and Virus Scanner (with latest updates). All are
> licensed s/w and this laptop is on a corporate network.
>
> If i scan with Trend Micro, it says that 1 malware found but does nothing
> beyond it. Don't know if the malware it found is the same i am talking
> about.
>
> can somebody tell me if this is some kind of a virus or spyware, etc.? How
> can i get rid of this randomly starting program?
>
> many thanks
> anand