Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to get rid of ggktpfg.exe?


  • Please log in to reply
34 replies to this topic

#1 dumb_blond

dumb_blond

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 05:22 AM

ggktpfg. exe !!! i don't know what it is, not sure how i got it ... but is killing me. help pls!

BC AdBot (Login to Remove)

 


#2 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 05:43 AM

HI
Could you provide a little more detail?

what Opperating System are you using?
do you have Anti virus installed?
what have you tried so far and what result did it have?

#3 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 06:48 AM

HI
Could you provide a little more detail?

what Opperating System are you using?
do you have Anti virus installed?
what have you tried so far and what result did it have?


just reinstalled XP, did not get the chance to install an AV (there is a story to it but it doesn't matter now) ... according to a google search the bloody thing is about a month old. i just run Malwarebytes' Anti-Malware to get rid of another beauty named Security Tool (obviously did not work for this thing as well).
Revo Uninstaller goes nuts if i try to run it, popping continuously ggktpfg.exe related info as in: "2232 ggktpfg.exe is set to auto start", "2232 ggktpfg.exe is no longer set to auto start" ... and the numbers keep changing. i'm sure that those numbers mean something but ... not to me.
Just after start-up windows keeps giving me repeatedly the warning "ggktpfg.exe was not responding" or smth like that and "send error report". i cannot terminate it from "task manager" ... don't know what else... tried to kill it with Process Explored to no avail

Edited by dumb_blond, 14 July 2010 - 07:03 AM.


#4 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 06:57 AM

It sounds like revo is having a running battle with the virus (does it continue indefinitely? If so try running rkill, tell us what it reports

Edited by Cheredanine, 14 July 2010 - 07:00 AM.


#5 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 07:41 AM

It sounds like revo is having a running battle with the virus (does it continue indefinitely? If so try running rkill, tell us what it reports


Ran as ba on 07/14/2010 at 5:35:25.

Processes terminated by Rkill or while it was running:

D:\Documents and Settings\ba\Desktop\rkill.com

Rkill completed on 07/14/2010 at 5:35:35.

which i guess it translates to "nothing" and yes, the "revo struggle" never stops

Edited by dumb_blond, 14 July 2010 - 07:42 AM.


#6 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 07:59 AM

hmm that means Rkill didnt find the virus

however that doesnt mean it isnt still there or active in the guise of a legitimate process it has infected

you can see the exe in task manager?

#7 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 08:21 AM

oh is there and windows never stops "thinking" here are some pics of the error mess: http://picasaweb.google.com/lh/photo/flAwW...feat=directlink

and this is how it looks in HijackThis: http://picasaweb.google.com/lh/photo/z1bP4...feat=directlink

Edited by dumb_blond, 14 July 2010 - 08:26 AM.


#8 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 08:35 AM

Hmm can you safeboot and put an av product on?

#9 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 09:57 AM

i'm not sure i know what a "safeboot" is (there was a reason I chose dumb blond for a "stage name :D) but this is what i did. after reading some similar posts on different forums i decided to install AVAST.

The scan is still running but the weirdest thing is happening i have over 4000 infected items so far. why is this weird? well i have two OS one on C and one on D (where the gg...exe is). on C i have NOD (a payed corporate license) which scanned both drives yesterday and cleaned all there was to be clean in its point of view. still now AVAST shows me over 4000 items (both on C and D) aren't they "one two many" given the fact that i only got to use the internet for a few hours (visited sites: google, yahoo, gmail, facebook, softpedia, and a few more IT and virus related site/forums)

now that the scan has finished i know for sure something is not right all .exe files are listed as threats including its own set-up file.
Now I get something else ... tried AVIRA Personal last night and it did something similar (listing all .exe files on both drives as threats) i though it was smth wrong with Avira but ... i'm obviously doing smth wrong here and i have absolutely no clue what that something is ...

Edited by dumb_blond, 14 July 2010 - 10:07 AM.


#10 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 10:28 AM

are all reports ggktpfg? (or indeed any?)
and is NOD up to date?

#11 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 10:40 AM

yes NOD is up to date but for whatever reason i could not connect to the internet from that drive which is how i got to this one that did not have an AV on it.
as for the scan-log ironically i think all legitimate .exe on this damn laptop are there but no ggk...exe.
to make things worst this scan makes me think that I have this: http://www.bleepingcomputer.com/forums/t/255916/all-exe-files-are-infected-viruswin32virutce/

my problem is i didn't have the chance to crate a restore point this thing got to me in less than 30 minutes and i really don't know how ... i mean i may be blond but not that god damn blond ... i cannot imagine what i could have clicked to get it

Edited by dumb_blond, 14 July 2010 - 10:46 AM.


#12 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 10:56 AM

ok well superantispyware kills ggktpfy.exe, you can find instructions on this site here:
http://www.bleepingcomputer.com/virus-remo...pyware-tutorial
as a first step

Also, when the AV software reported the (4000) infections, what did it say the infections were? (if you look at the link you gave, yes the user had a lot of infections, however, they were allreported as being that specific virus)

Edited by Cheredanine, 14 July 2010 - 11:02 AM.


#13 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 11:07 AM

well ... i doubled check by using ESET scanning on line and did the same thing listing all .exe as infected (eventually i stopped the scanning) and according to them i'm the proud owner of "Win32/Virut.NBP virus"

Edited by dumb_blond, 14 July 2010 - 11:08 AM.


#14 Cheredanine

Cheredanine

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 14 July 2010 - 11:20 AM

Ouch, then i refer you to blades response to the thread you linked, however I do find this odd if I understood correctly, that you had recently rebuilt the machine and only had a brief Internet session, usually it takes my teenage boy longer than that to get something that nasty. I would still suggest running SAS, the gg virus is classed by many av companies as being in the FAKEALERT family, I find it interesting that av products run from your clean (NOD) of this infection machine report both disks clean and av products run from the machine infected with FAKEALERT give lots of alerts.

Edited by Cheredanine, 14 July 2010 - 11:27 AM.


#15 dumb_blond

dumb_blond
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Location:romania
  • Local time:07:17 AM

Posted 14 July 2010 - 11:28 AM

i have no idea how stupid this sounds but i'm going to ask anyway ... could you pls translate "running SAS"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users