Nail.exe and Aurora

Well, looks like I managed to get aurora and nail.exe on my computer somehow. I went through the step-by-step guide on the 'Read Me First' sticky to try to get rid of them, but no luck (well, at least with nail.exe - haven't got a popup yet).

I can post a Hijack This log if that's the next step. Any help would be appreciated.

 

Fisrt, download ABIremover and save it to a location like C:\ABIremove

NOW:
Reboot into Safe Mode, be sure you have ALL browsers closed while running this removal tool.

Next, start the ABIRemover.exe, press install, wait (explorer window will disapear)

Reboot and post a HJT log as an attachment to your post.

 

Thanks - hopefully that did the trick. Here's a copy of my HJT log:

Inline log attached!

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [ydxzbyg] c:\windows\system32\ivpkji.exe

O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

c:\windows\system32\ivpkji.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Okay - done fixed those lines, and deleted the file. Nothing showed up on CCleaner or Spybot.

Here's the new HJT log...

 

Your HJT log is clean!

Are you having any further problems?

 

Nope. Things are looking good.

Thanks for all the help!

 

Good Deal!

You should see this article on How to Protect yourself from malware!