Hey everybody,

I just finished removing a pair of new malicious programs from a client's computer. (Windows XP)

Info:  Basic adware, and an unknown.  Norton insight shows both as less than 1 week old.  Fairly low impact, but used 50% of cpu.  Ads ranging from free credit checks to potentially false virus removal programs.  Unknown URLs.  Unknown if only limited to adware.

#1 Files:  "Gn1.exe" located in temp internet files.  Also there was a GN1.exe reference in Windows Prefetch.  There were 2 or 3 references in the registry, 1 in end folder "Run."  (sry, lost my location list).  Easily found by searching "GN1" in regedit. 

#2 Files:  "gguraa.exe"  located in the windows directory.  Also a reference to gguraa in windows prefetch.  No registry references found.  Used up average 30% cpu, unknown effects on the system. 

Removal -

Open taskmgr, shut both programs down using end process tree.  Use find to search for GN1.  Be sure the "search hidden" is checked.  Once found (should be 2 files, gn1.exe and a prefetch that has something about gn1.exe in it) delete.  Open regedit, search for gn1.  Delete any reference to "gn1.exe."  Only delete if it says "gn1.exe".  Repeat file search, check taskmgr again.

Verify gguraa.exe is not running.  Use find to search for GGURAA.  There should be 2 files, one in prefetch, 1 in windows directory.  Delete both.  Search gguraa in regedit.  I did not find anything in registry, but if you find "gguraa.exe", delete it. 

Make sure to search ALL of registry, using f3 until you get "Finished searching Registry."

I have not seen the programs return after restarting.