Trojan Gema virus

  chg 11:04 20 Dec 03
Locked

My computer recently was infected with a Trojan Gema virus which copied itself as imagemgt32.exe. I have eventually managed to remove the relevant entries in the registry by following, step by step, the instructions from the Symantec website.
However every time I start up my computer a message appears stating that it could not find the imagemgt32.exefile in the registry. I have blundered my way through this (I'm no expert) and removed a file from the Windows\Prefetch location but still this message appears on startup.

Any help please?

  Big Elf 11:07 20 Dec 03

The file could still be in your 'Start Menu' 'Startup' folder. If it is delete it.

  Jester2K II 11:10 20 Dec 03

The virus has gone but the startup command hasn't - hence the error.

Use Autoruns click here to find and delete the command.

The file in Prefetch isn't a copy of the virus - its just some information Windows makes for optimising the launch of programs.

  powerless 11:12 20 Dec 03

Start, Run, Type:

regedit

Click OK.

File, Export, choose a name, Save.

Edit, Search for: imagemgt32.exe

Right click the entry and delete. Press F3 to perform another search.

Only delete imagemgt32.exefile and if you have any problem double click the saved file and it will import back into the registry.

Start, Run, Type:

Msconfig

Click OK.

If there is a imagemgt32.exe listed, remove the tick in the box.

Restart.

  chg 11:45 20 Dec 03

Sorted.

Thanks for all the help

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

These are the Best Christmas Ads and Studio Projects of 2016

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…