I remember I had this file in the Windows system directory once. I
didn't download the file directly. It was wrapped into a Nullsoft
installer file, or so I thought. I thought it was a Winamp plug-in.
They just stole the icon. Ad-aware would detect it, but it would
reappear at startup. I scanned the original file when I realized
where it came from. Nothing was detected. I spend hours trying to
manually get rid of the program. It would eventually come back,
depending upon how long I left the computer on.

This program had two processes, and when one or both were killed,
they would reappear. One process was Nail.exe, and the other was a
random name. It would place itself in the registry at
HKLM\Software\Microsoft\Windows\CurrentVersion\Run with the same
random name. It would always make an additional copy of itself in
the system directory. I had several stale versions of it after I
killed them in the system directory xxx:\WINDOWS.

I think Nail.exe facilitates either downloading malicious code from
the internet or installing it. The randomly named programs were
smaller.

Lavasoft Ad-Aware was never able to fully eradicate it. It is some
sort of VX2 variant. I even downloaded the VX2 plug-in for Ad-Aware.
Unfortunately, you get what you pay for. The malware was eradicated
finally when I installed Microsoft Anti-Spyware. I was surprised
that a Microsoft product worked that well. Usually, Microsoft
creates their own kind of spyware, in my opinion. Also, I've heard
that commericially available programs are better than either
Lavasoft's or Microsoft's anti-spyware programs. That's just what
I've heard so far.

Erik