Marthax Posted July 18, 2005 Share Posted July 18, 2005 Hi all!My buddy has a problem. I've been trying to fix his computer, but without any success. The problem he has is that when windows boots up, a virus (or trojan, I don't know) is executed and shown in task manager. If I try to delete it, it renames itself and executes all over again. I've tried disabling it from msconfig, but that only results in the same thing. It renames itself and a new entry is made there. I also tried searching registry for any kind of entries related to this virus, without any progress. Deleting the problem is not possible as Windows says that the file is in use. Does anyone of you guys know how to solve this problem? Perhaps someone've had the same problem? Thanks in advance!Marthax Link to comment Share on other sites More sharing options...
interminded Posted July 18, 2005 Share Posted July 18, 2005 Hi marthax... it's me again . Could you give some specs. / features ?- Does it change the IE-startpage ?- Do you get some icons on your desktop (casino/gambling/medical/women..etc..)- What do you see in taskmanager ? something like "3534.exe or Thjd.exe ?" Link to comment Share on other sites More sharing options...
Marthax Posted July 18, 2005 Author Share Posted July 18, 2005 Hi interminded:) I thought I recognized you Anyway, none of those things above are shown on his computer. I don't know much about the computer itself as it's a brand computer (Acer, I think).In the taskmanager a see a program like "erflkxg.exe". I don't know the pattern for the name creation, although it constantly changes name everytime you end it or restart windows. Link to comment Share on other sites More sharing options...
interminded Posted July 18, 2005 Share Posted July 18, 2005 (edited) Well, I can tell you this:I had the same once.And honestly, I think I spent 10 hours trying to fix it... at one point it became a matter of honour.. it was between me and him !! What I think happens is that there's one "mother-file" which generates and triggers these executables. What file that is, I could not figure out.But my startpage however was changed, so I had something to work with.I searched the registry, did a system restore, tried all kinds of Anti-Spyware tools (at least 5/6 of them), edited the msconfig and lots more.But it did not work !The only way to beat this BEAST !! was to format my machine and re-install XP.I'm sorry, probably not the answer you are looking for, but sometimes it gets this bad !Í hope you find a solution, but this "generated executable" which also appears at your friends PC, is not looking good........take care ! Edited July 18, 2005 by interminded Link to comment Share on other sites More sharing options...
Marthax Posted July 18, 2005 Author Share Posted July 18, 2005 Thanks man, really appreciate it. I guess there's no other option. Thanks again! Link to comment Share on other sites More sharing options...
ligature Posted July 18, 2005 Share Posted July 18, 2005 hey Marthax,i guess you can hit F8 while the computer is booting up and select safe mode. after you enter just locate the file and delete main virus file. Link to comment Share on other sites More sharing options...
interminded Posted July 18, 2005 Share Posted July 18, 2005 Marthax,I didn't say there's no other option...maybe it's a whole other issue your friend is experiencing.I just wanted to point out that his problem sounds very familiar and if it it is what I think it is, then a re-install might be the best option...So don't go formatting on my account... Link to comment Share on other sites More sharing options...
firefoxthebomb Posted July 18, 2005 Share Posted July 18, 2005 Update your AV, and spyware software, restart computer in safe mode and do full scans with both programs. Also get a hold of a program called WinSpy and that program can help you find out what processes are being used to run certain programs. Link to comment Share on other sites More sharing options...
member11 Posted July 18, 2005 Share Posted July 18, 2005 (edited) download a FREE 30 day nod32 antivirus software and scan on that computerproblem solved Edited July 18, 2005 by msfn11 Link to comment Share on other sites More sharing options...
chilifrei64 Posted July 18, 2005 Share Posted July 18, 2005 Check for a file called Nail.exe in the C:\windows\system32 directory (or maybe it was just c:\windows\) I had the same problem and it was because of this nail.exe file. If you get this however then yeah I would just reinstall. I have encountered this exe on 3 different computers and each time i thought I would counqure it but with no luck. Was able to find many tools now to fix it but none worked. Your best bet would be to reinstall. A repair installation WILL NOT WORK... Tried it already Link to comment Share on other sites More sharing options...
Marthax Posted July 18, 2005 Author Share Posted July 18, 2005 @interminded:So don't go formatting on my account... newwink.gifDon't worry, I'm not blaming you. It was entirely my decision.To all you guys suggesting other things to do except chilifrei64 & interminded, I've tried it all. Restart in Safe-mode, scan with AV-program, latest updates. No success.i guess you can hit F8 while the computer is booting up and select safe mode. after you enter just locate the file and delete main virus file.That's impossible as it executes even in Safe-mode resulting in file in use -> access denied. Well, I did a reinstall on his computer and it's back on track now. Although I must say that he was in a pretty s****y situation as he lost some valuable stuff because he didn't do backups before it all started. Creating backups of files that are on his exposed HDD would be foolish as the risk that those files could be infected is very high (which would spread the virus to his new formatted windows), so he simply had to remove it all. Well, I guess sh** happends, sometimes. What more can you say? After all, it's computers that we are talking about. Link to comment Share on other sites More sharing options...
death_dealer Posted July 19, 2005 Share Posted July 19, 2005 not sure if it will help or not just found this but it looks like u need to buy this prog . try doing google with nail.exe may help .nail - nail.exe - Process Information Process File: nail.exe Process Name: Trojan.Win32.Stervis.b Description: Nail.exe is a is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of it’s author’s sponsors. This program is usually installed through consent, however is sometimes packaged as another product. It is a registered security risk and should be removed immediately.For More Info About nail.exe - get win tasks 5 pro now! Author: Unknown Part of: Trojan.Win32.Stervis.b System Process: No Application: No Background Process: Yes Uses Network: Yes Uses Internet: Yes Hardware Related: No Memory Usage : N/A ( Free Up Memory ) Spyware: No ( Remove ) Adware No ( Remove ) Virus: Yes ( Remove ) Trojan: Yes ( Remove ) Security Risk (0-5): 4 Block/Remove: Use WinTasks 5 Pro to block/remove nail.exe Boost Your PC: Use SpeedUpMyPC Administrators: Troubleshoot Your PCs Discuss nail.exe: visit our forum Link to comment Share on other sites More sharing options...
gamehead200 Posted July 19, 2005 Share Posted July 19, 2005 Get HijackThis and post your log here. We might be able to help you! I've fixed these kinds of problems before... It just takes some time! Link to comment Share on other sites More sharing options...
mjc Posted July 19, 2005 Share Posted July 19, 2005 this program also adds a system service. if you use hijackthis to try and find all related files, then delete them from winpe, then use hijackthis' ADS spy and remove all the alternate data streams in \windows and \program files\, you might have more success than I did. Link to comment Share on other sites More sharing options...
interminded Posted July 19, 2005 Share Posted July 19, 2005 Well, now I AM CURIOUS ! Cause I really go to extremes to delete this crap (if it's the same as Marthax has) but I it still kept coming back.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now