Remove %PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE malware
%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE Malware Removal Guide
Manual removal instructions:
Antivirus Report of %PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE:
%program files%\upaurorabrowser\upaurora.exe
Full path on a computer: %PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE
Autostart registry keys:
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\shell
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\shell\open
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\shell\open\command
HKLM\SOFTWARE\CLASSES\UPAURORACHPROGID\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE" "%1""
HKLM\SOFTWARE\CLASSES\UPAURORACHPROGID\DEFAULTICON\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE,1"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\UPAURORA.EXE\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE""
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\LocalizedString: 55 70 41 75 72 6F 72 61 00 13
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\UPAURORABROWSER.EXE\SHELL\OPEN\COMMAND\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UPAURORABROWSER.EXE\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2824E308-CEAC-4841-9E17-A9076365CFD7}\DISPLAYICON: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE"
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TABBED_BROWSING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\UpAurora.exe: 0x00000001
HKLM\SOFTWARE\CLASSES\HTMLFILE\DEFAULTICON\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE,1"
HKLM\SOFTWARE\CLASSES\HTMLFILE\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE" "%1""
HKLM\SOFTWARE\CLASSES\MHTMLFILE\DEFAULTICON\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE,1"
HKLM\SOFTWARE\CLASSES\MHTMLFILE\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE" "%1""
HKLM\Software\Clients\StartMenuInternet\: "UpAurora.exe"
HKLM\Software\Microsoft\Direct3D\MostRecentApplication\Name: "UpAurora.exe"
HKLM\Software\Microsoft\DirectDraw\MostRecentApplication\Name: "UpAurora.exe"
Related Files:
%PROGRAM FILES%\UPAURORABROWSER\INSTALLER\UNINST.EXE
%PROGRAM FILES%\UPAURORABROWSER\INSTALLER\UPAURORAKERNELSERVICE.EXE
%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE
%PROGRAM FILES%\UPAURORABROWSER\USER_CACHE\COOKIES\DEFAULT\INDEX.DAT
%PROGRAM FILES%\UPAURORABROWSER\USER_CACHE\TEMPORARY\DEFAULT\ANTIPHISHING\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.DAT
The file UPAURORA.EXE is malware related.
You must delete the file UPAURORA.EXE immediately!
Delete the file UPAURORA.EXE without delay!
Kill the process UPAURORA.EXE and remove UPAURORA.EXE from the Windows startup.
UPAURORA.EXE is related to: PE:Malware.Generic(Thunder)!1.A1C4 [F], UPAURORA.EXE.
Virustotal = 4/55
MD5 = 907D5692B63481DFED9BB1E8E7A0A27A
File Size: 4191280
| %PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE | Malware |
| %PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE | Dangerous |
| %PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE | High Risk |
Autostart registry keys:
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\shell
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\shell\open
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\shell\open\command
HKLM\SOFTWARE\CLASSES\UPAURORACHPROGID\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE" "%1""
HKLM\SOFTWARE\CLASSES\UPAURORACHPROGID\DEFAULTICON\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE,1"
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\UPAURORA.EXE\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE""
HKLM\Software\Clients\StartMenuInternet\UpAurora.exe\LocalizedString: 55 70 41 75 72 6F 72 61 00 13
HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\UPAURORABROWSER.EXE\SHELL\OPEN\COMMAND\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UPAURORABROWSER.EXE\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE"
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2824E308-CEAC-4841-9E17-A9076365CFD7}\DISPLAYICON: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE"
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\UpAurora.exe: 0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_TABBED_BROWSING\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\UpAurora.exe: 0x00000001
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\UpAurora.exe: 0x00000001
HKLM\SOFTWARE\CLASSES\HTMLFILE\DEFAULTICON\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE,1"
HKLM\SOFTWARE\CLASSES\HTMLFILE\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE" "%1""
HKLM\SOFTWARE\CLASSES\MHTMLFILE\DEFAULTICON\: "%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE,1"
HKLM\SOFTWARE\CLASSES\MHTMLFILE\SHELL\OPEN\COMMAND\: ""%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE" "%1""
HKLM\Software\Clients\StartMenuInternet\: "UpAurora.exe"
HKLM\Software\Microsoft\Direct3D\MostRecentApplication\Name: "UpAurora.exe"
HKLM\Software\Microsoft\DirectDraw\MostRecentApplication\Name: "UpAurora.exe"
Related Files:
%PROGRAM FILES%\UPAURORABROWSER\INSTALLER\UNINST.EXE
%PROGRAM FILES%\UPAURORABROWSER\INSTALLER\UPAURORAKERNELSERVICE.EXE
%PROGRAM FILES%\UPAURORABROWSER\UPAURORA.EXE
%PROGRAM FILES%\UPAURORABROWSER\USER_CACHE\COOKIES\DEFAULT\INDEX.DAT
%PROGRAM FILES%\UPAURORABROWSER\USER_CACHE\TEMPORARY\DEFAULT\ANTIPHISHING\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.DAT
The file UPAURORA.EXE is malware related.
You must delete the file UPAURORA.EXE immediately!
Delete the file UPAURORA.EXE without delay!
Kill the process UPAURORA.EXE and remove UPAURORA.EXE from the Windows startup.
UPAURORA.EXE is related to: PE:Malware.Generic(Thunder)!1.A1C4 [F], UPAURORA.EXE.
Virustotal = 4/55
MD5 = 907D5692B63481DFED9BB1E8E7A0A27A
File Size: 4191280
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.