Options
Post-virus help needed - Win32/Gaelicum.A
Was cleaning my PC a few days ago and found a random install.exe file with no information. I tried to delete it, and somehow it self-extracted, unleashing a nasty, nasty virus that downloaded three executable files - dl.exe, cback.exe, and gaelicum.exe. It also cloned csrss.exe and attempted to mass-e-mail; my firewall (zone alarm) prevented it, but nothing was turning up in scans, and I couldn't delete the files without them regenerating.
After a restart, I scanned with Zone Alarm again and it identified the virus as Win32.Gael.3666.A. It had already infected every executable file on my PC - more than 1000 infections. Zone Alarm cleaned/deleted the infected files and after that they stopped regenerating, but something still wasn't right. I then ran a number of other scans - Adaware, spybot, windows anti-spyware, a-squared, and each turned up new infected files, which were repaired/deleted. I then ran 3 online scans, and new files were indentified and deleted with each scan. I also downloaded and ran AVG, which found 30 more infected files - indentifying the virus as Win32/Gaelicum.A.
The files aren't regenerating - each scan turned up something new and then was clean on subsequent scans. I also cleaned out my temp files, ran some cleaning utilities, and emptied windows prefetch - the major problem is solved, as my PC is running up to speed and nothing unusual comes up in taskmanager or hijackthis, but I feel a scans from more programs will keep turning up leftovers from the virus.
Also - and this is a much larger problem - some programs are no longer working, most likely due to necessary files being deleted by the antivirus scans that weren't able to be cleaned. Not a problem with things I can simply reinstall, but, for example, msconfig crashes when I attempt to run it, and then DRWatson tries to save it and promptly crashes as well. MSWord keeps trying to install when I click on a word file, then brings up a blank page when I cancel, and I have to click on the file again to bring it up (a minor inconvenience). My Add/Remove Programs is all screwed up, not just through windows but also with other programs (like CCleaner) - when I try to remove a program, it attempts to uninstall something else. And when I try to uninstall programs that aren't working manually, I get an error along the lines of "installer corrupted or incomplete".
What can I do? Are there any better antivirus programs that can clean up all the leftovers? (I tried searching for one specific to the virus but it appears to be new.) What can I do with the corrupted programs? I don't really want to re-install Windows, but do I have any other options?
Many thanks for any replies.
Mick
After a restart, I scanned with Zone Alarm again and it identified the virus as Win32.Gael.3666.A. It had already infected every executable file on my PC - more than 1000 infections. Zone Alarm cleaned/deleted the infected files and after that they stopped regenerating, but something still wasn't right. I then ran a number of other scans - Adaware, spybot, windows anti-spyware, a-squared, and each turned up new infected files, which were repaired/deleted. I then ran 3 online scans, and new files were indentified and deleted with each scan. I also downloaded and ran AVG, which found 30 more infected files - indentifying the virus as Win32/Gaelicum.A.
The files aren't regenerating - each scan turned up something new and then was clean on subsequent scans. I also cleaned out my temp files, ran some cleaning utilities, and emptied windows prefetch - the major problem is solved, as my PC is running up to speed and nothing unusual comes up in taskmanager or hijackthis, but I feel a scans from more programs will keep turning up leftovers from the virus.
Also - and this is a much larger problem - some programs are no longer working, most likely due to necessary files being deleted by the antivirus scans that weren't able to be cleaned. Not a problem with things I can simply reinstall, but, for example, msconfig crashes when I attempt to run it, and then DRWatson tries to save it and promptly crashes as well. MSWord keeps trying to install when I click on a word file, then brings up a blank page when I cancel, and I have to click on the file again to bring it up (a minor inconvenience). My Add/Remove Programs is all screwed up, not just through windows but also with other programs (like CCleaner) - when I try to remove a program, it attempts to uninstall something else. And when I try to uninstall programs that aren't working manually, I get an error along the lines of "installer corrupted or incomplete".
What can I do? Are there any better antivirus programs that can clean up all the leftovers? (I tried searching for one specific to the virus but it appears to be new.) What can I do with the corrupted programs? I don't really want to re-install Windows, but do I have any other options?
Many thanks for any replies.
Mick
0
Comments
Open my computer>click tools>click folder options>
click view tab>check show hidden files>uncheck hide file extensions>click apply>click OK>exit
Run panda softwares online scan:
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
Save the log file from this scan and post the results with a Hijack This log.
You can download Hijack This from here:
http://majorgeeks.com/HijackThis_d3155.html
Save the zipped folder to your C: directory. Enter your C: directory and locate the HiJack This folder. Open it and extract all files. Open the unzipped folder and run Hi jack This by clicking scan and save log file. It will save in notepad. Be sure to save the log file to your desktop for easy access. Now copy and paste the Hijack This log file with the activescan results into the reply field.