Aurora

Posted: March 27, 2006

Aurora is an adware spyware that shows undesirable commercial advertisements using Internet Explorer web browser. It also tracks user activity in the Internet and sends gathered data to certain web servers. Aurora can download and install its additional malicious components. The spyware can get into the computer along with some ad-supported software. It also can be manually installed.

File System Modifications

The following files were created in the system:

# File Name

1 drpmon.dll

2 iddjhjm.ini

3 nail.exe

4 svcproc.exe

#	File Name
1	drpmon.dll
2	iddjhjm.ini
3	nail.exe
4	svcproc.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareauroraHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun[randomname]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallabi-1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionWinlogonShell=explorer.exe%Windir%HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintMonitorsepMonHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSvcProcail.exe

Aurora

File System Modifications

Registry Modifications

Related Posts

Leave a Reply