The following is a detail page of Virtual Grub Street's Adware & Malware Identifier Index:

The information in the Adware & Malware Identifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.

• Associated Worms/Trojans: Trojan.Win32.Stervis.b, Win32.Afrootix, Troj/Dropper.Agent.AG, Trojan horse Dropper.Agent.AG, TROJ_AGENT.QW , Trojan.Aurora, Trojan.Bolger, Dloader.LI, Trojan horse Generic.CZ, Trojan horse Generic.EA, Troj/Generic, Hacktool.Rootkit, Trojan.Win32.Madtol.a, TROJ_MADTOL.A, Troj/Nail, Trojan.Nail
• Executable Files: adbltzun.exe; aurareco.exe; aurora.exe; aurora-wise1.exe; bho_prob.exe; biprep.exe; buddy.exe; morphrec.exe; nail.exe; newdevin.exe; polall1b.exe; poller.exe; svcproc.exe; thnall~1.exe (thnall1b.exe; thnall1p.exe; thnall2r.exe; thnall2r.exe); uacupg.exe; and many more.
• Dynamic Link Libraries: aurorahandler.dll; banner.dll; bi.dll; bolger.dll; ceres.dll; drpmon.dll; imgiant.dll; zserv.dll; and many more.
• Directory/Search Page: http://www.abetterinternet.com/
• Uninstall Page URL:
• Related Articles: Important Removal Tool Note. Fighting Malware with Standard Windows Tools (February 25, 2007). You may have more in your bag of tricks than you realize.
• Notes: Aurora.ABetterInternet and Nail.exe are two separate items that are generally bundled together -- so generally that they are widely addressed as the same infection. BI.dll, ceres.dll, host.dll and newdevin.exe have been identified as transponder files.


• Nail.exe can be removed by running the NailFix.exe tool followed by the Ewido Security Suite. This should be followed by running CCleaner or CleanUp! (on prefetch files and recycle bins for all users). All tools should be run with Windows in Safe Mode.
• The Nail.exe file itself can be removed by NailFix.exe or the Ewido Security Suite. Many or all of the active components of Aurora or ABetterInternet can be removed by the Ewido Security Suite. Again, all tools should be run with Windows in Safe Mode.
• Trlokom claims that its 15 day trialware product, SpyWall, can remove Aurora. This presumably includes the file Nail.exe.

Also See:

• Man-Boy Love Advocate Accused of Using Wikipedia to Troll for Interested Parties (March 4, 2007). Rookie Revolyob, Clayboy, Zanthalon, et al: Why is Wikpedia a Pedophile Haven?

Labels: Adware/Spyware