Jump to content

Weird virus problem

Marthax

By Marthax
in Windows XP

 Share

Recommended Posts

Marthax

Marthax

Posted
Posted

Hi all!

My buddy has a problem. I've been trying to fix his computer, but without any success. The problem he has is that when windows boots up, a virus (or trojan, I don't know) is executed and shown in task manager. If I try to delete it, it renames itself and executes all over again. I've tried disabling it from msconfig, but that only results in the same thing. It renames itself and a new entry is made there. I also tried searching registry for any kind of entries related to this virus, without any progress. Deleting the problem is not possible as Windows says that the file is in use. Does anyone of you guys know how to solve this problem? Perhaps someone've had the same problem?

Thanks in advance!

Marthax

Link to comment
Share on other sites

interminded

interminded

Posted
Posted

Hi marthax... it's me again . ;)

Could you give some specs. / features ?

- Does it change the IE-startpage ?

- Do you get some icons on your desktop (casino/gambling/medical/women..etc..)

- What do you see in taskmanager ? something like "3534.exe or Thjd.exe ?"

Link to comment
Share on other sites
Marthax

Marthax

Posted
  • Author
Posted

Hi interminded:) I thought I recognized you :P

Anyway, none of those things above are shown on his computer. I don't know much about the computer itself as it's a brand computer (Acer, I think).

In the taskmanager a see a program like "erflkxg.exe". I don't know the pattern for the name creation, although it constantly changes name everytime you end it or restart windows.

Link to comment
Share on other sites
interminded

interminded

Posted
Posted (edited)

Well, I can tell you this:

I had the same once.

And honestly, I think I spent 10 hours trying to fix it... at one point it became a matter of honour.. it was between me and him !! :angry:

What I think happens is that there's one "mother-file" which generates and triggers these executables. What file that is, I could not figure out.

But my startpage however was changed, so I had something to work with.

I searched the registry, did a system restore, tried all kinds of Anti-Spyware tools (at least 5/6 of them), edited the msconfig and lots more.

But it did not work !

The only way to beat this BEAST !! :angry: was to format my machine and re-install XP.

I'm sorry, probably not the answer you are looking for, but sometimes it gets this bad !

Í hope you find a solution, but this "generated executable" which also appears at your friends PC, is not looking good........

take care !

Edited by interminded
Link to comment
Share on other sites
interminded

interminded

Posted
Posted

Marthax,

I didn't say there's no other option...

maybe it's a whole other issue your friend is experiencing.

I just wanted to point out that his problem sounds very familiar and if it it is what I think it is, then a re-install might be the best option...

So don't go formatting on my account... ;)

Link to comment
Share on other sites
chilifrei64

chilifrei64

Posted
Posted

Check for a file called Nail.exe in the C:\windows\system32 directory (or maybe it was just c:\windows\) I had the same problem and it was because of this nail.exe file.

If you get this however then yeah I would just reinstall. I have encountered this exe on 3 different computers and each time i thought I would counqure it but with no luck. Was able to find many tools now to fix it but none worked. Your best bet would be to reinstall. A repair installation WILL NOT WORK... Tried it already :(

Link to comment
Share on other sites
Marthax

Marthax

Posted
  • Author
Posted

@interminded:

So don't go formatting on my account... newwink.gif
Don't worry, I'm not blaming you. It was entirely my decision.

To all you guys suggesting other things to do except chilifrei64 & interminded, I've tried it all. Restart in Safe-mode, scan with AV-program, latest updates. No success.

i guess you can hit F8 while the computer is booting up and select safe mode. after you enter just locate the file and delete main virus file.

That's impossible as it executes even in Safe-mode resulting in file in use -> access denied. Well, I did a reinstall on his computer and it's back on track now. Although I must say that he was in a pretty s****y situation as he lost some valuable stuff because he didn't do backups before it all started. Creating backups of files that are on his exposed HDD would be foolish as the risk that those files could be infected is very high (which would spread the virus to his new formatted windows), so he simply had to remove it all. Well, I guess sh** happends, sometimes. What more can you say? After all, it's computers that we are talking about.

Link to comment
Share on other sites
death_dealer

death_dealer

Posted
Posted

not sure if it will help or not just found this but it looks like u need to buy this prog . :)

try doing google with nail.exe may help .

nail - nail.exe - Process Information

Process File: nail.exe

Process Name: Trojan.Win32.Stervis.b

Description: Nail.exe is a is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of it’s author’s sponsors. This program is usually installed through consent, however is sometimes packaged as another product. It is a registered security risk and should be removed immediately.

For More Info About nail.exe - get win tasks 5 pro now!

Author: Unknown

Part of: Trojan.Win32.Stervis.b

System Process: No

Application: No

Background Process: Yes

Uses Network: Yes

Uses Internet: Yes

Hardware Related: No

Memory Usage : N/A ( Free Up Memory )

Spyware: No ( Remove )

Adware No ( Remove )

Virus: Yes ( Remove )

Trojan: Yes ( Remove )

Security Risk (0-5): 4

Block/Remove: Use WinTasks 5 Pro to block/remove nail.exe

Boost Your PC: Use SpeedUpMyPC

Administrators: Troubleshoot Your PCs

Discuss nail.exe: visit our forum

Link to comment
Share on other sites
mjc

mjc

Posted
Posted

this program also adds a system service. if you use hijackthis to try and find all related files, then delete them from winpe, then use hijackthis' ADS spy and remove all the alternate data streams in \windows and \program files\, you might have more success than I did.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...