Aurora/Nail Problems after Removal Tool

Discussion in 'Malware Help (A Specialist Will Reply)' started by heinrich, Aug 29, 2005.

  1. heinrich

    heinrich Private E-2

    I've gone through the previous responses here about getting rid of the BetterInternet/Aurora/Nail bug, and thought I had got it after I'd used the Nail removal tool and done the Hoster fix and run all the general tools. (By thw way, I had also had the SurfSideKick thing). However, there were still quite a few strange-looking processes running, and I was a bit suspicious. And sure enough, when I rebooted finally in normal mode all the same stuff started popping back up. The Nail file is back and there are the following processes running, which I don't recognize: wmiprvse.exe, wscntfy.exe, symwsc.exe, Capm5lak.exe, vsloei.exe, DLG.exe, wdfmgr.exe, lsass.exe, csrss.exe. I'm normally at least fairly capable when it comes to figuring computer problems out; but I've been working on this for about 3 days now, and it's defeated me. I'm not sure where to go from here. If you guys have any suggestions, I'd appreciate it. Let me know if/when I should post a HJ log.

    Thanks,

    Aaron
     
    heinrich, Aug 29, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    All but one of those processes are normal processes. Only vsloei.exe seems fishy.

    Did you run ALL the steps in: this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you did then follow the steps below exactly:

    Print or save this instructions locally because you must be offline and have no other Windows (like browsers or anything else running) before continuing.

    - Click Start > Run and type: cmd and then click OK! This brings up a command prompt window.

    Now leave the command prompt Window open and bring up Windows Task Manager by pressing CTRL-SHIFT-ESC simultaneously. Do not be alarmed when you see you Desktop (icons etc)disappear when you do the next steps. Do not close Task Manager until I tell you to do so.

    - Now locate explorer.exe in the Process list and right click on it and select End Process

    You should now only have two Windows showing Task Manager and the command prompt.

    - At the command prompt opens, type the below commands each follow by the enter key. Take note of what happens with each one and tell me about it later when you come back here:
    nail.exe /FullRemove
    cd c:\windows
    attrib -r -s -h nail.exe
    del nail.exe
    exit <--- this will close the command prompt window

    Now go back to Task Manager and click File, and select New Task (Run....). Enter explorer.exe into the popup and click OK. This should bring back your Desktop.

    Now you can close Task Manager.

    Now continue with the below.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Aug 30, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds