Nail.exe, Aurora, and a nice challange~~if you want.

By leem
May 2, 2005
  1. Ick ick ick!!! I can't get rid of this.

    I have XP pro SP2 and a major problem.

    I have the latest Adaware, Spybot, Microsoft Beta, and F-Prot Antivirus. I also have an "Aurora" ad keep popping up--and my internet is running slow.

    I have switched to Firefox, turned off system restore, turned off all suspicious start up programs in MSCONFIG, booted in safe mode, emptied cookies, temp, %all temp%, Temporary Internet Files, and History of all users on this computer. I ran all programs but Hijack This.

    I rebooted in Safe Mode and ran Hijack this. I am familliar with Hijack this and took off all ickies.

    BUT, when I reboot back to normal mode and run my antivirus, I get a bunch of suspicious files. My antivirus deletes them, but when I go to C:Windows, I see a "Nail.exe" icon (one of the suspicious files. I delete it, and within 2 minutes, it is back in without even rebooting. There is also the Auro Icon (A White globe with an orange and blue stripe). I delete both, and I get an Icon named Buddy that looks like the Aurora Icon, and the Nail.exe is back.

    I have gone into safe mode, emptied everything, ran programs, manually deleted these files...AND EVEN IN SAFE MODE, the Nail.exe and the Aurora/Buddy Icon reappears.

    The only problem I have with the Hijack this, is that after each reboot, after the RO and R1 Entries, there is a Hijack Entry :

    F-2 Reg:System.ini: Shell=Explorer.exe C:\Windows\Nail.exe.

    I keep fixing it, But it keeps comming back.

    I have never seen an "F-2" in the Hijack this log. Now my explorer wont work, but at least I have Firefox.

    Any ideas would really be helpful!
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    The line needs only "Shell=Explorer.exe" without any parameters.
  3. leem

    leem TS Rookie Topic Starter Posts: 73

    Do you know where/how I can change it?
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    click Start/Run, type in notepad c:\windows\system.ini and click OK

    It's in one of the first few lines. Change it into Shell=Explorer.exe
    Click on File/Save and exit the program.
    Reboot and you should be good.

    Now find and delete that nail-file (no pun intended).
Topic Status:
Not open for further replies.

Similar Topics

Create an account or login to comment

You need to be a member in order to leave a comment
TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.