Adware.Aurora Adware/Spyware

There is a new adware/spyware program called Aurora that has been found on several systems at Virginia Tech. This program will attach itself to Explorer.exe and increase the number of pop-up advertisements on the computer. It may also decrease system performance and could cause system instability.

Symptoms:

  1. Decrease in computer system performance.
  2. Increase the frequency and number of pop-up advertisements.
  3. Several running processes with random file names.

Detection:

HijackThis will have the following line in its log file:
  • F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
There may also be several entries showing running processes with random filenames.

Removal:

You can find more information and removal instructions from Symantec from the following links:

An independent programmer has written a tool to remove this threat. You can find more information from his website: http://www.jayloden.com/aurorafix.htm. This tool has not been fully tested by Virginia Tech staff and we cannot verify it completely removes all variants of the spyware from your computer.