Sheryl Posted September 13, 2008 Share Posted September 13, 2008 My computer seems to have been infected with something that my antivirus program (symantec, updated) can't detect. The Explorer pages keep saying "Gdooey Mae", adding that to the title of wherevber I am browsing, and my desktop background keeps vanoshing. Tried google, a few references but most not in English Anyone know bout this? Picked it up in Cambodia..... Link to comment Share on other sites More sharing options...
katana Posted September 13, 2008 Share Posted September 13, 2008 (edited) Did you try the fix here? http://answers.yahoo.com/question/index?qi...25010856AA2ivAq http://www.smart-mobile.com/forum/viewtopi...f634fb49496ba5f (StartUp Control Panel http://www.mlin.net/StartupCPL.shtml ) Edited September 13, 2008 by katana Link to comment Share on other sites More sharing options...
Sheryl Posted September 14, 2008 Author Share Posted September 14, 2008 I've seen those but have problem with this part of the instructions: 6.From the Command Prompt, type the following: "del c:\pooh.vbs /f/s/q/a" where pooh.vbs is the name of the script, ex. va6.vbs del c:\autorun.inf del c:\windows\system32\kernell.dll.vbs del c:\aikelyu.html /f/s/q/a, where aikelyu.html is the Gdooey Mae.bmp in your situation' Problem being that I do not know the name of the script for the first del, and I don't find a file Gdooey Mae.bmp anywhere in my computer for the 4th del... ??? Link to comment Share on other sites More sharing options...
onethailand Posted September 14, 2008 Share Posted September 14, 2008 (edited) The 4th one is probably loaded from the html page. If you delete the html page it will have essentially the same effect. Also, the bmp might be called gdmae.bmp instead. Look for any .vbs files and list them here if you like - another one which causes this problem is apparently called wa6.vbs - and normally .vbs should not be in your C:/ directory at all, so if there are any there, they would be suspicious. Edited September 14, 2008 by onethailand Link to comment Share on other sites More sharing options...
Sheryl Posted September 14, 2008 Author Share Posted September 14, 2008 Hate to reveal my ignornce, but where on the computer do I find the "html page" you're referring to?? I found the following .vbs files: pubprn.vbs in Windos/Systems32 folder VPD.vbs in Program Files /ThinkVantage folder (it's a Lenovo laptop) VPD.vbs in IBM Tools.APPS folder hsc_add.vbs iand hsc_del.vbs in Windos/Help/SBSI/Training/WXPPR/CBO folder ??? really appreciate your help! Link to comment Share on other sites More sharing options...
katana Posted September 14, 2008 Share Posted September 14, 2008 Make sure your Windows search is configured to look for hidden files and folders by checking the 'Search hidden files and folders' check box under 'More Advanced Options' in Windows Search. If you're able to find any of the files mentioned in that fix, R-click and display its properties and note the create date and time. Presumably the bmp amd vbs files will have a similar create date which will help you in identifying them eg if you search for *.bmp files, it will bring up hundreds of bmp files, but if you also specify the create date for that search, it may narrow it down. Also, the virus may have been transferred via a USB stick so your stick may need checking if you have one. Good luck. Link to comment Share on other sites More sharing options...
onethailand Posted September 14, 2008 Share Posted September 14, 2008 the HTML page is in your C:/ drive root folder. pubprn.vbs is for printers - no problem. VPD.vbs - not sure, but I also have a Lenovo. Given that it's in two different places which correspond to each other, it's probably okay - a search on Google didn't turn up anything unusual. hsc_add and hsc_del - not sure, but suspect this is probably not a problem either. Go to Trendmicro.com and download the free version of Hijack This! - run a system scan, and post the results here or send to me in a PM and I can have a look and identify anything which might be problematic. Link to comment Share on other sites More sharing options...
Sheryl Posted September 16, 2008 Author Share Posted September 16, 2008 the HTML page is in your C:/ drive root folder.pubprn.vbs is for printers - no problem. VPD.vbs - not sure, but I also have a Lenovo. Given that it's in two different places which correspond to each other, it's probably okay - a search on Google didn't turn up anything unusual. hsc_add and hsc_del - not sure, but suspect this is probably not a problem either. Go to Trendmicro.com and download the free version of Hijack This! - run a system scan, and post the results here or send to me in a PM and I can have a look and identify anything which might be problematic. Can't find any html file in C:\ at all. several new problems have developed (in addition to further weirdness on my IE screen): -when I start up I get error message that it is unable to find the file C:\autobat.exec. I am still able to call up the desktop etc by just clicking "ÖK"on that error message. -the appearance of my Outlook Express screen has altered itself, unprovoked; I no longer have the side directory allowing me to easily move between folders, and toolbar buttons have disappeared too. -when I click on My Computer and then the C drivem, instead of getting the C drive directory I get a message "Cannot find script file C:\wa6.vbs". I can get around this my instead clicking My Docuemtns and then scrolling to C, but it's annoying and wierd...and new. I believe a prior virus scan did identify that as an infected file and, because it couldn't clean it, I deleted it.... I ran the HijackThis, as the log is quite long I will send you by me. Really appreciate the help..feel likem a complete idiot! Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now