Aurora/Nail fix
By racooper w/SwanDog46 & miekiemoes
PLEASE READ AND FOLLOW THESE INSTRUCTIONS CAREFULLY; YOU MAY WANT TO PRINT OR SAVE THESE INSTRUCTIONS LOCALLY BEFORE STARTING.
1. Please download, install, and update the free version of Ewido AntiMalware:
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful")
[*]Exit Ewido. DO NOT scan yet.
Download CCleaner and install, but do not run it yet.
2. Please download this revised installer for the Nailfix utility.
DO NOT run it yet.
Alternate download links here:
http://www.spywareedge.net/nf/nailfix.exe
http://www.spywareaid.com/index.php?file=s...22&softtype=exe
3. Reboot to Safe Mode
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
4. Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
5. Next, run Ewido again.
[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
[*]If ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
6. Then run HijackThis, click Scan, and place a checkmark by the following item (if found):
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [random] c:\windows\system32\random.exe r
Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always end in a single letter r.
Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).
6. Now, run CCleaner.
[*]Uncheck "Cookies" under "Internet Explorer".
[*]If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
[*]Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.
Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
7. Please start a new topic if you need help. Do not post your logs in someone else's threads. Please NOTE: If you have not done so already, follow the Manadory Steps first before post a HijackThis log. The rules are here:
»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
Edited for new version of Nailfix 22Jul2005
 feedback form
 feedback form
by CalamityJane  edited by lilhurricane
last modified: 2006-01-02 23:49:29 |
