How To Remove The Aurora - Nail.exe - Svcproc.exe

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room

How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

How To Remove The Aurora - Nail.exe - Svcproc.exe - Epolvy Hijacker

Options

-David- View Member Profile	Nov 4 2005, 04:17 PM Post #1
Forum Addict Group: Moderator Posts: 10,585 Joined: 28-October 05 From: London Member No.: 38,920	This self-help guide will show how to remove the Aurora - Nail.exe - Svcproc.exe - Epolvy Hijacker What this program does: Nail.exe is a is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of it’s author’s sponsors. This program is usually installed through consent, however is sometimes packaged as another product. Aurora.exe is an advertising program by Aurora. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups etc..... Tools needed for this fix: HijackThis Ad-aware Se VX2 Plug-in Ewido Related Tutorials: How to use HijackThis to remove Browser Hijackers & Spyware Symptoms in a HijackThis Log Nail F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Epolvy O4 - HKLM\..\Run: [hdprwdl] C:\WINDOWS\system32\xigvkfa.exe r O4 - HKLM\..\Run: [qywgyfm] C:\WINDOWS\System32\tocmgs.exe r (any randomly named 04 entry with an "r" at the end) Other symptoms O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe _____________________________________________________ Please do both of the following before we start if possible!: 1) Please print off these intructions - they will be needed later when internet access is not available. This self-help guide will allow you to remove the Easy-Search.biz Hijacker 2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was before! Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Ad-Aware SE Personal from this page. Now download the VX2 Cleaner from this page. Run Ad-Aware SE Personal. Click Add-Ons. Double-click VX2 Cleaner. Click Ok to Excute this tool. If malware is found click Clean System. When it's done click Start in Ad-Aware SE Personal. Make sure Perform smart system scan is checked. Click Next. Let it clean anything it finds. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Once the Ewido updates are installed and you are in safe mode do the following: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido security suite. This part is dependant on which infection you have. Navigate to the c:\hijackthis directory and double-click on HijackThis With IE closed, put a checkmark on these entries and hit "fix checked" (it may well have gone already!): If you have the nail trojan fix the following entry if it is there: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe If you have the epolvy trojan fix the following entry if it is there if present: Any entry that had a random ".exe" file in the 04 section, with a "r" at the end: e.g O4 - HKLM\..\Run: [hdprwdl] C:\WINDOWS\system32\xigvkfa.exe r O4 - HKLM\..\Run: [qywgyfm] C:\WINDOWS\System32\tocmgs.exe r If you have any other symptons of Aurora then fix the following if present : O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe Now your computer should no longer be infected with Aurora - Nail.exe - Svcproc.exe - Epolvy Hijacker. It may be possible that you still have some spyware or malware installed on your computer. If you feel this is the case, follow the instructions below to post a HijackThis log and someone will help you to remove the rest: How to submit a HijackThis log ________________________________________________________ This is a self-help guide. Use at your own risk. BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum. If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you. David This post has been edited by Grinler: Nov 19 2006, 07:20 AM -------------------- Although my help is free, if I have saved you time and money, please consider a donation!:

« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 07:48 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides