Ok, we do still have a nasty bugger onboard yet so please and follow correctly.
Click here and download the mwav program then install it.
http://www.mwti.net/antivirus/mwav.asp
Don't run it yet
Please run Notepad and copy the following text into a new file:
Code:
@ECHO OFF
cd %windir%
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
exit
Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Dont run it yet.
Please copy the following instructions to notepad...we will be going to safe mode and cant see this page.
If youre unsure how then read this
http://www.spyware911.net/forum/index.php?...age&pg=safemode
Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.
Please note any errors and report them back here if any.
Then run mwav scanner. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
Then scan with hijack again and insert a check next to these:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [jjeuii] c:\windows\system32\wnpjzq.exe
Reboot normally, post the mwav scanlog as well as a fresh hijacklog please.
Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [jjeuii] c:\windows\system32\wnpjzq.exe