Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Galileo System Cleaner Removal


  • Please log in to reply
4 replies to this topic

#1 mzahneis

mzahneis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 15 June 2011 - 09:40 AM

Yesterday, I became simultaneously infected with XP Antivirus 2012 and Galileo System Cleaner viruses. XP Antivirus was pretty easy to remove. I entered a fake registration key to stop the pop-ups, then removed the registry entries, ran rkill to stop the processes and then ran malwarebytes to remove the software. I think it's gone.

But then Galieleo took over. (Galileo was there the whole time. I saw it in the systray, but I guess it was happy to play second fiddle to XP Antispyware 2012). This has proved to be harder to remove. rkill doesn't seem to do anything. And malwarebytes comes back clean. But I'm still getting constant pop-ups. There's not nearly as much buzz out there on how to remove Galileo.

Help?

BC AdBot (Login to Remove)

 


#2 dilhanw

dilhanw

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 15 June 2011 - 08:32 PM

Same identical problem to Mzahneis.....XP antivirus 2012 was easy to remove....But Galileo still remained...and Galileo is not even allowing me to log in safe mode...Explorer is also blocked by the malware. Any help to remove this would be appreciated

#3 mzahneis

mzahneis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 16 June 2011 - 12:50 PM

Not gone, but better...

One of the symptoms is that it wouldn't let Taskmgr run for more than about 30 secs. But in that time, I noticed a process called systemcleaner.exe running. I found it under c:\program files\galileo (so obvious, I hadn't even looked before). Since I couldn't kill it via taskmgr, I killed it via the taskkill command at the command prompt. I had to use the \f parameter, or it would say it killed it, but it wouldn't really. So it was 'taskkill \f \im systemcleaner.exe'.

Once I did this, I could delete the directory c:\program files\galileo. There was also a link in the startup folder that had to be removed.

Doing all this seems to have stopped all the symptoms, though I still fear there's something lurking.

#4 Jambogoz

Jambogoz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 17 June 2011 - 05:01 AM

I've got the same thing.

I'll try Mzahneis suggestion in the meantime but any further help would be greatly appreciated.

#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:03:15 AM

Posted 25 June 2011 - 04:12 PM

Hi dilhanw and Jambogoz,

If you each still need help, please each start a new topic here: http://www.bleepingcomputer.com/forums/forum103.html by clicking on the "Start New Topic" button on the right side of the page.

Please also follow these instructions Before You Post About A Problem :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users