Wednesday, September 23, 2009

Gphone.exe

Overview

gphone.exe is a malware-associated executable file. Legitimate executable files are used to launch programs in Windows. Malware-associated executable files are automatically run from registry autorun locations and the Windows startup folder to execute malicious code.

Check whether gphone.exe is present in the following locations:

  • C:\WINDOWS\system32\gphone.exe


HOW TO REMOVE GPHONE.EXE
  1. To enable deleting the gphone.exe file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select gphone.exe and click End Process.

  2. Using your file explorer, browse to the file using the paths listed in Location of gphone.exe and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of gphone.exe and Associated Malware.
Notes:
  • The deletion of gphone.exe will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
  • The deletion of gphone.exe will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

To remove all registry references to a malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type FILENAME (gphone.exe). The name of the first found registry value referencing gphone.exe is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to gphone.exe, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of gphone.exe and Associated Malware.

DO IT IN SAFE MODE.


BACK TO HOME
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)