Win32/Gaelicum.A virus

  [DELETED] 18:36 28 Jul 2005

AVG found this virus had infected over 300 exe files on my computer last week, I thought I'd managed to remove the problem after running AVG and Ad-Aware several times and they stopped telling me I had a virus. Today, the problem occured again; it infects exe files as soon as they appear.

Anyone know how to stop more exe files getting removed? I tried searching on Google, but haven't yet found a solution. Also tried switching off system restore.


  [DELETED] 19:47 28 Jul 2005

try a scan with a2 click here

  [DELETED] 23:34 28 Jul 2005

which AVs found it and which didn't.

AntiVir 07.14.2005 W32/Stanit
AVG 718 07.14.2005 Win32/Gaelicum.A
Avira 07.14.2005 W32/Stanit
BitDefender 7.0 07.14.2005 no virus found
CAT-QuickHeal 7.03 07.14.2005 no virus found
ClamAV devel-20050501 07.14.2005 no virus found
DrWeb 4.32b 07.14.2005 Win32.Gael.3666
eTrust-Iris 07.13.2005 no virus found
eTrust-Vet 07.14.2005 no virus found
Fortinet 07.14.2005 suspicious
F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
Ikarus 2.32 07.14.2005 no virus found
Kaspersky 07.14.2005 Virus.Win32.Tenga.a
McAfee 4535 07.14.2005 W32/Gael
NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
Norman 5.70.10 07.14.2005 no virus found
Panda 8.02.00 07.14.2005 no virus found
Sybari 7.5.1314 07.14.2005 W32/Gael
Symantec 8.0 07.13.2005 no virus found
TheHacker 07.13.2005 no virus found
VBA32 3.10.4 07.14.2005 no virus found

  [DELETED] 00:30 01 Aug 2005

Thank you stalion and canard

The virus corrupted more exe files today, which is rather annoying! I've downloaded A2, also I've run AdAware, Spybot, AVG and CCleaner whilst System Restore was disabled, but the virus has appeared again...what shall I do? :-(

Thank you,


  [DELETED] 10:00 01 Aug 2005

Were you running the scans in safe mode?

  [DELETED] 14:05 02 Aug 2005

I tried running all the scans in safe mode yesterday, but this morning the virus had infected a few more exe's! :-(

  [DELETED] 14:29 02 Aug 2005

This looks like a nasty one and I can't find any removal instructions as of yet the virus downloads these files to your computer

# [http://][REMOVED]/dl.exe
# [http://][REMOVED]/CBACK.EXE

not much help I know

  [DELETED] 15:52 02 Aug 2005

click here
click here
in the links there are two variants listed of the trojan you have with removal instructions,it may help..

  [DELETED] 17:03 05 Aug 2005

but this virus seems really tricky to sort doesn't infect files as soon as possible, it waits a while then infects.

19/07/2005 - 15:00 - infected 319 files (network cable in, online)

28/07/2005 - 16:50 - infected 1 file (online)

02/08/2005 - 22:40 - infected 1 file (online)

05/08/2005 - 16:45 - infected 2 files (network cable in, online, only one PC on, System Restore off)

also it doesn't seem to infect the other computers on the network (i have disconnected them now), and AVG says that my computer has no viruses e.g. from 3rd Aug and 4th Aug, but on 5th the same virus appears which means the virus has remained on the computer all the time and not actually been removed.

I tried the Sophos scanner, but that didn't find anything either.

  [DELETED] 21:18 05 Aug 2005

Instructions to remove this virus seem simple on the AVG site and others such as the norton's site.

Turn off System Restore,
Scan with AVG in Safe Mode,
Get a list of all files that are infected (not a small job with this one),
Terminate any process that is running if its listed on that list using the Task Manager.
Now re-run (again in Safe Mode) AVG and have it quaratine all infected files. If it offers to heal, give it try but as I said, most of the time it will corrupt the file instead of just append its code to the end which is the only way a file can be healed if infected.
Replace the infected files with originals

click here=

However, it doesn't seem easy to remove. I have already switched off system restore, I've scanned in Safe Mode (AVG finds no viruses) so there's no processes that I should stop, and when I run the scan again, no viruses are found! But a few days later, the virus appears again infecting more exe's :-(

Could you please tell me which of these processes I may terminate whilst running the PC? taskmgr.exe, rundll32.exe, explorer.exe, svchost.exe, svchost.exe, svchost.exe, lsass.exe, services.exe, winlogon.exe, csrss.exe, system, system idle process?

Also I've noticed that GMail Notifier seems to be acting quite strange lately, every time it boots tries to change a registry setting for "startup entry", however, I've not altered any of its settings for a long time

Thanks, Charence

  [DELETED] 21:30 05 Aug 2005

post a hijack this log in this forum
click here
click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Amazon Prime Day 2018: Best Deals & Launches

Say aloha to the summertime vibes of artist Kim Sielbeck

The best Amazon Prime Day Apple deals 2018

Les meilleures séries Amazon Prime Video (2018)