Results 1 to 4 of 4
  1. #1
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    How To Remove Trojan.Win32.Stervis.b / Nail.exe

    There is huge problem in the spyware/malware world at the moment with a nasty little trojan called Trojan.Win32.Stervis.b.

    Symptoms of this virus include:

    - Slow down in your internet connection
    - Appearance of Nail.exe in your windows directory.
    - Appearance of a new process called SvcProc
    - Popups from Aurora
    - Presence of some or all of the following files:

    Bolger.dll
    aurora.exe
    Poller.exe
    uacupg.exe
    Nail.exe
    thnall1ac.html
    DrPMon.dll
    svcproc.exe
    The following instructions will give a guide to removing them, these instructions are the best available at the time of writing.
    ---------------------------------------------------------
    You must follow all steps in order and do not remove anything until asked.

    Tools needed:
    - HiJackThis: http://www.merijn.org/files/hijackthis.zip
    - Ewido Security Suite: http://www.ewido.net/en/ or the virus scanner of your choice. Ewido is detecting/cleaning this as of this posting.
    Install it, and update the definitions to the newest files. Do NOT run a scan yet.

    Make sure you have HiJackThis in it's own folder (e.g. C:\HJT\Hijackthis.exe)

    The following instructions will give a guide to removing them, these instructions are the best available at the time of writing.
    ---------------------------------------------------------

    Please download Nailfix from here: http://www.noidea.us/easyfile/file.p...50515010747824

    Unzip it to the desktop but please do NOT run it yet.

    Next, please reboot your computer in safe mode by doing the following:
    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in safe mode.

    For additional help in booting into safe mode, see the following site:
    http://www.pchell.com/support/safemode.shtml

    Once in safe mode, please double-click on Nailfix.bat. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

    Then please run Ewido, and run a full scan. Post the log from the scan here for me.

    Then please run HijackThis, click Scan, and check:

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

    Close all open windows except for HijackThis and click Fix Checked.

    Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
    Last edited by Crazy Chuckster; 08-24-2005 at 11:15 AM.

  2. #2
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    Re: How To Remove Trojan.Win32.Stervis.b

    bump

  3. #3
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,104

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    You da man Chuckster!

    Came upon this one today on a system. The Nailfix fle stopped it long enough for removal.


    edit
    almost 2000 views and only one reply?...lol

  4. #4
    Joined
    Oct 2001
    Location
    Erie, PA
    Age
    46
    Posts
    5,053

    Re: How To Remove Trojan.Win32.Stervis.b / Nail.exe

    Glad it has helped out a few as it is one nasty little bugger. It had a couple other replys but they were more of a problem and I moved them to their own threads.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •