Nail.exe & Aurora (A Better Internet)

[Clay]

I have successfully removed the Nail.exe file from my
computer but when starting up the computer is still
searching for the file. I get an error message that
says "C:\WINDOWS\Nail.exe Windows cannot find ..."

I am running XP Home Edition and afrter starting the
computer I get the screen where each user can log on,
this error message occurs after I log on while the
computer is loading the individual settings. I click OK
and the computer seems to run fine.

I assume that while the main adware problem has been
removed there is still a file or process running that
shouldn't be there. I would greatly appreciate any
advice that would help me locate and remove this file.

Thanks

 

[AndyManchesta]

Hi there

Try downloading Nailfix and using it in safe mode.


Download Nailfix to your desktop

Primary:

http://www.noidea.us/easyfile/file.php?
download=20050515010747824

mirror:

http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix


Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

in Safe Mode, double-click on nailfix.bat. Your desktop
and icons will disappear and reappear, and a window
should open and close very quickly.

This will stop and delete nail.exe and svcproc.exe


Then run MS Antispy on a full system scan to remove any
other files.Ewido Security Suite and Adaware SE both
target Aurora so maybe worth trying them if you have more
problems with it.The problem is the random named file in
the system folder which will act as a re-installer each
time you reboot.Plus it changes its name whenever you
reboot.Ewido will remove those entries.Adaware will
remove Bolger and Drpmon.dll so again it could help.


AndyManchesta

 

[Guest]

I just defeated that one earlier today (on a client's
computer), you need to get rid of it's startup entry to
stop that error (I hope you got rid of the rest of this
spyware, and not just nail.exe), it is set to load as
your shell along with explorer.exe (if you understand
that)

Just set it back to your normal shell, with regedit go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon

and then find the "shell" entry on the right, it's
currently set to this for you (which is wrong):

Explorer.exe C:\WINDOWS\Nail.exe


but it should be just set to:

Explorer.exe

Anyway if you got rid of all of "abetterinternet" and
this nail.exe error is your only problem the above fix
should clear it up.

 

[Guest]

I wanted to say thank you very much for the help. I
spent a few days away from the PC and just got back, read
the reply to my post, did it, and it seems to have
worked.

I found the malicious shell entry "Explorer.exe
C:\WINDOWS\Nail.exe" and edited it as suggested and my PC
starts and runs clean now. I tried several anti-spyware
programs and while they helped to find some of the
components of "Nail.exe & Aurora (A Better Internet)" it
seems none of them could identify or remove this registry
problem.

Thanks Again,

Clay