I got nailed

[EvanAdams]

I have nail.exe in my windows directory. I cant get rid of it and what I get when I google it seems like latin. I run adaware and AVG antivirus. What do I do?!

 

[cubby1223]

That's a craptastic one - disable the "System Startup Service", then in safe mode you need to get rid of nail.exe, svcproc.exe, DrPMon.dll, and a randomly named file that's identified by HijackThis.

 

[Scrubber]

Online scanner here
Disable System Restore before you run it because there will be backup copies of the malware in there too. Instructions here

 

[Appledrop]

http://forums.techguy.org/t365832&highlight=nail.exe.html

 

[FlyingPenguin]

NAIL is spyware - an virus scanner will NOT remove it properly.

You need to do a thorough spyware scan. Please follow my detailed spyware removal instructions here: http://theflyingpenguin.com/spyware-removal.shtml

Afterwards you should run a FULL virus scan from SAFE MODE.

Hope this helps...

 

[Scrubber]

Originally posted by: FlyingPenguin
NAIL is spyware - an virus scanner will NOT remove it properly....

You would be correct in saying that "nail.exe" is spyware, but that's just a component of the main body which is a Trojan/virus, or at least that's the impression I get from various docs around the web i.e. this site

 

[cubby1223]

I just want to know why none of the major spyware removal tools have updates for Nail.exe & Aurora? People have found fairly simple fixes on their own, so why then are they so far behind? Has this company paid off the spyware removal people?

 

[Scrubber]

Originally posted by: cubby1223
I just want to know why none of the major spyware removal tools have updates for Nail.exe & Aurora? People have found fairly simple fixes on their own, so why then are they so far behind? Has this company paid off the spyware removal people?

Well, if you've got one of the ones listed here then that's a possibility. but I would imagine that it wouldn't apply to most of the ones recommended by contributors to this board.

 

[FlyingPenguin]

"Trojan" is an anti-virus euphamism for Spyware. And from long experience I know that Aurora (nail) is spyware and that no AV app will remove it properly.

LEGALLY most anti-virus companies call all spyware and adware "Trojans" to avoid legal issues. Since spyware is not illegal, a spyware publisher can legitamately sue an anti-virus company (and have). They are are also using this tactic against small anti-spyware companies which is why Adaware and Spybot are worthless - they've been off my radar for a year.

I use SpySweeper or Microsoft's Anti-Spyware (which uses the Giant Anti-Spyware engine which is an excellent engine).

Again, please follow the instructions in my spyware removal link. JUST running an anti-spyware app is not enough. TRUST ME. I do this for a living.

You must also check for malicious BHO objects, check your HOSTS file, and check for malicious Active-X plugins just to name a few. There are also other specialized scanners you need to run. All is explained here: http://theflyingpenguin.com/spyware-removal.shtml

I got an email just the day before yesterday from someone infected with Aurora that used my spyware removal instructions to get rid of it.

Hope this helps...

 

[mechBgon]

Any idea how it got onto the computer in the first place? Friend/sibling/roommate used your computer, or you went to new websites, or ??? Here are some deterrents:

1) use a Limited account (aka Restricted User account on Win2000) for browsing/IM/email. Inherently lacks the power to install stuff, even if successfully exploited. Regardless of what exact browser/IM/email program you use, this is a strong limitation on what it can do behind your back.

2) keep Windows/etc patched up (duh). Microsoft Baseline Security Analyzer is a useful follow-on to a Windows Update session.

3) ensure that all Administrator-class accounts on the computer have a complex password, eg EvanAdams@AT. This goes for the hidden "native" Admin account too, which MBSA will help you determine if it's weak/blank. If necessary, you can set an account's password using the command net user username newpassword (may be useful for XP Home users).

Leave an un-password-protected account named "Visitors" that is a Limited account, so your gf/roommate/sibling can use the computer without having Admin powers, if you need that.

4) if your antivirus software is old stuff, get a current-generation product. For example, Norton AntiVirus 2003 doesn't support expanded-threat detection (hack tools, adware, spyware, etc). Personally, I have the hots for Kaspersky AV Personal 5 lately, for home users anyway

5) fully configure the antivirus software, don't just install with default settings and think you're done. general suggestions for AV config

6) if you have a router, block TCP/UDP traffic in both directions on all the ports you don't actually have a use for. router stuffs If you don't have a router, it's not a bad way to spend $40. While it probably doesn't pertain directly to your Aurora problem, I threw it in because it can be very good at thwarting Backdoor-type stuff.

 

[Scrubber]

Originally posted by: FlyingPenguin
Again, please follow the instructions in my spyware removal link. JUST running an anti-spyware app is not enough. TRUST ME. I do this for a living.

OK Doctor Penguin, you know best.

Just as a small addition to all the other advice in this thread and that concerns a setting in the Advanced menu of IE Properties. If you disable the option called "Enable Install On Demand (Internet Explorer)", you'll get a prompt if a web page attempts to run a script. That at least provides some warning if you were to click an image for example which would normally install spyware without your knowledge.

 

[cubby1223]

Originally posted by: Scrubber

Originally posted by: cubby1223
I just want to know why none of the major spyware removal tools have updates for Nail.exe & Aurora? People have found fairly simple fixes on their own, so why then are they so far behind? Has this company paid off the spyware removal people?

Well, if you've got one of the ones listed here then that's a possibility. but I would imagine that it wouldn't apply to most of the ones recommended by contributors to this board.

Well I'm referring to Ad-aware, Spyware Search & Destroy, etc. There were reports a couple months ago about Ad-aware not removing WhenU crap anymore, so who knows what else goes on behind the scenes? As long as these tools are put out for free, I wouldn't put it past anyone to find extra revenue sources any way they can.

 

[Scrubber]

Well, prevention is better than cure, so follow the advice mentioned here as the best means of avoiding infection.

 

[mechBgon]

Originally posted by: Scrubber
Well, prevention is better than cure, so follow the advice mentioned here as the best means of avoiding infection.

As usual with anti-spyware advice, they neglect to mention Limited/Restricted-User accounts, however

< sarcasm >

Of course, the use of least privilege is a new idea, having ONLY been available since WindowsNT 3.xx (or since time immemorial in the *nix world) :roll: Maybe people will begin catching on after another ten or twenty years. Or when Longhorn comes out and begins operating that way as the norm

< / sarcasm >

No offense meant to Scrubber, I'm just venting

 

[EvanAdams]

I got it from having unprotected sex with a dirty website. AKA bittorrent.