This article describes how to remove those annoying Aurora popups. It is actually quite simple. But first off, let's explain what this Aurora spyware is made of - and point out a few mistaken identities.
During my research into its removal, I came across a site that is getting some of the blame, but has nothing to do with this malware - in fact, they don't even work in advertising. From that site, I found yet another site also getting misidentified.
Aurora Networks - A company specializing in digital broadband over optical transports.
PC Pitstop - A company specializing in software that tunes your system to better performance.
Neither of those companies are associated with this spyware in any way. The Aurora Popup software is owned by Direct Revenue, which is affililiated with Abetterinternet.com and Offeroptimizer.
The symptoms are apparent - you receive popups with Aurora in the title bar. Several executables run in the background: Aurora.exe, nail.exe, a randomly generated filename (such as "wtsvizptwu.exe") with the description of "Buddy", and/or the trojan SvcProc.exe (Stervis).
How to Disable Aurora Popups:
- Open Start from your taskbar
- Go to Run, type in CMD, press OK
- Type %SystemRoot%\nail.exe /FullRemove
How to Remove Aurora Spyware:
- Open http://www.mypctuneup.com/evaluate.php
- Click Download and save MyPCUninstaller.exe
- Close all programs
- Follow the wizard, reboot your computer when the uninstaller is finished
The reason I offer two different methods of removing Aurora is because each has its disadvantages. If you remove nail.exe manually, you have full control of the removal, but this does not remove the randomly-named file associated with it, nor SvcProc. If you use the uninstaller, you have to trust the same company that put the spyware on your system. The site recommends that you disable your firewall and antivirus so MyPCUninstaller.exe can communicate back to them - but they state that the uninstaller is not sending data about your machine back to them... so what exactly are they sending?