Wednesday, July 27, 2005

Nail.exe / Aurora removal instructions

I got this garbage spyware from somewhere - be advised it is a high-risk trojan - let's call it IT, Nail.exe is just a by-product of IT (it is 04 in your registry and is in .exe format, also in system32 folder - and that IT keeps changing names) and unless you get rid of the source (IT) Nail.exe will keep respawning - in turn spawning more garbage (i.e. BetterInternet something) - took me 7 hours to find out how to get rid of it - so here is how to do it without any fancy stuff:

1) run any anti-spyware you have: i.e. Search and Destroy, Lavasoft Microsoft Anti-Spyware - get rid of all by-products
1.1) use highjackthis (http://www.download.com/HijackThis/3000-8022_4-10227353.html) (A MUST PROGRAM FOR ANY AMATEUR VIRUS FIGHTER) - it's free, run it - you will see one extra F2 value - with Nail.exe at the end, and unusual 04 value that has extension exe. r <-that r is virus giveaway 2) (http://securityresponse.symantec.com/avcenter/FixBinet.exe) <- this is the fix for Nail.exe, download and run it - Nail will be taken out temprary; now comes important part - getting rid of IT 3.1) turn off your system recovery - right click My Computer/ properties / system recovery -uncheck 3.2) now run free online spyware and virus check at - http://housecall.trendmicro.com/

* that check is very concise - it will dispose of any remaining by-products of IT - and will narrow down our IT - which has a name - TROJ. AGENT.UX - and guess what it can't clean it - now write down the name of that infected file (you'll get it in details)

3.3) restart your computer in SAFE MODE, by pressing F8 before Windows loads, do not eanble system recover - now go into Start-Run and in run window type "regedit", in registry go to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current/Run
3.4) in run sub-directory - find that value you wrote down in 3.2 - and delete it, as well - search registry for following "aurora", "nail.exe" <- delete all values associated with it



4) restart - u might get an error message that Nail.exe is missing - HAHAAHAHA, in your face virus - now run everything again - Anti-Spyware, then TrendMicro again - and this time you should be able to delete this now-disabled bug, now reset all internet settings ... cross your fingers and RESTART

5 and final) run Highajckthis, anti-spyware, TrendMicro last time - and you are done


DONE AND DONE, take a deep breath - you made it

1 Comments:

Anonymous Anonymous said...

This comment has been removed by a blog administrator.

2:17 PM, July 27, 2005  

Post a Comment

<< Home