Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gui.exe


  • Please log in to reply
6 replies to this topic

#1 Koc

Koc

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:32 AM

Posted 04 September 2006 - 08:41 AM

http://www.bleepingcomputer.com/startups/GUI.exe-5218.html

it is not identified..

But if you look here:
http://www.liutilities.com/products/wintas...esslibrary/gui/

gui.exe is a process belonging to an advertising program by searchnugget.com. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.


BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:32 AM

Posted 04 September 2006 - 08:57 AM

# To actually delete the security risk:

* Click its file name (under the Filename column).
* In the Item Information box that displays, write down the full path and file name.
* Then use Windows Explorer to locate and delete the file.

If Windows reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer. Restart the computer in Normal mode.

# Delete: This option will attempt to delete the detected files. In some cases, the scanner will not be able to do this.

* If you see a message, "Delete Failed" (or similar message), manually delete the file.
* Click the file name of the risk that is under the Filename column.
* In the Item Information box that displays, write down the full path and file name.
* Then use Windows Explorer to locate and delete the file.

If Windows reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer. Restart the computer in Normal mode.

The above info was found on Symantec site for removal of the Adware.

http://www.symantec.com/security_response/...-99&tabid=3

Edited by buddy215, 04 September 2006 - 08:59 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Koc

Koc
  • Topic Starter

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:32 AM

Posted 04 September 2006 - 09:22 AM

Nice to see how its removed for the members who is infected with this :thumbsup:

But I thought if we maybe could add this file as adware to the startup list?

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:32 AM

Posted 05 September 2006 - 01:49 PM

I would need more information about where its located, what registry entry it uses, etc before we can add it to the database.

If you get that info I would be happy to add it.

#5 Koc

Koc
  • Topic Starter

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:32 AM

Posted 06 September 2006 - 08:54 AM

Hi Grinler :

http://www.symantec.com/security_response/...-99&tabid=2

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:32 AM

Posted 06 September 2006 - 12:34 PM

The gui.exe file does not appear to be a startup program though. According to the above link the only startup is:

"DNS" = "%CommonProgramFiles%\[FILE NAME].exe"

to the registry subkey:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

#7 Koc

Koc
  • Topic Starter

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In a very Dark Place
  • Local time:10:32 AM

Posted 08 September 2006 - 07:52 AM

oh okay




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users