Windows XP: c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxccounter
by ronbin - 5/31/09 11:35 PMWindows XP IE8 SVC pack 3
How to get rid of please. I have tried Hijackthis,combofix, disinfectant etc, etc but I still have it.
Perhaps it needs to be removed manually???
RonB
Re: C\Windows\System32\gxvxccounter
by Carol~
- 6/1/09 11:38 AM
In reply to: c:\windows\system32\gxvxccounter by ronbin
Ron..
Did you scan with Malwarebytes' Anti-Malware? If you're having a problem with Trojan.DNSChanger, it should help. Try scanning with it, and do the same with SUPERAntiSpyware FREE Editon in safe mode. They are both free. If neither help, in lieu of trying to delete it manually, I would suggest posting your logs at one of the forums which analyze them. Here's a couple:
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.bleepingcomputer.com/forums/forum55.html
Best of luck..
Carol
Trojan gxvxccounter
by ronbin - 6/1/09 2:57 PM In reply to: Re: C\Windows\System32\gxvxccounter by Carol~
Thanks Carol, I have posted my request on the Malwarebytes forum you suggested. if I get any solution I will pass it on in case you have the same problem later on.
Cheers for now,
RonB
(NT) You're welcome, Ron. Good Decision! :)
by Carol~ - 6/1/09 3:12 PM
In reply to: Trojan gxvxccounter by ronbin
In Your Other Trhead About This, I Posted...
by Grif Thomas - 6/1/09 7:28 PM
In reply to: Trojan gxvxccounter by ronbin
..a link to someone else that received assistance in removing the same problem.. Did you try the steps in that thread? Here it is again:
http://forums.techguy.org/malware-removal-hijackthis-logs/823827-cannot-remove-gxvxccounter-browser-hijacked.html
Hope this helps.
Grif
Grif gxvxccounter
by ronbin - 6/1/09 11:44 PM In reply to: In Your Other Trhead About This, I Posted... by Grif Thomas
Grif,
I tried to download combofix to my desk top a little screen opened and told me I could not rename combo fix and to use another name using only alph characters. There wasn't any further activity from the programme so I got stuck. I tried to download again but no go. I had turned off my AVG and was raring to go!
Damned nuisance. Abny ideas pleasse?
RonB
hehehehe thats funny,
by Nightmares0nwax - 6/2/09 4:34 AM In reply to: Grif gxvxccounter by ronbincos here you have 2 anti-rootkit applications, desgined for the soul purpose or weeding out rootkits. yeh well alpha characters are a-z in case you didnt realise. good luck with your "spyware" problem anyhow.
Perform All Downloads & Rename On A Separate Computer..
by Grif Thomas - 6/2/09 11:52 AM
In reply to: Grif gxvxccounter by ronbin
Since yours is infected, use a separate, clean computer to download the file.. Once it's on the desktop of the clean computer, rename it to something like gogetum.com, then copy it to a CD or flash drive and transfer it to the infected computer.
Hope this helps.
Grif
Trojan DNS
by ronbin - 6/3/09 12:01 AM In reply to: Perform All Downloads & Rename On A Separate Computer.. by Grif Thomas
Thanks Grif for that. Unfortunately I don't have another computer so that won't work. I have been in touch with a computer guru who is coming round on Friday to try and remove the trojan and if that fails he will reformat my HD and I will do a reinstall of of my programmes. If that is the case, at least I will be rid of it permanently and I will have a clean HD.
I would like to get my hands on the clown who designed this trojan and sent it to me in the first place, it's caused nothing but hassle and problems.
Thanks for all your help and advice, I do appreciate it.
Best wishes,
RonB
I made a renamed version for you to download
by Slikkster - 6/3/09 4:19 AM In reply to: Trojan DNS by ronbinI'm surprised no one else thought of this, but I downloaded combofix.exe and renamed it to Griff's suggestion of "GoGetUm.exe". I uploaded it to box.net, a free file sharing service. You have to trust me, of course, so that's up to you. But if you check my history, I think I deserve it.
So, if interested in the renamed combofix.exe, get it here:
http://www.box.net/shared/pmkmupqy95
You'll see that it is renamed to "GoGetUm.exe", and it's the latest version of Combofix (as of June 3 2009) directly from BleepingComputer.com.
Good luck.
Combofix renamed
by ronbin - 6/3/09 8:15 AM In reply to: I made a renamed version for you to download by SlikksterHi,
Thanks a million, if you were close by, I would buy you a large whisky, it worked and the Trojan has gone. Combofix found two drivers and two .dll files all starting with gxvxc which it deleted. I now have my computer back thanks to you.
No problem...but also...
by Slikkster - 6/3/09 9:15 AM In reply to: Combofix renamed by ronbinGlad to help, but also run Malwarebytes again just to be sure. And as usually the case, these help sessions are the result of group efforts. It was Griff's suggestion that led me to uploading the renamed file. I actually like having it handy, now, in case I ever need it! Box.net is good that way.
Good luck!
And one last thing...
by Slikkster - 6/3/09 9:33 AM In reply to: No problem...but also... by SlikksterBe sure to toggle OFF your System Restore and then toggle it back ON. Why? Because it will dump all the old restore points, which still contain references to the trojan. And then it will create a new restore point for your freshly cleaned system.
Steps: http://support.microsoft.com/kb/310405
system Restore
by ronbin - 6/3/09 10:38 AM In reply to: And one last thing... by SlikksterIt's OK, I have just turned it off and back on again using the M'soft Guided Instructions.
Trojan Combofix
by ronbin - 6/3/09 10:34 AM In reply to: No problem...but also... by SlikksterOh dear!, I forgot to toggle off my Restore Point! I assume that if I make a new one on the 4th that will be alright? I certainly wouldn't want to restore back before the 3rd!
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
