My Experience with Aurora

[James Bair]

I ran MS AntiSpyware app because Aurora had taken over my
daughter's XP Pro laptop. The app got rid of a lot of
things, but it did not get rid of the nail.exe file. It
would detect it, but would not get rid of it or
quarantine it. I could not delete it in Windows or Safe
Mode, but finally deleted it in Command Line Mode.

The machine would boot OK, but I got an error message
that said that Windows could not find the nail.exe file.
Fine, but why bother looking for it?

I found out that what Aurora did was this. In the Windows
NT Shell registry entry it said "explorer.exe
C:\Windows\nail.exe." If you could delete
the "C:\Windows\nail.exe" part of the entry, you would be
fine. I guess the app needs to do that.

Unfortunately for me, I deleted the whole entry, so now
the machine won't boot. But that's another story. Any
help to recover from a "update password" error message
would be helpfu. The laptop is a Dell with OEM XP, so I
do not have an install disk.

I pass this on to Microsoft so others do not have the
same problem I did.

 

[Engel]

Hello James

Thanks for your input.


Microsoft reads the posts here, and encourages users to
post feedback, positive and negative.

 

[Bill Sanderson]

James- I'd suggest calling Microsoft. They may send you to Dell, but lets
hope not.

In the United States or Canada, call 1-866-pcsafety.

In other parts of the world, call your local Microsoft office or subsidiary,
or local paid support number. Ask for the free help with virus removal or
security patch issues.

Removing Aurora surely counts as Virus removal!

They should be able to give you the best path available, given the kind of
installation media you have.

 

[Guest]

That's and easy fix, you deleted your shell startup entry
(the shell [explorer.exe] gives your desktop and taskbar).

To fix your problem start up your computer and log in
(your desktop won't load), when it is finished starting
up open the taskmanager (ctrl+shift+esc OR
ctrl+alt+delete) and run "regedit" from the file->run
command and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
and find/create a string value on the right
named "Shell", then edit its value to be:
Explorer.exe

 

[JohnF.]

You should have a recovery CD from Dell for the computer. If you cannot
find it, call Dell and they will send you another CD.

 

[Guest]

He's only missing his shell loader entry in the registry,
as I said in my other reply
(http://communities.microsoft.com/newsgroups/previewFrame.
asp?
ICP=spyware&sLCID=US&sgroupURL=microsoft.private.security.
spyware.signatures&sMessageID=%253C00e801c586a4%
2524a535eb60%[email protected]%253E) this is simple to
fix, no need for a reinstall to fix this one.

Another way to do it is to make this into a reg file
(sorry, can't attach here, so added in plain text):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

 

[JohnF.]

I saw that and I'm glad you were able to make that easy - I was just making
sure they knew they were supposed to have a restore CD.

He's only missing his shell loader entry in the registry,
as I said in my other reply
(http://communities.microsoft.com/newsgroups/previewFrame.
asp?
ICP=spyware&sLCID=US&sgroupURL=microsoft.private.security.
spyware.signatures&sMessageID=%253C00e801c586a4%
2524a535eb60%[email protected]%253E) this is simple to
fix, no need for a reinstall to fix this one.

Another way to do it is to make this into a reg file
(sorry, can't attach here, so added in plain text):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

-----Original Message-----
You should have a recovery CD from Dell for the computer. If you cannot
find it, call Dell and they will send you another CD.





.