I made this because gphone.exe is nowadays one of the most dangerous virus spreading very fastly.Its a trojan and changes your IE homepage and sends tries to open gtalk and yahoo messenger .It even sends messages to gtalk contacts.Its icon is just like that of folder icon and people thinking of folder click on it get infected by the virus.What is gphone?Gphone virus basically is a 260 kb .exe file which looks like a folder and it can take any name of any other folder if you have clicked on the virus folder which looks like a folder but it isnt.If you have a folder name “comptalks” in your D drive it will make a exe file in the folder named comptalks.exe and if you click on that exe file it too work as a virus.It makes .exe filesSymptomsBasically it makes 260 kb.exe file which looks like a folder....it....disable task manager,regedit command,changes ur home page and seach engine to http://rnd009.googlepages.com/google.htmSolutionJust follow Steps.=>Use the Glary Utilities freeware to remove the exe files.After installing the Glary Utilities.Open it and go to the modules tab -> Files and Folders-> Duplicate files finder. Then search for .exe files of same size and delete all the files with size 260 kb. Registry EditingWhen U R done Run “regedit” and change them to correct settings.•The newly created Registry Values are:o[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]NofolderOptions = 0×00000001to remove the Folder Options item from all Windows Explorer menus and from Control Panelo[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]DisableTaskMgr = 0×00000001DisableRegistryTools = 0×00000001to prevent users from starting Task Manager (Taskmgr.exe) to disable the Windows registry editors (Regedt32.exe and Regedit.exe)o[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Yahoo Messengger = “%System%\gphone.exe”so that gphone.exe runs every time Windows starts•The following Registry Values were modified:o[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]Default_Page_URL = “http://rnd009.googlepages.com/google.html”Default_Search_URL = “http://rnd009.googlepages.com/google.html”Search Page = “http://rnd009.googlepages.com/google.html”Start Page = “http://rnd009.googlepages.com/google.html”o[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell = “Explorer.exe gphone.exe”so that gphone.exe runs every time Windows starts
o[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]Start Page = “http://rnd009.googlepages.com/google.html”Note:- don't forget to delete gphone.exe from system directry/windows& delete newly created registry and correct those whom settings R changedThen U R done gphone.exe freeThank U
No comments:
Post a Comment