TechSpot

Nail.exe, Aurora, and a nice challange~~if you want.

By leem
May 2, 2005
  1. Ick ick ick!!! I can't get rid of this.

    I have XP pro SP2 and a major problem.

    I have the latest Adaware, Spybot, Microsoft Beta, and F-Prot Antivirus. I also have an "Aurora" ad keep popping up--and my internet is running slow.

    I have switched to Firefox, turned off system restore, turned off all suspicious start up programs in MSCONFIG, booted in safe mode, emptied cookies, temp, %all temp%, Temporary Internet Files, and History of all users on this computer. I ran all programs but Hijack This.

    I rebooted in Safe Mode and ran Hijack this. I am familliar with Hijack this and took off all ickies.

    BUT, when I reboot back to normal mode and run my antivirus, I get a bunch of suspicious files. My antivirus deletes them, but when I go to C:Windows, I see a "Nail.exe" icon (one of the suspicious files. I delete it, and within 2 minutes, it is back in without even rebooting. There is also the Auro Icon (A White globe with an orange and blue stripe). I delete both, and I get an Icon named Buddy that looks like the Aurora Icon, and the Nail.exe is back.

    I have gone into safe mode, emptied everything, ran programs, manually deleted these files...AND EVEN IN SAFE MODE, the Nail.exe and the Aurora/Buddy Icon reappears.

    The only problem I have with the Hijack this, is that after each reboot, after the RO and R1 Entries, there is a Hijack Entry :

    F-2 Reg:System.ini: Shell=Explorer.exe C:\Windows\Nail.exe.

    I keep fixing it, But it keeps comming back.

    I have never seen an "F-2" in the Hijack this log. Now my explorer wont work, but at least I have Firefox.

    Any ideas would really be helpful!
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    The line needs only "Shell=Explorer.exe" without any parameters.
     
  3. leem

    leem TS Rookie Topic Starter Posts: 73

    Do you know where/how I can change it?
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    click Start/Run, type in notepad c:\windows\system.ini and click OK

    It's in one of the first few lines. Change it into Shell=Explorer.exe
    Click on File/Save and exit the program.
    Reboot and you should be good.

    Now find and delete that nail-file (no pun intended).
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...