A Revolution is the Solution
Great write Chris. Another one for the spyware nerds!
Booyah 
wow read that and talk about a headache,
please use our uninstaller to uninstall the software you didnt want in the first place then find out that the uninstall dont even work,
and they say the Matrix is fantasy lol
keep up the good work and keep taking the tablets
Well, it should be interesting to see, what, IF anything these clowns come up with for an excuse. There simply isn't one.
Good work PG, you are... DA MAN!!!
Hey, that was a great post. Those smokescreen uninstall practices are inexcusable. If DirectRevenue wants to reform, they should start with functional Add/Remove Programs entries and go from there.
Excellent article PG! If I wasn't on a modem I'd try the uninstall procedure myself 
Ok, that would give me a headache, I got really confused reading it, clicking things etc .... btw can i have a tshirt?
wow... other stuff seems a little 'shady' this actually seems bad.
they are so full of shit! please keep up showing it. thanks
Another good blog article, ghost. Inspired me to do one of my own. Not as riveting, mind you.
I liked it
Wish I could say the same for the Aurora uninstall!!
not being too techie i have what might be a dumb question...
what does the 112 mean in "OH NOES!!112"?
its a witty parody of people who rather annoyingly type ALL IN CAPS ON THE INTERWEB, CALL IT THE INTERWEB AND SLOPPILY LET GO OF THE SHIFT KEY WHILE DOING EXCLAMATION MARKS!!!!112
Consider it overspill
I'm gonna take a guess at the next article: a step-by-step n00b's guide to removing Aurora using Ewido, HJT, and NailFix.
I"M A PSYCHIC!!!112
OH NOES!!112
I especially like the part about: yes it does remove everything...Well except for those 'fingerprints' that arent uninstalled. Huh? Either it uninstalls EVERYTHING or it doesnt.
But my absolutely favorite part is how leaving 'fingerprints' are a "service to the user"
Paper, he got you mentioned on MSNBC YOU UNGRATEFULL SLIME!!!112 You were one chuckle and smile from getting a hand job from Direct Revenue and YOU HAD TO GO AND FCUK IT UP!!!112
Which is, of course, why we love you. I'm not sure his image buffing is going to amount to much: I think many of these businesses have become addicted to the "illicit fruit".
I'll raise you $10 for your advertisement, and throw in some cool stickers that make your pc look faster.
:P
Create a text file named Nail.txt
Delete nail.exe
rename nail.txt nail.exe
put that in a batch file and your at a starting point.
Great article..I'll be visiting here much more frequently.
It's about time that the law enforcement agencies started looking at this and handing out arrest warrants for Direct Revenue and the other adware companies.
It's gotten ridiculous..... In fact, it's past ridiculous, it's obscene.
It's about time that the FBI and others did their d*** jobs and SHUT DOWN DIRECT REVENUE!
No more warnings, no more doublespeak, just shut them and all other adware and spyware companies down.
At this point, I'd like to thank Direct Revenue for increasing my traffic once more :P
And Brian, its always good to see someone else that CNA DO TEH CAPS DANCE!!1211
but can anyone actually tell me what the hell a ROFLCOPTER is?
http://img369.imageshack.us/
img3...lcopter79yz.gif
There's your very own roflcopter.
ROFL!!
...copter
The uninstaller for Aurora doesn't work. Why am I not very surprised at this revelation? Mainly because I got zapped with another spyware/adware program like Aurora, and had a HELL of a time cleaning it out of my system, because it worked like a virus.
You delete it from one place, it shows up in another with a different name. I nearly went INSANE trying to get, I believe it was, Betterinternet to uninstall, because I would uninstall all the files and registry keys for it, and it would appear again as soon as I restarted my computer.
This was when I got fed up with adware/spyware in general.
Paperghost, please, send all of your evidence against these guys to the FBI and the United States Attorney General's office, and b&c until they start an investigation.
Maybe then, we will finally ban adware that has to be downloaded to your computer.
I have to add a update to this. When I went to the mypctuneup.com site, and downloaded the uninstall program for Aurora and tested it, it worked just fine.
Paperghost, where did you get the uninstaller from, and when did you get it? The file I downloaded was date-stamped July 13th, 2005, so I am assuming that it was on their site before you wrote the latest article about Aurora.
Either Direct Revenue has cleaned up their act, or you just downloaded a bum file for some reason. I have that problem a lot when I download a file with IE, it always seems to cut out in the middle of the download and the icon for it appears on your desktop, yet the file is not complete, so Windows says it is an invalid file.
And another update. I tried going to the abetterinternet.com/aurora/ link, and wonder of wonders, it worked on all 6 of my computers!
In fact, I went to every single link in the Aurora article that Paperghost said didn't work, and all of them do, at least now.
Paperghost, I am beginning to think that there is something wrong with your internet service, or you are running something else on your test machines that is blocking you from going to certain sites.
Every single link that you said didn't work, I have tested, and they all do. Now, someone might have complained to Direct Revenue and they put sites up quickly, but I have chatted with other people on other forums, and they have said that the links have been working since the beginning of MARCH.
Please, check your computer, for all our sakes.
Actually, if you do a search for "file is not a valid win32 application" there are quite a few links on google etc that show people havng exactly the same problem with the mypctuneup uninstall application.
http://forums.mozillazine.org/vi...ic.php?
t=280892
is just one of the many, many references to the DR uninstaller not working. you will also find many references to this on HJT forums, Suzi's spyware blog and a shedload of other locations. after all, if the uninstaller was so reliable then why are all the main security forums absolutely buried in pleas to remove DR software?
more often than not the thing screws up, which is precisely why there is actually a mention of this on the DR website, which unhelpfully says the "program may have been corrupted during download". in fact, they have a ton of error "solutions" on there which doesnt exactly fill me with hope. if they want i can happily employ a monkey to create a built in uninstaller for Aurora, it would take it about, oh, five minutes
in all my years of downloading thousands of programs, the ONLY time i have ever recieved that message is when i tried to run the DR uninstaller.
my machines are fine - and i run all tests on 2 virtual boxes and three "real world" boxes. i also downloaded the file at different times of the day, and none of them worked.
if you can actually get it to work then great, but if youre unlucky enough for the file not to work - what on earth do you do then?
would an average user keep trying the download until it worked? i doubt it.
they end up on sites like this, screaming for blood. fact is, they put something incredibly horrendous on your PC and the least they can do is ensure their removal tool doesn't bork up on different downloads.
the test above is simply what happened on one attempted uninstall and if any of them had worked, i'd have happily posted that. but it didn't...
Its interesting to note that
on their website their contact
information is not working:
You get a generic answering
service when you dial the
person (is the person even real?)
below:
Jonathan Cohen
(646) 442-6366
jcohen@direct-revenue.com
This person is also affiliated
with "SOHO", one of their
virtual "partners".
These slimey creeps are dirty
regardless of how savvy they
paint their outfits.
The abetterinternet/aurora/nail.exe is one of the hardest infections to get rid of. Two separate clients got it. Nail.exe would always come back after rebooting. Finally did a copy con >nail.exe followed by a couple return keys and F6, then made it read-only with attrib.
Having the add/remove tell you to go to a different web site is unbelievable! I could not believe it when I saw it. Like I'm going to trust their web site ???
I can't believe these people admit to be associated with this product.
their co-founders resigned according to new media report. my wife's lap top is destroyed by this crappolla. direct has shut down their phones....thx for all the info. peace out. arthur barbato
Excellent PaperGhost! Great job! This is just so idiotic! Many folks are getting hit with this crap! So glad you showed that their 'peace offering' was nothing of the sort. They are still the same ... a leopard doesn't change his spots! When will certain adware/spyware programs learn that?
I know how to kill DR by hand quickly, but it requires booting to a Windows PE CD:
- Verify (in System Information > Software Environment > Loaded Modules) that Nail.exe and DrPMon.dll are loaded in memory.
- Boot to PE. Replace both files with read-only text files, same names, same locations. (This is more easily done if your WinPE CD has a file management shell. I use File Manager from NT, but you can do this part at the command prompt).
Open PE's Registry Editor. Load the Software and System hives from %windir%System32Config. Load the Software hive as 'sw' and the System hive as 'sys.'
- Delete Nail.exe from the data in the Shell value in the HKLMswSoftwareMicrosoftWindows NTCurrentVersionWinlogon key.
- Remove the subkey in HKLMsysControlSet001ControlPrintMonitors that contains a Driver value with DrPMon.dll as its data.
- Unload both hives. Reboot. DR is dead.
Well, thanks for exposing the already well known fact that "Best Offers," or "Aurora" whoever they feel like calling themselves at this moment, are nothing more than vandals breaking into your computer and vandalizing your property to the point that the average user, like myself can find absolutely no way to fix the problem. But, as intelligent as you sound, you could have provided SOME method of restoring a little peace to us, the small and meek of the digital world who have absolutely no idea how to implement the removal process that you described.
I'm beginning to feel the only way I, as a simple minded internet user, will ever be able to remove Best Offers without saving my documents & information, completely reformating the hard drive and reinstalling windows. Or I could just buy a new computer and hope the vandals don't find some way to destroy it, too. Either way, Best Offers should be reimbursing us for our time, energy and money.
I'm with you, Average Home User... except I'm poor as well as a noob. My computer has been acting strangely for a while, I run yahoo's version of Norton's Spyware Scan as well as the AVG free edition. They don't find anything. I've ran an sfc> scannow and been told to reinsert Windows2000. I've uploaded every update at the MS site. Nothing helps. In trying to figure out what the issue is, my roommate suggest I go to TrendMicro's Housecall site. Lo and behold, it's recommending TWO windows updates because of remote code execution possibilities (what??) and (the biggie) adawares_BestOffers. TrendMicro is not removing it, however. I do a google search, and am floored by the amount of info on this. Unfortunately, most of it is geared to tech heads who know what they're doing. My eyes have glazed over. In spite of several places (including archived Direct Revenue interviews) there is no option in Add/Remove programs to remove BestOffers. I'm at wit's end. but thank you to this site for giving a lot of info.
Commenting by HaloScan
