Jump to content

Change Mode

Recommended Posts

Well,...tonight at about 6:30 or so, my internet stopped working, i was like wth.

I checked the modems, everything was good, i checked my Mac labtop, the internet worked..then i went back to my desktop pc...UHHHH..not working.


I quickly noticed a file called dl.exe, googled her on my labtop, discovered its a trace of a serveral win32 type virus'.


As of now i have managed to regain my internet by locating serveral .exe it has embedded itself into, and killing that process.


After getting the internet back, i downloaded microsofts "Windows Malicious Software Removal Tool," and it located over 2000 infected files, of the win32/gael.A virus.trojan.


Basically, the way the virus works, is it embeds itself within a primary .exe file vital to the windows OS (and many others) and then from that point on, infects any .exe file you run, or the damn thing can find.


I'm having a hell of a time getting it removed.

It's disabled my internet(which i regained control of)

It crashed my Nortan Anti-Virus(not cool, btw)-I had to uninstall it due to the system lockups it was causing.

Most other methods of removal...(Trendmicro, Bitdiffender, and other online scanners) the thing doesn't even allow them to load.


I located several instances of the dl.exe file it seems to have downloaded from a backdoor in my computer, and deleted them all. But i'm having a hell of a time killing this damn thing. And i can't seem to find any online scanner that will load for me.


If anyone knows anything about this, holler.


Thanks already, Sam


EDIT:It also seems to have disabled Java.


EDIT2:Well, lucky me, i got it down to 5 places.

cmd.exe, mmc.exe, rundll32.exe,taskmgr.exe,regedit.exe.


I'm going to try the Microsft Malicous Software revmoal tool, but if things don't go back to normal, i'm going to need help replacing these files.

EDIT3:Microsoft tool didn't work :(


Anyone have any ideas?

Edited by porksandwich9113
Link to post
Share on other sites

Hi porksandwich9113, I think you probably guessed that HJT would be a good idea..



Download HijackThis! from here:


Put it in a permanent folder (it makes backups) by doing this:

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or

"HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there,

and double click to run it.


Click on "Do a system scan and save logfile". The logfile will be saved to



Start a new topic in our HJT forums


Copy and paste the HJT log from notepad in that new topic


Regards pacman123

Link to post
Share on other sites

Log is up packman.


That was honestly the first thing i did before i even posted this online, i didn't notice anything unusual there.


I was finally able to transfer firefox via flashdrive, and run TrendMicro, and install BitDiffender.

Trendmicro deleted serveral of the files, and the ones Trendmicro didn't find Bitdiffender quarintined.


Dispite both of these scans coming clean, no unknown process showing up, no performance hit.., my computer is acting very abnormally.


iTunes refuses to open, it starts in taskmgr.exe, and gets to about 10,000k mem space, then just disappears.

Windows media player encountered an internal error, and i had to uninstall that. As of now, the reinstallation has been unsuccessful.

Search function is just gone.

msconfig was gone, but i downloaded a clean copy and replaced it in the C:\windows\system32\Pchealth\binarys folder(something like that) and it now works well.

services.msc is malfunctioning.


i did a sfc /scannow, and everything came up clean.

I know it A)is still hiding or B)did some irrepairable damage, and i'm going to have to spring for new version of XP.


The general ability to recognize cd's has disappeared.

Like, i need a cd in to launch a program, the cd appears, does its autorun thing, i attempt to launch the program from the autorun, then the damn program asks for a cd.


I was going to cut my losses, and just back my movies and music up on my slave drive, and reformat, but somehow i lost the restore cd's.

So honestly, i need to get the fixed before i go crazy and take a sledgehammer to my computer.


Your help is much appreciated.


EDIT:ActiveX's don't seem to be working in any form in IE6 or 7 either.

Edited by porksandwich9113
Link to post
Share on other sites

So glad you found your restore CDs.


Your system has been compromised...


I would advise for you to disconnect this PC from the Internet, and then go to

a known clean computer and change any passwords or security information held

on the infected computer. In particular, check whatever relates to online

banking financial transactions, shopping, credit cards, or sensitive

personal information. It is also wise to contact your financial institutions

to apprise them of your situation.

Link to post
Share on other sites

Thanks for the tip Jacee. But my dad being an avid Mac fan, doesn't allow any transactions to happen on PC's. Everything we ever bought online was done on our wonderful G5 :D.


I'm afraid the only thing this guy will beable to get is my e-mail account password :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...