This is some very interesting posting in this tread…I would like to ask a question about removing a program from the add/remove….It has seemed to me that even if you remove a program it still has a folder stored on your hard drive, so it seems that it does not really remove all of the program, I always delete these folders from my hard drive, but does that get rid of all the hidden files? Thanks!!!
Hi Shadowhunter,
I think there are two issues here: Add/Remove entries for legitimate programs and Add/Remove entries for spyware/adware programs.
Legitimate programs may leave folders behind after removal of the program. These may contain log files, reports or configuration information. Sometimes they may contain files which may be used by other programs. Or they might just be an oversight and be empty. these can usually be deleted in a clean up process, and shouldn’t contain any hidden files.
Add/Remove entries for spyware/adware programs, on the other hand, may not remove all components of the program: they may leave the sneakiest components behind to continue spying on you. These are indeed ‘hidden files’. Even after uninstalling spyware/adware programs in this way, it’s still a good idea to run Ad-Aware, Spybot S&D etc to remove hidden components.
But it’s not a good idea to run anti-spyware programs before trying to remove the application from Add/Remove, because anti-spyware programs may remove the sneaky hidden files but break the uninstall feature of the application in Add/Remove leaving no way to remove it.
So it’s always a good idea to try to uninstall programs fro Add/Remove, but never trust spyware/adware programs to go away completely with this method, and even legitimate programs may need a cleanup afterwards.
Regards,
FF
From the DirectRevenue website:
Direct Revenue CTO Dan Doman said, "From a technology standpoint, Aurora represents a leap forward in connecting consumers to advertisers."
Direct Revenue CEO Joshua Abram said, "Aurora and MyPCTuneUp demonstrate our commitment to providing advertising partners, clients and consumers the best possible experience in behavioral marketing and search."
Clearly these people live on a different planet. Meanwhile, the people of Earth, or Illinois USA, anyway, have taken out a class action lawsuit against the company.
Far from having the “best possible experience”, they are complaining that DirectRevenue are “involved in installing “spyware” on millions of computers without the computer owners’ consent, utilizing it to track the Internet browsing habits of the owners and then send them intrusive targeted “pop-up” ads.”
Anybody with experience of DirectRevenue’s products is invited to give their opinions:
http://netrn.net/spywareblog/archives/2005/06/12/directrevenue-responds-to-lawsuit/
Thanks for the info FF.
I’m kind of confused why Avast doesn’t recognize Nail.exe as a trojan/spyware. There are a few other files that aren’t recognized by avast. Avast could be THE method for removing Aurora infections if they’d recognize all components of it. http://www.virusspy.com
Avast picks up these
download.abetterinternet.com/download/UAC/Bolger.dll
download.abetterinternet.com/download/UAC/aurora.exe
download.abetterinternet.com/download/UAC/Poller.exe
download.abetterinternet.com/download/UAC/DrPMon.dll
download.abetterinternet.com/download/UAC/svcproc.exe
Avast does NOT pick up these. Of course avast recognizing nail.exe is a huge part to being able to remove it. Though there is another file that works in conjunction with Nail.exe, that if you delete Nail.exe, it will regenerate/download/copy it and it runs even in safemode because it locks itself to explorer.exe, so since explorer.exe runs in safemode, so does nail.exe and the other file that changes its name. To kill the processes in safemode, you have to kill explorer, then you can kill the processes and delete the files. However, since avast does the virus scan outside of safemode (the scan on boot), it would be PERFECT for ridding of this nasty one if it recognized all components of it. Kaspersky does according to what I hear, so a lot of people are being told to get kaspersky though I don’t know if they do the “scan on boot”.
(http:// removed so they aren’t clickable)
download.abetterinternet.com/download/UAC/Nail.exe
download.abetterinternet.com/download/Poller.exe
download.abetterinternet.com/download/uacupg.exe
Ok, I just discovered that avast does recognize the other part of aurora as a trojan. So the only remaining file they really need to detect to be a (nearly) complete remover for Aurora, besides registry entries. Spyware Removal
download.abetterinternet.com/download/UAC/Nail.exe
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NAIL.B
trend micro picks it up. Since 5-30-05
kaspersky picks it up.
panda picks it up.
bitdefender picks it up.
Rav Antivirus picks it up.
clamav does not
f-secure does not.
However, as I stated before, avast is about the only one that can actually delete nail, since they offer the boot scan.
Hi forum members,
This is a page with a special fix for Aurora/ nail.exe: http://forums.maddoktor2.com/index.php?showtopic=5104&hl=nail\.exe
enjoy,
polonus
Let it be known that Avast will now remove all the evil little files of Aurora/Nail.exe (in boot-time scan only)!!!
I think the only people who would object would be DirectRevenue and their lawyers, but what exactly is Alwil’s policy in regard to spyware? Are they ready for some lawsuits like symantec had to fight when they started to remove spyware? Have they sat down with their lawyers and writen up a protocol for when to add spyware components?
Directrevenue = U.S. company
Symantec = U.S. company
Avast = Czech Republic company
See the potential problem for directrevenue?
Just about every virus scanner under the sun is picking up nail.exe as a trojan anyways. Avast, Clamav and Norton are the only ones that weren’t (per jotti, though antivir per jotti too but antivir did pick it up per virustotal.com). Besides all of that, avast was picking up ALL of the other important files for Aurora/Nail.exe except for nail.exe
AntiVir Found nothing (they must have old defs or an old scanner? cause virustotal says it is a trojan with antivir)
ArcaVir Found Trojan.Nail.B3
Avast Found Win32:Adan-093
AVG Antivirus Found Generic.EA
BitDefender Found Adware.Nail.A
ClamAV Found nothing
Dr.Web Found Trojan.Nail
F-Prot Antivirus Found W32/Stervis.B@bd
Fortinet Found W32/Nailed.A-tr
Kaspersky Anti-Virus Found not-a-virus:AdWare.BetterInternet.b
NOD32 Found Win32/Adware.BetterInternet application
Norman Virus Control Found W32/BetterInternet.C
UNA Found Trojan.Win32.Nail
VBA32 Found Trojan.Nail
The virus defs I got this morning was the start of the nail.exe being recognized as trojan/adware
Hi sorebie,
I think this would be in the area of definitions. The only thing unwise to do is qualify this nail.exe as spyware, pest, parasite, malware, they could oppose the terminology, because they consider their program as legit, because they say they offered an opt-out or de-installer. To call it a Trojan is a technically justified definition and they cannot oppose the working of the executable as such, because it is not working like notepad executable e.g. The halting of tackling the precious spyware, because there are real big players involved and gigantic investments, is a legal tit-tat over the definition of what spyware actually is. So you can drag on and on, and prevent real action from being taken. I am also a member of the Dutch anti spyware offensief, a forum of people that think spyware makers are an anti-social element of the internet community, there these themes are often discussed.
greets,
polonus