Author Topic: nilm.exe trojan  (Read 2988 times)

0 Members and 1 Guest are viewing this topic.

camac

  • Guest
nilm.exe trojan
« on: June 16, 2006, 03:39:07 AM »
Hello All,
     I have a nasty little bit going on. I am running WinXPsp2 with Avast home ver. 4.7.844 VPS 0624-2. Along about three days ago I booted the machine and when Windows finished, I got an error message saying that the avast mail scanner was unable to complete Error:1022 followed by an error popup saying that the application was unable to execute and to press OK to close. The application name was nilm.exe. When I pressed OK the application (error message) duplicated. The file nilm.exe is placed in the windows directory and deleting it does nothing. It is replaced when I boot or attempt to start Internet Explorer. Avast cleaner finds nilm.exe. At first there were 1600 instances, but when it began deleting them it increased to 2900. I know that there must be some file that replaces this nuisance, but I can't find it. Avast, Ad-aware, and Ewido can't find it. I did a search for this in the forums and found an old reference to it with no resolution. There is a file for National Instruments with the same name, but trust me it's not the same file.
     I could really use some help on this. The machine is crashing with a stop error that Microsoft has not heard of other than an SP2 conflict with some skin application that I have never heard of.
    Before you ask, I don't know where this came from. Really. The most recent download came from Verizon when I upgraded to the FIOS service, but that was a week ago. I saw a post where Yahoo mail was hit with a virus, but not the one I'm dealing with. All suggestions appreciated.
Thanks,
Cam

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: nilm.exe trojan
« Reply #1 on: June 16, 2006, 04:16:20 AM »
If a virus is replicant (coming and coming again), you should:

1) Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
2) Clean your temporary files.
3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
4) Use a-squared or ewido (trojan removers).

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

Other good thing is disable System Restore, boot, enable it again. If you find a virus keeps coming back after you delete it, it's most probably infected the System Restore folder, the best way to solve this is to disable System Restore, reboot your machine and then enable it again. After all, run a full avast! scanning. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405
The best things in life are free.