Jump to content

Gdooey Mae --- New Virus?


Recommended Posts

Posted

My computer seems to have been infected with something that my antivirus program (symantec, updated) can't detect. The Explorer pages keep saying "Gdooey Mae", adding that to the title of wherevber I am browsing, and my desktop background keeps vanoshing.

Tried google, a few references but most not in English

Anyone know bout this? Picked it up in Cambodia.....

Posted

I've seen those but have problem with this part of the instructions:

6.From the Command Prompt, type the following:

"del c:\pooh.vbs /f/s/q/a" where pooh.vbs is the name of the script, ex. va6.vbs

del c:\autorun.inf

del c:\windows\system32\kernell.dll.vbs

del c:\aikelyu.html /f/s/q/a, where aikelyu.html is the Gdooey Mae.bmp in your situation'

Problem being that I do not know the name of the script for the first del, and I don't find a file Gdooey Mae.bmp anywhere in my computer for the 4th del...

???

Posted (edited)

The 4th one is probably loaded from the html page. If you delete the html page it will have essentially the same effect. Also, the bmp might be called gdmae.bmp instead.

Look for any .vbs files and list them here if you like - another one which causes this problem is apparently called wa6.vbs - and normally .vbs should not be in your C:/ directory at all, so if there are any there, they would be suspicious.

Edited by onethailand
Posted

Hate to reveal my ignornce, but where on the computer do I find the "html page" you're referring to??

I found the following .vbs files:

pubprn.vbs in Windos/Systems32 folder

VPD.vbs in Program Files /ThinkVantage folder (it's a Lenovo laptop)

VPD.vbs in IBM Tools.APPS folder

hsc_add.vbs iand hsc_del.vbs in Windos/Help/SBSI/Training/WXPPR/CBO folder

??? really appreciate your help!

Posted

Make sure your Windows search is configured to look for hidden files and folders by checking the 'Search hidden files and folders' check box under 'More Advanced Options' in Windows Search.

If you're able to find any of the files mentioned in that fix, R-click and display its properties and note the create date and time. Presumably the bmp amd vbs files will have a similar create date which will help you in identifying them eg if you search for *.bmp files, it will bring up hundreds of bmp files, but if you also specify the create date for that search, it may narrow it down.

Also, the virus may have been transferred via a USB stick so your stick may need checking if you have one.

Good luck.

Posted

the HTML page is in your C:/ drive root folder.

pubprn.vbs is for printers - no problem.

VPD.vbs - not sure, but I also have a Lenovo. Given that it's in two different places which correspond to each other, it's probably okay - a search on Google didn't turn up anything unusual.

hsc_add and hsc_del - not sure, but suspect this is probably not a problem either.

Go to Trendmicro.com and download the free version of Hijack This! - run a system scan, and post the results here or send to me in a PM and I can have a look and identify anything which might be problematic.

Posted
the HTML page is in your C:/ drive root folder.

pubprn.vbs is for printers - no problem.

VPD.vbs - not sure, but I also have a Lenovo. Given that it's in two different places which correspond to each other, it's probably okay - a search on Google didn't turn up anything unusual.

hsc_add and hsc_del - not sure, but suspect this is probably not a problem either.

Go to Trendmicro.com and download the free version of Hijack This! - run a system scan, and post the results here or send to me in a PM and I can have a look and identify anything which might be problematic.

Can't find any html file in C:\ at all.

several new problems have developed (in addition to further weirdness on my IE screen):

-when I start up I get error message that it is unable to find the file C:\autobat.exec. I am still able to call up the desktop etc by just clicking "ÖK"on that error message.

-the appearance of my Outlook Express screen has altered itself, unprovoked; I no longer have the side directory allowing me to easily move between folders, and toolbar buttons have disappeared too.

-when I click on My Computer and then the C drivem, instead of getting the C drive directory I get a message "Cannot find script file C:\wa6.vbs". I can get around this my instead clicking My Docuemtns and then scrolling to C, but it's annoying and wierd...and new. I believe a prior virus scan did identify that as an infected file and, because it couldn't clean it, I deleted it....

I ran the HijackThis, as the log is quite long I will send you by me.

Really appreciate the help..feel likem a complete idiot!

Thanks

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...