Win32/Gaelicum.A virus

  Charence 18:36 28 Jul 2005
Locked

AVG found this virus had infected over 300 exe files on my computer last week, I thought I'd managed to remove the problem after running AVG and Ad-Aware several times and they stopped telling me I had a virus. Today, the problem occured again; it infects exe files as soon as they appear.

Anyone know how to stop more exe files getting removed? I tried searching on Google, but haven't yet found a solution. Also tried switching off system restore.

Thanks

  stalion 19:47 28 Jul 2005

try a scan with a2 click here

  canard 23:34 28 Jul 2005

which AVs found it and which didn't.

AntiVir 6.31.0.9 07.14.2005 W32/Stanit
AVG 718 07.14.2005 Win32/Gaelicum.A
Avira 6.31.0.9 07.14.2005 W32/Stanit
BitDefender 7.0 07.14.2005 no virus found
CAT-QuickHeal 7.03 07.14.2005 no virus found
ClamAV devel-20050501 07.14.2005 no virus found
DrWeb 4.32b 07.14.2005 Win32.Gael.3666
eTrust-Iris 7.1.194.0 07.13.2005 no virus found
eTrust-Vet 11.9.1.0 07.14.2005 no virus found
Fortinet 2.36.0.0 07.14.2005 suspicious
F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
Ikarus 2.32 07.14.2005 no virus found
Kaspersky 4.0.2.24 07.14.2005 Virus.Win32.Tenga.a
McAfee 4535 07.14.2005 W32/Gael
NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
Norman 5.70.10 07.14.2005 no virus found
Panda 8.02.00 07.14.2005 no virus found
Sybari 7.5.1314 07.14.2005 W32/Gael
Symantec 8.0 07.13.2005 no virus found
TheHacker 5.8.2.070 07.13.2005 no virus found
VBA32 3.10.4 07.14.2005 no virus found

  Charence 00:30 01 Aug 2005

Thank you stalion and canard

The virus corrupted more exe files today, which is rather annoying! I've downloaded A2, also I've run AdAware, Spybot, AVG and CCleaner whilst System Restore was disabled, but the virus has appeared again...what shall I do? :-(

Thank you,

Charence

  Major Disaster 10:00 01 Aug 2005

Were you running the scans in safe mode?

  Charence 14:05 02 Aug 2005

I tried running all the scans in safe mode yesterday, but this morning the virus had infected a few more exe's! :-(

  Completealias 14:29 02 Aug 2005

This looks like a nasty one and I can't find any removal instructions as of yet the virus downloads these files to your computer

# [http://]utenti.lycos.it/[REMOVED]/dl.exe
# [http://]utenti.lycos.it/[REMOVED]/CBACK.EXE
# [http://]utenti.lycos.it/[REMOVED]/GAELICUM.EXE

not much help I know

  SANTOS7 15:52 02 Aug 2005

click here
click here
in the links there are two variants listed of the trojan you have with removal instructions,it may help..

  Charence 17:03 05 Aug 2005

but this virus seems really tricky to sort out...it doesn't infect files as soon as possible, it waits a while then infects.

19/07/2005 - 15:00 - infected 319 files (network cable in, online)

28/07/2005 - 16:50 - infected 1 file (online)

02/08/2005 - 22:40 - infected 1 file (online)

05/08/2005 - 16:45 - infected 2 files (network cable in, online, only one PC on, System Restore off)

also it doesn't seem to infect the other computers on the network (i have disconnected them now), and AVG says that my computer has no viruses e.g. from 3rd Aug and 4th Aug, but on 5th the same virus appears which means the virus has remained on the computer all the time and not actually been removed.

I tried the Sophos scanner, but that didn't find anything either.

  Charence 21:18 05 Aug 2005

Instructions to remove this virus seem simple on the AVG site and others such as the norton's site.

Turn off System Restore,
Scan with AVG in Safe Mode,
Get a list of all files that are infected (not a small job with this one),
Terminate any process that is running if its listed on that list using the Task Manager.
Now re-run (again in Safe Mode) AVG and have it quaratine all infected files. If it offers to heal, give it try but as I said, most of the time it will corrupt the file instead of just append its code to the end which is the only way a file can be healed if infected.
Replace the infected files with originals

click here=

However, it doesn't seem easy to remove. I have already switched off system restore, I've scanned in Safe Mode (AVG finds no viruses) so there's no processes that I should stop, and when I run the scan again, no viruses are found! But a few days later, the virus appears again infecting more exe's :-(

Could you please tell me which of these processes I may terminate whilst running the PC? taskmgr.exe, rundll32.exe, explorer.exe, svchost.exe, svchost.exe, svchost.exe, lsass.exe, services.exe, winlogon.exe, csrss.exe, system, system idle process?

Also I've noticed that GMail Notifier seems to be acting quite strange lately, every time it boots tries to change a registry setting for "startup entry", however, I've not altered any of its settings for a long time

Thanks, Charence

  stalion 21:30 05 Aug 2005

post a hijack this log in this forum
click here
click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Inside the iMac Pro - Apple's most powerful Mac yet

iMac Pro release date, UK price & specs

Comment nettoyer Windows et optimiser son PC gratuitement ?