Nail.exe is a is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of it’s author’s sponsors. This program is usually installed through consent, however is sometimes packaged as another product. Aurora.exe is an advertising program by Aurora. This process monitors your browsing habits and distributes the data back to the author’s servers for analysis. This also prompts advertising popups etc…..
You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
You should to download some programs to aide in our fix. Do Not Run Them now
1. Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.
2. Download and Install Ewido Security Suite. When installing, under “Additional Options” uncheck :
– “Install background guard”
– “Install scan via context menu”
Launch Ewido, there should be an icon on your desktop double-click it. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.
3. Download and Install Ad-aware SE. If you have a previous version of Ad-Aware installed during, the installation of the new version, you will be prompted to uninstall the older version – be sure to uninstall the previous version.
Run Ad-Aware. Click on the world icon at the top right of the Ad-Aware window and let AdAware update the reference list for the adware and malware. Close Ad-Aware.
4. Download the VX2 Cleaner from here.
Run Ad-Aware SE Personal. Click Add-Ons. Double-click VX2 Cleaner. Click Ok to Execute this tool.
If malware is found click Clean System. When it’s done click Start in Ad-Aware SE Personal. Make sure Perform smart system scan is checked. Click Next. Let it clean anything it finds.
ok, it`s all programs.
Next, please reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Run Ewido Security Suite
– Click on scanner
– Click on Complete System Scan and the scan will begin.
– You will be prompted to clean the first infection.
– Select “Perform action on all infections”, then proceed.
Close ewido security suite
Now you need to run HijackThis and click “Do a system scan only”
If you have the nail trojan, fix the following entry if it is there:
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
If you have the epolvy trojan fix the following entry if it is there if present:
Any entry that had a random “.exe” file in the 04 section, with a “r” at the end:
O4 – HKLM\..\Run: [hdprwdl] C:\WINDOWS\system32\xigvkfa.exe r
O4 – HKLM\..\Run: [qywgyfm] C:\WINDOWS\System32\tocmgs.exe r
If you have any other symptons of Aurora then fix the following if present :
O2 – BHO: BolgerObj Class – {302A3240-4805-4a34-97D7-1645A0B08410} – C:\WINDOWS\Bolger.dll
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
Finally, restart your computer.
Now your computer should no longer be infected with Aurora – Nail.exe – Epolvy Hijackers.
