Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems: nail.exe


  • Please log in to reply

#1
PedroD

PedroD

    New Member

  • Member
  • Pip
  • 1 posts
Please, Help me. My computer is infected with nail.exe.
What can i do?
Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:46:40, on 03-05-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Programas\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
c:\windows\system32\ttnnnc.exe
C:\Programas\Software TECOM\Bluetooth\bin\btwdins.exe
C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programas\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Software TECOM\Bluetooth\BTTray.exe
C:\Programas\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programas\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Documents and Settings\POSTO1\Os meus documentos\12popup.exe
C:\Programas\Commander Pro\UPServ.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programas\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programas\Commander Pro\UPS.EXE
C:\WINDOWS\System32\hpoipm07.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Programas\McAfee\McAfee VirusScan\VsStat.exe
C:\Programas\Ficheiros comuns\Network Associates\McShield\Mcshield.exe
C:\Programas\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\POSTO1\Os meus documentos\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.paginasamarelas.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://WWW.UPDATE-EASY.COM
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Documents and Settings\POSTO1\Os meus documentos\12popup.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr51.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - (no file)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Documents and Settings\POSTO1\Os meus documentos\12popup.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programas\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programas\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programas\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Programas\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CapFax] C:\Programas\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [cslpvaw] c:\windows\system32\ttnnnc.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programas\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Documents and Settings\POSTO1\Os meus documentos\12popup.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Programas\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Add to Ad Hunter - C:\Programas\MYIE2\config/blacklist.htm
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Programas\Software TECOM\Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-libremp3-pt\index.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software TECOM\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programas\Software TECOM\Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://WWW.UPDATE-EASY.COM
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098112417093
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAE503BD-E8B5-4EFC-8512-3A78367CA5BD}: NameServer = 10.0.0.138
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Programas\Internet History Eraser\autocomp.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Programas\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\Software TECOM\Bluetooth\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - C:\Programas\Ficheiros comuns\Network Associates\McShield\Mcshield.exe
O23 - Service: Creative NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: UPSmart - Unknown owner - C:\Programas\Commander Pro\UPServ.exe
  • 0

Advertisements


#2
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
PedroD,
Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read these instructions before proceeding.
You have some other infections as well, this will take a few steps to clean up.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please run Notepad and copy the following text into a new file:

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Post the log from the scan here.

Now run HJT and place a checkmark next to the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll


Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Thanks,
rstones12
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP