DJ140

My Norton IS keeps advising me to block a file called: jwkavzph.exe.

Is this spyware/virus and if so, although I keep telling the firewall to always block this file, why does the warning keep appearing?!

Dan

bioforger

iTrader: (1)

Find the file and do a properties on it, to see if u can determine what its for. Does look iffy though. Or to completely contradict myself it could be a harmless file, java runtime file maybe?

16vmarc

Maybe it keeps appearing because its still there and all Norton doing is stopping it from running?

Nicks VR4

Some Virus's can randomly create a .exe file

Make sure you are up to date with you Virus Signatures

If not sure you can submit to VirusTotal and they can scan the file using various Anti Virus Software

http://www.virustotal.com/flash/index_en.html

Nick

DJ140

I've booted in safe mode and edited the file to stop it being run, properties, security, deny access and it still keeps trying to start. IS there nothing I can do other than re-install Windows etc.

There must be a program that can disable this file.

Dan

alistair

Have you tried the Microsoft Anti - Spyware program that you can download for free ?

It found & removed a number of things on my PC that everything else had either missed or couldn't remove.

DJ140

Tried Spyware. It removes the files everytime I run it, but they keep coming back.

I've had to block this file 6 times in the last 20 minutes.

fast bloke

looks suspiciously like a spyware I had recently - kept trying to install kavsys.exe with a couple of letters changed every time so zonealarm got confused. The very helpful chappies at www.geekstogo.com had me sorted in no time (without a rebuild )

MarkV

Hi

good free download is a prog called Spybot - just put in search engine and it will give loads of options to download. This prog will sweep your system and identify and enable you to get rid of all sorts of nasties such a tracking cookies etc.

Mark

Wurzel

iTrader: (1)

Yes it is and it is a particularly nasty one if it is what I think it is.

do you have a file in \windows or \windows\system32 called Nail.exe

if yes then you are infected with the better,internet aurora spyware which is a real **** to get rid of, but not impossible. It appears about 3 times in the registery.

search the registery for nail.exe and delete it, you will also find it in the shell key which should just have explorer in it not the nail bit.

you also need to find the file and set all permissions to deny and do the same for the erronious file you mentioned. you will also need to kill the file process in task manager.

you will also need to delete an entire reg key called aurora.

once you have set permissions to deny and deleted all the files you need to reboot.

if you do not set permissions to deny then the erronious file will continue to respawn itself and if you try to delete nail.exe it will also respawn itself.

Also look in teh directory C:\system volume information it is a hidden system directory so you will need to unhide it and add yourself to the permissions list.
look in here at the RP directories for any .exe files that have TODO in teh file description and delete them. your norton should tell you if these directories are infected before you mess around in this directory.

hope this helps.

ps NONE of the spyware killers will remove this, you need to do it manually.

This is the company responsible for it!!

"New York, New York – April 26, 2005 – Direct Revenue today announced the launch of its newest ad client, Aurora™. "

SJ_Skyline

If you have no joy with the above or they say they have removed the program only for it to reappear then it could be CWS which is a particular nasty little s0d to get rid of.

CWSShredder removal tool