Nail.exe adware problem

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Yesterday, I was downloading a "free" screensaver and began receiving
adware. I stopped the download and began checking for problems. Adaware
found many problems, which it fixed (it says).

My problem is that somehow this adware has made all the files in the XP Pro
c:\winnt disappear from view. Computer still works fine, so they must be
hidden by some other means.

I found this line in HijackThis that was objectionable.
F2 - REG:system.ini: Shell=Explorer.exe c:\WINDOWS\Nail.exe
It couldn't be fixed because no files can be seen in the C:\Winnt directory.
Norton can not scan a directory with no files, etc., and I can't delete any
files for the same reason. The only file showing in the folder is
c:\winnt\system32\spllo\PRTPROCS\W32X86\hpprn02.dll (may be a printer
driver).

I went into the registry and deleted this key and still no luck, although it
stopped the automatic addition of a new file to be included in startup with
the "stop process" of an unknown .exe in the taskmanager.

So... I need to know how to restore the files to "not hidden". And, if
anyone has any ideas regarding removal of this adware, I'd be most grateful.

Tom
4 answers Last reply
More about nail adware problem
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    i'm having the same problem that's why i was asking about reformatting the c
    drive...these adaware programs are nearly impossible to get rid of...won't
    let you run live update with nortons, ms antispyware finds them removes them,
    then they are back, now they did somethign to safe mode, won't boot to safe
    mode!!!...so i figure is to start from square one again...


    "Tom Landon" wrote:

    > Yesterday, I was downloading a "free" screensaver and began receiving
    > adware. I stopped the download and began checking for problems. Adaware
    > found many problems, which it fixed (it says).
    >
    > My problem is that somehow this adware has made all the files in the XP Pro
    > c:\winnt disappear from view. Computer still works fine, so they must be
    > hidden by some other means.
    >
    > I found this line in HijackThis that was objectionable.
    > F2 - REG:system.ini: Shell=Explorer.exe c:\WINDOWS\Nail.exe
    > It couldn't be fixed because no files can be seen in the C:\Winnt directory.
    > Norton can not scan a directory with no files, etc., and I can't delete any
    > files for the same reason. The only file showing in the folder is
    > c:\winnt\system32\spllo\PRTPROCS\W32X86\hpprn02.dll (may be a printer
    > driver).
    >
    > I went into the registry and deleted this key and still no luck, although it
    > stopped the automatic addition of a new file to be included in startup with
    > the "stop process" of an unknown .exe in the taskmanager.
    >
    > So... I need to know how to restore the files to "not hidden". And, if
    > anyone has any ideas regarding removal of this adware, I'd be most grateful.
    >
    > Tom
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Hi

    There 'may' be a Registry entry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    (Shell=Explorer.exe C:\WINDOWS\Nail.exe)

    If you find that entry delete it, but only that one entry. Make sure that
    you backup the Registry first.

    --

    Will Denny
    MS-MVP Windows Shell/User
    Please reply to the News Groups


    "Tom Landon" <mdeanhouston@sbcglobal.net> wrote in message
    news:OZGXZ3bmFHA.3544@TK2MSFTNGP15.phx.gbl...
    > Yesterday, I was downloading a "free" screensaver and began receiving
    > adware. I stopped the download and began checking for problems. Adaware
    > found many problems, which it fixed (it says).
    >
    > My problem is that somehow this adware has made all the files in the XP
    > Pro c:\winnt disappear from view. Computer still works fine, so they must
    > be hidden by some other means.
    >
    > I found this line in HijackThis that was objectionable.
    > F2 - REG:system.ini: Shell=Explorer.exe c:\WINDOWS\Nail.exe
    > It couldn't be fixed because no files can be seen in the C:\Winnt
    > directory. Norton can not scan a directory with no files, etc., and I
    > can't delete any files for the same reason. The only file showing in the
    > folder is c:\winnt\system32\spllo\PRTPROCS\W32X86\hpprn02.dll (may be a
    > printer driver).
    >
    > I went into the registry and deleted this key and still no luck, although
    > it stopped the automatic addition of a new file to be included in startup
    > with the "stop process" of an unknown .exe in the taskmanager.
    >
    > So... I need to know how to restore the files to "not hidden". And, if
    > anyone has any ideas regarding removal of this adware, I'd be most
    > grateful.
    >
    > Tom
    >
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Please download ewido security suite it is a free version of the program.
    http://www.pcbutts1.com/downloads/ewidosetup.exe
    Install ewido security suite
    When installing, under "Additional Options" uncheck..
    Install background guard
    Install scan via context menu
    Launch ewido, there should be an icon on your desktop, double-click it.
    The program will now open to the main screen.
    When you run ewido for the first time, you will get a warning "Database
    could not be found!". Click OK. We will fix this in a moment.
    You will need to update ewido to the latest definition files.
    On the left hand side of the main screen click update.
    Then click on Start Update.
    The update will start and a progress bar will show the updates being
    installed.
    (the status bar at the bottom will display "Update successful")
    Exit ewido. DO NOT SCAN YET.

    Download CCleaner and install it, but do not run it yet.
    http://www.pcbutts1.com/downloads/ccsetup122.exe

    Please download this file: Revised Installer for the Nailfix Utility
    http://www.pcbutts1.com/downloads/nailfix1.exe
    Save it to your desktop.
    DO NOT RUN IT YET.

    Next, please reboot your computer in SafeMode by doing the following:
    Restart your computer.After hearing your computer beep once during startup,
    but before the Windows icon appears, press F8.Instead of Windows loading as
    normal, a menu should appear
    Select the first option, to run Windows in Safe Mode.
    Once in Safe Mode, please double-click on nailfix.exe.
    Click "Next" in the setup
    Make sure "Run Nailfix" is checked and click "Finish".
    Your desktop and icons will disappear and reappear, and a window should open
    and close very quickly --- this is normal.

    Now open ewido and do a scan of your system.
    Click on scanner
    Click on Complete System Scan and the scan will begin.
    NOTE: During some scans with ewido it is finding cases of false positives.**
    You will need to step through the process of cleaning files one-by-one.
    If ewido detects a file you KNOW to be legitimate, select none as the
    action.
    DO NOT select "Perform action on all infections"
    If you are unsure of any entry found select none for now as the action.
    Once the scan has completed, there will be a button located on the bottom of
    the screen named Save report
    Click Save report.
    Save the report .txt file to your desktop or a location where you can find
    it easily.
    **(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere
    and the game "Risk")

    Now run HijackThis, click Scan, and place a checkmark next to each of the
    following items:

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    Close all open windows except for HJT, then click the Fix Checked button.
    Close HJT.

    Locate and delete the following File
    C:\WINDOWS\Nail.exe

    Now run CCleaner
    Uncheck "Cookies" under "Internet Explorer".
    If running Firefox: click on the "Applications" tab and uncheck "Cookies"
    under "Firefox".
    Click on Run Cleaner in the lower right-hand corner. This can take quite a
    while to run.

    Finally, restart your computer in normal mode and please post a new
    HijackThis log, as well as the report log from the Ewido scan by using Add
    Reply.


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Tom Landon" <mdeanhouston@sbcglobal.net> wrote in message
    news:OZGXZ3bmFHA.3544@TK2MSFTNGP15.phx.gbl...
    > Yesterday, I was downloading a "free" screensaver and began receiving
    > adware. I stopped the download and began checking for problems. Adaware
    > found many problems, which it fixed (it says).
    >
    > My problem is that somehow this adware has made all the files in the XP
    > Pro c:\winnt disappear from view. Computer still works fine, so they must
    > be hidden by some other means.
    >
    > I found this line in HijackThis that was objectionable.
    > F2 - REG:system.ini: Shell=Explorer.exe c:\WINDOWS\Nail.exe
    > It couldn't be fixed because no files can be seen in the C:\Winnt
    > directory. Norton can not scan a directory with no files, etc., and I
    > can't delete any files for the same reason. The only file showing in the
    > folder is c:\winnt\system32\spllo\PRTPROCS\W32X86\hpprn02.dll (may be a
    > printer driver).
    >
    > I went into the registry and deleted this key and still no luck, although
    > it stopped the automatic addition of a new file to be included in startup
    > with the "stop process" of an unknown .exe in the taskmanager.
    >
    > So... I need to know how to restore the files to "not hidden". And, if
    > anyone has any ideas regarding removal of this adware, I'd be most
    > grateful.
    >
    > Tom
    >
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Try running spybot from http://www.safer-networking.org/en/index.html it
    looks like it is part of "Aurora" spyware. If you google for nail.exe there
    are many suggestions.
    Neil

    "Tom Landon" <mdeanhouston@sbcglobal.net> wrote in message
    news:OZGXZ3bmFHA.3544@TK2MSFTNGP15.phx.gbl...
    > Yesterday, I was downloading a "free" screensaver and began receiving
    > adware. I stopped the download and began checking for problems. Adaware
    > found many problems, which it fixed (it says).
    >
    > My problem is that somehow this adware has made all the files in the XP
    > Pro c:\winnt disappear from view. Computer still works fine, so they must
    > be hidden by some other means.
    >
    > I found this line in HijackThis that was objectionable.
    > F2 - REG:system.ini: Shell=Explorer.exe c:\WINDOWS\Nail.exe
    > It couldn't be fixed because no files can be seen in the C:\Winnt
    > directory. Norton can not scan a directory with no files, etc., and I
    > can't delete any files for the same reason. The only file showing in the
    > folder is c:\winnt\system32\spllo\PRTPROCS\W32X86\hpprn02.dll (may be a
    > printer driver).
    >
    > I went into the registry and deleted this key and still no luck, although
    > it stopped the automatic addition of a new file to be included in startup
    > with the "stop process" of an unknown .exe in the taskmanager.
    >
    > So... I need to know how to restore the files to "not hidden". And, if
    > anyone has any ideas regarding removal of this adware, I'd be most
    > grateful.
    >
    > Tom
    >
Ask a new question

Read More

Windows XP