Win32/Gaelicum.A virus

  Charence 18:36 28 Jul 05

AVG found this virus had infected over 300 exe files on my computer last week, I thought I'd managed to remove the problem after running AVG and Ad-Aware several times and they stopped telling me I had a virus. Today, the problem occured again; it infects exe files as soon as they appear.

Anyone know how to stop more exe files getting removed? I tried searching on Google, but haven't yet found a solution. Also tried switching off system restore.


  stalion 19:47 28 Jul 05

try a scan with a2 click here

  canard 23:34 28 Jul 05

which AVs found it and which didn't.

AntiVir 07.14.2005 W32/Stanit
AVG 718 07.14.2005 Win32/Gaelicum.A
Avira 07.14.2005 W32/Stanit
BitDefender 7.0 07.14.2005 no virus found
CAT-QuickHeal 7.03 07.14.2005 no virus found
ClamAV devel-20050501 07.14.2005 no virus found
DrWeb 4.32b 07.14.2005 Win32.Gael.3666
eTrust-Iris 07.13.2005 no virus found
eTrust-Vet 07.14.2005 no virus found
Fortinet 07.14.2005 suspicious
F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
Ikarus 2.32 07.14.2005 no virus found
Kaspersky 07.14.2005 Virus.Win32.Tenga.a
McAfee 4535 07.14.2005 W32/Gael
NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
Norman 5.70.10 07.14.2005 no virus found
Panda 8.02.00 07.14.2005 no virus found
Sybari 7.5.1314 07.14.2005 W32/Gael
Symantec 8.0 07.13.2005 no virus found
TheHacker 07.13.2005 no virus found
VBA32 3.10.4 07.14.2005 no virus found

  Charence 00:30 01 Aug 05

Thank you stalion and canard

The virus corrupted more exe files today, which is rather annoying! I've downloaded A2, also I've run AdAware, Spybot, AVG and CCleaner whilst System Restore was disabled, but the virus has appeared again...what shall I do? :-(

Thank you,


  Major Disaster 10:00 01 Aug 05

Were you running the scans in safe mode?

  Charence 14:05 02 Aug 05

I tried running all the scans in safe mode yesterday, but this morning the virus had infected a few more exe's! :-(

  Completealias 14:29 02 Aug 05

This looks like a nasty one and I can't find any removal instructions as of yet the virus downloads these files to your computer

# [http://][REMOVED]/dl.exe
# [http://][REMOVED]/CBACK.EXE

not much help I know

  SANTOS7 15:52 02 Aug 05

click here
click here
in the links there are two variants listed of the trojan you have with removal instructions,it may help..

  Charence 17:03 05 Aug 05

but this virus seems really tricky to sort doesn't infect files as soon as possible, it waits a while then infects.

19/07/2005 - 15:00 - infected 319 files (network cable in, online)

28/07/2005 - 16:50 - infected 1 file (online)

02/08/2005 - 22:40 - infected 1 file (online)

05/08/2005 - 16:45 - infected 2 files (network cable in, online, only one PC on, System Restore off)

also it doesn't seem to infect the other computers on the network (i have disconnected them now), and AVG says that my computer has no viruses e.g. from 3rd Aug and 4th Aug, but on 5th the same virus appears which means the virus has remained on the computer all the time and not actually been removed.

I tried the Sophos scanner, but that didn't find anything either.

  Charence 21:18 05 Aug 05

Instructions to remove this virus seem simple on the AVG site and others such as the norton's site.

Turn off System Restore,
Scan with AVG in Safe Mode,
Get a list of all files that are infected (not a small job with this one),
Terminate any process that is running if its listed on that list using the Task Manager.
Now re-run (again in Safe Mode) AVG and have it quaratine all infected files. If it offers to heal, give it try but as I said, most of the time it will corrupt the file instead of just append its code to the end which is the only way a file can be healed if infected.
Replace the infected files with originals

click here=

However, it doesn't seem easy to remove. I have already switched off system restore, I've scanned in Safe Mode (AVG finds no viruses) so there's no processes that I should stop, and when I run the scan again, no viruses are found! But a few days later, the virus appears again infecting more exe's :-(

Could you please tell me which of these processes I may terminate whilst running the PC? taskmgr.exe, rundll32.exe, explorer.exe, svchost.exe, svchost.exe, svchost.exe, lsass.exe, services.exe, winlogon.exe, csrss.exe, system, system idle process?

Also I've noticed that GMail Notifier seems to be acting quite strange lately, every time it boots tries to change a registry setting for "startup entry", however, I've not altered any of its settings for a long time

Thanks, Charence

  stalion 21:30 05 Aug 05

post a hijack this log in this forum
click here
click here

This thread is now locked and can not be replied to.

Nintendo Switch (Nintendo NX) release date, price, specs and preview trailer: Codename NX console…

1995-2015: How technology has changed the world in 20 years

8 things designers (and brands) need to know about the modern woman

How to speed up a slow Mac: 19 great tips to make an iMac, MacBook or Mac mini run faster | Speed…