I have nail.exe in my windows directory. I cant get rid of it and what I get when I google it seems like latin. I run adaware and AVG antivirus. What do I do?!
I got nailed
- Thread starter EvanAdams
- Start date
That's a craptastic one - disable the "System Startup Service", then in safe mode you need to get rid of nail.exe, svcproc.exe, DrPMon.dll, and a randomly named file that's identified by HijackThis.
Appledrop
Platinum Member
- Aug 25, 2004
- 2,340
- 0
- 0
NAIL is spyware - an virus scanner will NOT remove it properly.
You need to do a thorough spyware scan. Please follow my detailed spyware removal instructions here: http://theflyingpenguin.com/spyware-removal.shtml
Afterwards you should run a FULL virus scan from SAFE MODE.
Hope this helps...
You need to do a thorough spyware scan. Please follow my detailed spyware removal instructions here: http://theflyingpenguin.com/spyware-removal.shtml
Afterwards you should run a FULL virus scan from SAFE MODE.
Hope this helps...
I just want to know why none of the major spyware removal tools have updates for Nail.exe & Aurora? People have found fairly simple fixes on their own, so why then are they so far behind? Has this company paid off the spyware removal people?
"Trojan" is an anti-virus euphamism for Spyware. And from long experience I know that Aurora (nail) is spyware and that no AV app will remove it properly.
LEGALLY most anti-virus companies call all spyware and adware "Trojans" to avoid legal issues. Since spyware is not illegal, a spyware publisher can legitamately sue an anti-virus company (and have). They are are also using this tactic against small anti-spyware companies which is why Adaware and Spybot are worthless - they've been off my radar for a year.
I use SpySweeper or Microsoft's Anti-Spyware (which uses the Giant Anti-Spyware engine which is an excellent engine).
Again, please follow the instructions in my spyware removal link. JUST running an anti-spyware app is not enough. TRUST ME. I do this for a living.
You must also check for malicious BHO objects, check your HOSTS file, and check for malicious Active-X plugins just to name a few. There are also other specialized scanners you need to run. All is explained here: http://theflyingpenguin.com/spyware-removal.shtml
I got an email just the day before yesterday from someone infected with Aurora that used my spyware removal instructions to get rid of it.
Hope this helps...
LEGALLY most anti-virus companies call all spyware and adware "Trojans" to avoid legal issues. Since spyware is not illegal, a spyware publisher can legitamately sue an anti-virus company (and have). They are are also using this tactic against small anti-spyware companies which is why Adaware and Spybot are worthless - they've been off my radar for a year.
I use SpySweeper or Microsoft's Anti-Spyware (which uses the Giant Anti-Spyware engine which is an excellent engine).
Again, please follow the instructions in my spyware removal link. JUST running an anti-spyware app is not enough. TRUST ME. I do this for a living.
You must also check for malicious BHO objects, check your HOSTS file, and check for malicious Active-X plugins just to name a few. There are also other specialized scanners you need to run. All is explained here: http://theflyingpenguin.com/spyware-removal.shtml
I got an email just the day before yesterday from someone infected with Aurora that used my spyware removal instructions to get rid of it.
Hope this helps...
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Any idea how it got onto the computer in the first place? Friend/sibling/roommate used your computer, or you went to new websites, or ??? Here are some deterrents:
1) use a Limited account (aka Restricted User account on Win2000) for browsing/IM/email. Inherently lacks the power to install stuff, even if successfully exploited. Regardless of what exact browser/IM/email program you use, this is a strong limitation on what it can do behind your back.
2) keep Windows/etc patched up (duh). Microsoft Baseline Security Analyzer is a useful follow-on to a Windows Update session.
3) ensure that all Administrator-class accounts on the computer have a complex password, eg EvanAdams@AT. This goes for the hidden "native" Admin account too, which MBSA will help you determine if it's weak/blank. If necessary, you can set an account's password using the command net user username newpassword (may be useful for XP Home users).
Leave an un-password-protected account named "Visitors" that is a Limited account, so your gf/roommate/sibling can use the computer without having Admin powers, if you need that.
4) if your antivirus software is old stuff, get a current-generation product. For example, Norton AntiVirus 2003 doesn't support expanded-threat detection (hack tools, adware, spyware, etc). Personally, I have the hots for Kaspersky AV Personal 5 lately, for home users anyway
5) fully configure the antivirus software, don't just install with default settings and think you're done. general suggestions for AV config
6) if you have a router, block TCP/UDP traffic in both directions on all the ports you don't actually have a use for. router stuffs If you don't have a router, it's not a bad way to spend $40. While it probably doesn't pertain directly to your Aurora problem, I threw it in because it can be very good at thwarting Backdoor-type stuff.
1) use a Limited account (aka Restricted User account on Win2000) for browsing/IM/email. Inherently lacks the power to install stuff, even if successfully exploited. Regardless of what exact browser/IM/email program you use, this is a strong limitation on what it can do behind your back.
2) keep Windows/etc patched up (duh). Microsoft Baseline Security Analyzer is a useful follow-on to a Windows Update session.
3) ensure that all Administrator-class accounts on the computer have a complex password, eg EvanAdams@AT. This goes for the hidden "native" Admin account too, which MBSA will help you determine if it's weak/blank. If necessary, you can set an account's password using the command net user username newpassword (may be useful for XP Home users).
Leave an un-password-protected account named "Visitors" that is a Limited account, so your gf/roommate/sibling can use the computer without having Admin powers, if you need that.
4) if your antivirus software is old stuff, get a current-generation product. For example, Norton AntiVirus 2003 doesn't support expanded-threat detection (hack tools, adware, spyware, etc). Personally, I have the hots for Kaspersky AV Personal 5 lately, for home users anyway
5) fully configure the antivirus software, don't just install with default settings and think you're done. general suggestions for AV config
6) if you have a router, block TCP/UDP traffic in both directions on all the ports you don't actually have a use for. router stuffs If you don't have a router, it's not a bad way to spend $40. While it probably doesn't pertain directly to your Aurora problem, I threw it in because it can be very good at thwarting Backdoor-type stuff.
OK Doctor Penguin, you know best.
Just as a small addition to all the other advice in this thread and that concerns a setting in the Advanced menu of IE Properties. If you disable the option called "Enable Install On Demand (Internet Explorer)", you'll get a prompt if a web page attempts to run a script. That at least provides some warning if you were to click an image for example which would normally install spyware without your knowledge.
Well I'm referring to Ad-aware, Spyware Search & Destroy, etc. There were reports a couple months ago about Ad-aware not removing WhenU crap anymore, so who knows what else goes on behind the scenes? As long as these tools are put out for free, I wouldn't put it past anyone to find extra revenue sources any way they can.Originally posted by: Scrubber
Well, if you've got one of the ones listed here then that's a possibility. but I would imagine that it wouldn't apply to most of the ones recommended by contributors to this board.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
As usual with anti-spyware advice, they neglect to mention Limited/Restricted-User accounts, however
< sarcasm >
Of course, the use of least privilege is a new idea, having ONLY been available since WindowsNT 3.xx (or since time immemorial in the *nix world) :roll: Maybe people will begin catching on after another ten or twenty years. Or when Longhorn comes out and begins operating that way as the norm
< / sarcasm >
No offense meant to Scrubber, I'm just venting
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter