Guest test Posted July 28, 2007 Posted July 28, 2007 Hi I have a Gateway PC which runs window xp professional. Currently i ran a full scan of symantec anti virus program v8.1 which has detected a virus called "backdoor.trojan" for a file called c:\windows\system32\gilsoh.exe. And it also mentions that clean failed,quarantine failed. And when i tried to delete, it is also failed. So i am not sure,what i should do to clean this virus. is this file part of the window xp OS, or was it created by a virus program? is it ok to somehow delete this file ? What i should do clean this virus. please let me know asap. Thanks.
Guest db ´¯`·.. > Posted July 28, 2007 Posted July 28, 2007 Re: How to clean a virus file. i would boot into "safemode" and manually delete that exe file and re run the a.v. however, there is likely extensive details for this infection at the a.v.'s website. -- db ·´¯`·.¸. , . .·´¯`·..><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º>¸. ><)))º>·´¯`·.¸. , . .·´¯`·.. ><)))º>`·.¸¸.·´¯`·.¸.·´¯`·...¸><)))º> .. "test" <lakshmij@comcast.net> wrote in message news:JJWdnboh9aONoTbbnZ2dnUVZ_vCknZ2d@comcast.com... > Hi > I have a Gateway PC which runs window xp professional. Currently i ran > a > full scan of symantec anti virus program v8.1 which has detected a > virus > called "backdoor.trojan" for a file called > c:\windows\system32\gilsoh.exe. > And it also mentions that clean failed,quarantine failed. And when i > tried > to delete, it is also failed. So i am not sure,what i should do to > clean > this virus. > > is this file part of the window xp OS, or was it created by a virus > program? > is it ok to somehow delete this file ? What i should do clean this > virus. > please let me know asap. > Thanks. > >
Guest nass Posted July 28, 2007 Posted July 28, 2007 RE: How to clean a virus file. "test" wrote: > Hi > I have a Gateway PC which runs window xp professional. Currently i ran a > full scan of symantec anti virus program v8.1 which has detected a virus > called "backdoor.trojan" for a file called c:\windows\system32\gilsoh.exe. > And it also mentions that clean failed,quarantine failed. And when i tried > to delete, it is also failed. So i am not sure,what i should do to clean > this virus. > > is this file part of the window xp OS, or was it created by a virus program? > is it ok to somehow delete this file ? What i should do clean this virus. > please let me know asap. > Thanks. Sophos Anti-Rootkit http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run = In the right pane/window delete the gilsoh.exe running process HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices = In the right pane/window delete the gilsoh.exe running service HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = In the right pane/window delete the gilsoh.exe running process HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services = In the right pane/window delete the gilsoh.exe running service. You can use this tool to delete the file from the pre-mentioned path in your post: AutoRuns for Windows v8.61: http://www.microsoft.com/technet/sysinternals/SystemInformation/Autoruns.mspx scanning for them Scan for malware from here: http://onecare.live.com/site/en-gb/default.htm?s_cid=sah http://onecare.live.com/standard/en-gb/default.htm Run a scan from here on-line: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner from here: http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine: http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/ Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. HTH. nass -------- http://www.nasstec.co.uk
Guest Malke Posted July 28, 2007 Posted July 28, 2007 Re: How to clean a virus file. test wrote: (snip multipost) Asked and answered in the other newsgroup to which you posted. Please don't multipost; it makes more work for everyone and will get you *less* help, not more. See this for why: http://en.wikipedia.org/wiki/Crossposting If you have forgotten where you posted or can't find your post, use Google Groups Advanced Search and search for your name. Malke -- Elephant Boy Computers http://www.elephantboycomputers.com "Don't Panic!" MS-MVP Windows - Shell/User
Guest Detlev Dreyer Posted July 28, 2007 Posted July 28, 2007 Re: How to clean a virus file. "test" <lakshmij@comcast.net> wrote: > I have a Gateway PC which runs window xp professional. Currently i ran a > full scan of symantec anti virus program v8.1 which has detected a virus > called "backdoor.trojan" for a file called c:\windows\system32\gilsoh.exe. > And it also mentions that clean failed,quarantine failed. And when i tried > to delete, it is also failed. So i am not sure,what i should do to clean > this virus. Note that you have lost the control of your system. > is this file part of the window xp OS, or was it created by a virus program? > is it ok to somehow delete this file ? A backdoor trojan creates backdoors and loads additional software in order to control your system. This is especially easy when installed with your administrative privileges. Even if you can manage to delete that virulent file, it has already done its job: taking control. This means stealing passwords, sending spams and/or virulent mails around the clock to all addresses found on your system, restricting your admin privileges, tampering files and/or similar things. And when having DSL, you won't even note these activities. BTW, an anti-virus cannot find that additional software usually and deleting that single file only winds up with error messages at startup in most cases. > What i should do clean this virus. "Cleaning this virus" does not clean your compromised system. http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx -- d-d
Recommended Posts