Trojan Gema virus

  chg 11:04 20 Dec 2003
Locked

My computer recently was infected with a Trojan Gema virus which copied itself as imagemgt32.exe. I have eventually managed to remove the relevant entries in the registry by following, step by step, the instructions from the Symantec website.
However every time I start up my computer a message appears stating that it could not find the imagemgt32.exefile in the registry. I have blundered my way through this (I'm no expert) and removed a file from the Windows\Prefetch location but still this message appears on startup.

Any help please?

  Big Elf 11:07 20 Dec 2003

The file could still be in your 'Start Menu' 'Startup' folder. If it is delete it.

  Jester2K II 11:10 20 Dec 2003

The virus has gone but the startup command hasn't - hence the error.

Use Autoruns click here to find and delete the command.

The file in Prefetch isn't a copy of the virus - its just some information Windows makes for optimising the launch of programs.

  powerless 11:12 20 Dec 2003

Start, Run, Type:

regedit

Click OK.

File, Export, choose a name, Save.

Edit, Search for: imagemgt32.exe

Right click the entry and delete. Press F3 to perform another search.

Only delete imagemgt32.exefile and if you have any problem double click the saved file and it will import back into the registry.

Start, Run, Type:

Msconfig

Click OK.

If there is a imagemgt32.exe listed, remove the tick in the box.

Restart.

  chg 11:45 20 Dec 2003

Sorted.

Thanks for all the help

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Acer Predator 21X review

Game of Thrones GIFs: how Eran Mendel is creating hilarious weekly GIFs based on each episode's…

How to increase storage on iPhone

Nokia 8 : rumeurs & soirée de lancement