I have a problem with the gy.exe, I inadvertently deleted it. Now, I dont know what was it used for. Can anyone tell me if it was important or not. And if it was important then how do I get it back. Thank you
Printable View
I have a problem with the gy.exe, I inadvertently deleted it. Now, I dont know what was it used for. Can anyone tell me if it was important or not. And if it was important then how do I get it back. Thank you
GY.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- This Process Deletes Other Processes From Disk
- This process creates other processes on disk
- Creates a new Background Service on the machine
- Writes to another Process's Virtual Memory (Process Hijacking)
- Executes a Process
- Injects code into other processes
- Copies files
- Registers a Dynamic Link Library File
- Loads and Executes a System Driver File
- Creates system tray popups, messages, errors and security warnings
So it is better that it has been deleted.
Please wait until asked, before running Combofix.
Run this script, PC will reboot:
Then, run this one:Code:begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('c:\windows\system32\nmdfgds1.dll','');
QuarantineFile('c:\windows\system32\olhrwef.exe','');
QuarantineFile('c:\windows\system32\nmdfgds0.dll','');
QuarantineFile('C:\gy.exe','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\gy.exe');
DeleteFile('c:\windows\system32\nmdfgds0.dll');
DeleteFile('c:\windows\system32\olhrwef.exe');
DeleteFile('c:\windows\system32\nmdfgds1.dll');
RegKeyDel('HKCU','Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such asCode:begin
CreateQurantineArchive('c:\quarantine.zip');
end.
http://rapidshare.com/ Then, Private Message me the download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by:
pause Kaspersky > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok. Restart Kaspersky.
Also, if you use Windows System restore, turn it off > reboot and do a full scan with Kaspersky. Then turn system restore back on, if you wish; this to remove malware
from system volume information files.
Scan with SuperAntiSpyware: http://www.superantispyware.com/ and post it's log, but please don't fix anything until the log is reviewed.
Gy.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.
It is recommended that you remove any malicious software such as Gy.exe from your computer immediately. Below is our recommended removal tool for Gy.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.
Download the removal tool if it comes back again.