Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Used Ewido for nail.exe please help :(

Started by FST2005 , Apr 26 2005 09:39 AM

  • Please log in to reply

#1
FST2005
Posted 26 April 2005 - 09:39 AM

FST2005

    New Member

  • Member
  • Pip
  • 3 posts
Hello,

First want to say this site rocks. I have searched all over and only this site has detailed and useful information that really works...keep up the great job.

I had/have the same problem that is going around with the nail.exe and the aura (spelling) pop-ups. I tried everything and nothing worked. I read in one of the posts that a prog named 'Ewido' would work. I used it and worked amazing. I cant believe this one worked and I used everything else. I tired all the other removers and nothing helped.

I used Ewido in reg mode and safe mode. I'm posting my Hijack file and if someone can review it and let me know if there is something I'm missing please. Here it is:

Logfile of HijackThis v1.97.7
Scan saved at 11:25:17 AM, on 4/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe <----- **(Is this one OK)**
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\r_server.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\Explorer.EXE <----- **(Is this one OK)**
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\All ShortCut Icons\Hijack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.andale.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Jo\Application Data\Mozilla\Profiles\default\zjme0lb3.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Jo\Application Data\Mozilla\Profiles\default\zjme0lb3.slt\prefs.js)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Advisor (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098407993531
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...8135.4935532407
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://D:\CDVIEWER\CdViewer.cab

I also noticed that a few progs I seen running when you hit 'ctrl+alt+del' are not showing up in the Hijack scan, why? They are called alg.exe, wdfmgr.exe, apvxdwin.exe, wscntfy.exe I think the 'wscntfy.exe' is part of windows security alerts.

Please let me know what needs to be fixed and doesnt. Also being how so many people and me are recently being affected by this nail/aura problem, how can we prevent it from happening again? I dont download alot of stuff and really dont know how I might have got this, one day it was just on my PC.

Thanks for all the help and I will show my support by checking out your sponsors.

Brian
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP