United States
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Norton 360

Reply
Topic Options
jigneshdesai
Contributor
jigneshdesai
Posts: 28
Registered: ‎08-31-2011
Accepted Solution

Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-28-2012 06:57 AM

How can i forcefully remove  above registery key created by some virus.

I tried to boot vista in command prompt and tried to move key, but it still denies to remove key.

 

NotronError2.jpg

 

 

Please Advice.

 

Report Inappropriate Content
Message 1 of 10 (1,151 Views)
0 Kudos
huwyngr
Posts: 18,987
Topics: 906
Kudos: 2,331
Solutions: 337
Registered: ‎04-13-2008

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-28-2012 02:39 PM

Is this part of the same problem that you posted about just 1 minute previously?



Hugh
Report Inappropriate Content
Message 2 of 10 (1,139 Views)
0 Kudos
jigneshdesai
Contributor
jigneshdesai
Posts: 28
Registered: ‎08-31-2011

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-28-2012 09:18 PM

Yes, I had submitted fiew files to norton  and they reported

 

File: 886100.dll Machine: Machine Determination: This file is detected as 'Backdoor.Trojan, ' with our existing Rapid Release definition set. URL: http://www.symantec.com/avcenter/venc/data/backdoor.trojan.html

 

Now I wonder why norton 360 left those files on my c:\

should not it catch and delete them?

 

which means norton did not performed well.

 

Now can anyone help me to remove this registery and its related registry entries.   I also see a service that is added in services control panel and i am unable to remove that too.

 

Regards

 

 

Report Inappropriate Content
Message 3 of 10 (1,129 Views)
0 Kudos
jigneshdesai
Contributor
jigneshdesai
Posts: 28
Registered: ‎08-31-2011

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-28-2012 10:04 PM

Even after installing symrapidreleasedefsv5i32.exe  as suggested.

 

The registry keys still exists and has not been removed.

 

Kindly Advice.

Report Inappropriate Content
Message 4 of 10 (1,123 Views)
0 Kudos
dbrisendine
Posts: 5,562
Kudos: 1,282
Solutions: 263
Registered: ‎10-06-2008

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-28-2012 10:56 PM

You have to take ownership of the Legacy key in order to remove it.

 

Right click on the key and select Permissions.  Click ADD and add your user name and click OK.  Click ADVANCED and select the tab for OWNER; select your user name you just added and click APPLY.  Select your user name on the main permission window and (in the bottom window) click on FULL CONTROL in the Allow column.  Click APPLY on the main window (and OK if it does not close automatically).  Do the same for any sub-branches (keys) under the main key.

 

Right click and select delete to remove the key(s).

 

Report Inappropriate Content
Message 5 of 10 (1,116 Views)
jigneshdesai
Contributor
jigneshdesai
Posts: 28
Registered: ‎08-31-2011

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-29-2012 12:15 AM

Excellent. The Registery Key is removed Successfully.   ThankYou.

 

But yet another problem remains.   [see attached screenshot]

This is the service entry created by the same virus.  I tried to delete that entry using "sc delete" command

but it did not worked.  ( I do was at cmd prompt opened using "run as administrator" )

 

I suspect there are other registery reference that is holding this service entry.  so i want to do two things

1. Force remove the service.

2. Want to know how to search all references of the service in registery and manually deleting them.

 

Regards

 

 

N360-Virus1.jpg

Report Inappropriate Content
Message 6 of 10 (1,108 Views)
0 Kudos
dbrisendine
Posts: 5,562
Kudos: 1,282
Solutions: 263
Registered: ‎10-06-2008

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-29-2012 12:47 AM

You can remove the service from the registry by going to ControlSet > services and searching for the name of the service.  You will have to change the permissions as you did to remove the Legacy key.  Make sure you search through all numbered ControlSets (i.e. - ControlSet001, ControlSet002, etc.).  You do not have to do the CurrentControlSet as long as you do all the numbered ones first.

Report Inappropriate Content
Message 7 of 10 (1,101 Views)
jigneshdesai
Contributor
jigneshdesai
Posts: 28
Registered: ‎08-31-2011

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-29-2012 01:39 AM

To my fellow Norton 360 Users.    I am trying to remove virus form my PC and i am putting some information that I come accross to help someone who is similar victim like me.

 

 

N360-Virus2.jpg

 

 

 

Regards

 

 

 

Report Inappropriate Content
Message 8 of 10 (1,090 Views)
0 Kudos
jigneshdesai
Contributor
jigneshdesai
Posts: 28
Registered: ‎08-31-2011

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

[ Edited ]
Options

‎05-29-2012 02:03 AM - edited ‎05-29-2012 02:09 AM

To my fellow Norton 360 Users,

Here is another screen shot of this virus's registry entry, that you should remove.

 

Not sure what "FailureActions" key does, but I personally would be interested to know what "value data" is about.

Also what " svchost.exe -k imgsvc "  is all about ?

 

Regards

 

N360-Virus3.jpg

 

 

N360-Virus4.jpg

 

 

Finally after removing all these registry entries.  I was able to remove Service entry from services.

using     sc  delete "Gcxxkf Laufnipi Gbd".

 

 

Good Luck Friends.

 

 

 

 

 

 

 

Report Inappropriate Content
Message 9 of 10 (1,087 Views)
0 Kudos
Quads
Bot Obliterator
Quads
Posts: 13,250
Registered: ‎07-21-2008

Re: Unable to remove registry key LEGACY_GCXXKF_LAUFNIPI_GBD Suspected to be created by virus.

Options

‎05-29-2012 02:09 AM

jigneshdesai wrote:

To my fellow Norton 360 Users,

Here is another screen shot of this virus's registry entry, that you should remove.

 

Not sure what "FailureActions" key does, but I personally would be interested to know what "value data" is about.

Also what " svchost.exe -k imgsvc "  is all about ?

 

Regards

 

 

"Not sure what "FailureActions" key does, but I personally would be interested to know what "value data" is about.

Also what " svchost.exe -k imgsvc "  is all about ?"

 

Simple answer, do not play with what you know nothing about,  opps deleted a key or file and now Windows or a program won't run / load properly.

 

Quads

Report Inappropriate Content
Message 10 of 10 (1,083 Views)
0 Kudos

Products

Services

Support

Norton on Facebook
Norton on Twitter
Norton's YouTube Channel
Symantec on Linked In
Norton on Google+