Jump to content
Sign in to follow this  
porksandwich9113

win32/gael.A trojan

Recommended Posts

Well,...tonight at about 6:30 or so, my internet stopped working, i was like wth.

I checked the modems, everything was good, i checked my Mac labtop, the internet worked..then i went back to my desktop pc...UHHHH..not working.

 

I quickly noticed a file called dl.exe, googled her on my labtop, discovered its a trace of a serveral win32 type virus'.

 

As of now i have managed to regain my internet by locating serveral .exe it has embedded itself into, and killing that process.

 

After getting the internet back, i downloaded microsofts "Windows Malicious Software Removal Tool," and it located over 2000 infected files, of the win32/gael.A virus.trojan.

 

Basically, the way the virus works, is it embeds itself within a primary .exe file vital to the windows OS (and many others) and then from that point on, infects any .exe file you run, or the damn thing can find.

 

I'm having a hell of a time getting it removed.

It's disabled my internet(which i regained control of)

It crashed my Nortan Anti-Virus(not cool, btw)-I had to uninstall it due to the system lockups it was causing.

Most other methods of removal...(Trendmicro, Bitdiffender, and other online scanners) the thing doesn't even allow them to load.

 

I located several instances of the dl.exe file it seems to have downloaded from a backdoor in my computer, and deleted them all. But i'm having a hell of a time killing this damn thing. And i can't seem to find any online scanner that will load for me.

 

If anyone knows anything about this, holler.

 

Thanks already, Sam

 

EDIT:It also seems to have disabled Java.

 

EDIT2:Well, lucky me, i got it down to 5 places.

cmd.exe, mmc.exe, rundll32.exe,taskmgr.exe,regedit.exe.

 

I'm going to try the Microsft Malicous Software revmoal tool, but if things don't go back to normal, i'm going to need help replacing these files.

EDIT3:Microsoft tool didn't work :(

 

Anyone have any ideas?

Edited by porksandwich9113

Share this post


Link to post
Share on other sites

Hi porksandwich9113, I think you probably guessed that HJT would be a good idea..

 

 

Download HijackThis! from here:

 

Put it in a permanent folder (it makes backups) by doing this:

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or

"HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there,

and double click to run it.

 

Click on "Do a system scan and save logfile". The logfile will be saved to

notepad.

 

Start a new topic in our HJT forums

 

Copy and paste the HJT log from notepad in that new topic

 

Regards pacman123

Share this post


Link to post
Share on other sites

Log is up packman.

 

That was honestly the first thing i did before i even posted this online, i didn't notice anything unusual there.

 

I was finally able to transfer firefox via flashdrive, and run TrendMicro, and install BitDiffender.

Trendmicro deleted serveral of the files, and the ones Trendmicro didn't find Bitdiffender quarintined.

 

Dispite both of these scans coming clean, no unknown process showing up, no performance hit.., my computer is acting very abnormally.

 

iTunes refuses to open, it starts in taskmgr.exe, and gets to about 10,000k mem space, then just disappears.

Windows media player encountered an internal error, and i had to uninstall that. As of now, the reinstallation has been unsuccessful.

Search function is just gone.

msconfig was gone, but i downloaded a clean copy and replaced it in the C:\windows\system32\Pchealth\binarys folder(something like that) and it now works well.

services.msc is malfunctioning.

 

i did a sfc /scannow, and everything came up clean.

I know it A)is still hiding or B)did some irrepairable damage, and i'm going to have to spring for new version of XP.

 

The general ability to recognize cd's has disappeared.

Like, i need a cd in to launch a program, the cd appears, does its autorun thing, i attempt to launch the program from the autorun, then the damn program asks for a cd.

 

I was going to cut my losses, and just back my movies and music up on my slave drive, and reformat, but somehow i lost the restore cd's.

So honestly, i need to get the fixed before i go crazy and take a sledgehammer to my computer.

 

Your help is much appreciated.

 

EDIT:ActiveX's don't seem to be working in any form in IE6 or 7 either.

Edited by porksandwich9113

Share this post


Link to post
Share on other sites

Meh, after tearing apart all the files in my house, i found i had put the restore cd's inside the tax filing cabinet

 

So, after i copy my music...FDISK HERE I COME.

 

Thanks for the help anyways.

Share this post


Link to post
Share on other sites

So glad you found your restore CDs.

 

Your system has been compromised...

 

I would advise for you to disconnect this PC from the Internet, and then go to

a known clean computer and change any passwords or security information held

on the infected computer. In particular, check whatever relates to online

banking financial transactions, shopping, credit cards, or sensitive

personal information. It is also wise to contact your financial institutions

to apprise them of your situation.

Share this post


Link to post
Share on other sites

Thanks for the tip Jacee. But my dad being an avid Mac fan, doesn't allow any transactions to happen on PC's. Everything we ever bought online was done on our wonderful G5 :D.

 

I'm afraid the only thing this guy will beable to get is my e-mail account password :P

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...