Infostealer.gampass - can't remove it

Hi!

 

I have a pc running windows XP and Norton Internet Security online.

 

I have a weekly full scan of the system and this last time this Infostealer.gampass was found in the system.

 

Norton can't remove this file, so I tried to follow the instructions on this page

 

http://www.symantec.com/security_response/writeup.jsp?docid=2006-111201-3853-99&tabid=3

 

which is where norton links me to after clicking on the "review" button on the results page after the full scan.

 

I can do up to step 3 of these instructions, but on the last one where I need to change the REgistry, I can't find anything to delete.

 

Please help! This is my work computer infected and I am at the moment working on a laptop (which is clean).

 

Thanks!

 

 

No.. the other one was another laptop at home.. this one is my PC at work

Hi!

 

I have a pc running windows XP and Norton Internet Security online.

 

I have a weekly full scan of the system and this last time this Infostealer.gampass was found in the system.

 

Norton can't remove this file, so I tried to follow the instructions on this page

 

http://www.symantec.com/security_response/writeup.jsp?docid=2006-111201-3853-99&tabid=3

 

which is where norton links me to after clicking on the "review" button on the results page after the full scan.

 

I can do up to step 3 of these instructions, but on the last one where I need to change the REgistry, I can't find anything to delete.

 

Please help! This is my work computer infected and I am at the moment working on a laptop (which is clean).

 

Thanks!

 

 

Hello..

 

No it is not the same computer... the other one was my husband's laptop.. this one with the current problem now is the PC I use to work...  :-(

Amanara:

 

Would you have a look in History>Unresolved Threats>click on what is there and then More Details to see if a path is specified.

 


delphinium wrote:

Amanara:

 

Would you have a look in History>Unresolved Threats>click on what is there and then More Details to see if a path is specified.


 

 

Did you run a full system scan again. Are you sure that the infected file is not already removed? Also, as suggested by delphinium have a look at the unresolved threats list.

Hello again,

 

I ran a full system scan overnight, and infostealer.gampass is still there.

 

Looking at security history, the only thing stated is "detection of infostealer.gampass" then "Submitted" in the Status column. When I click on "More Details"  in the actions box it states "No actions available for this item".

 

:-(

It would appear that Norton has found a file that is similar to infostealer.gampass and has sent it to Symantec for a second opinion.  Please advise what part of history this is in.  At the top of the history screen is a menu bar that you can click and specify Unresolved, resolved, quarantine, or Sonar activity.  Once you are in the right place, click on the threat notification and a button for more details will be available.  That will tell you where the file is in your system so you can decide what to do with it.

Hello Amanara

 

You could try running a full scan with the free version of Malwarebytes and see if that can find it.

 

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES

(Thanks to Delph for providing the alternative site)

Delphinium and Floplot,

 

Thank you so much for your replies!!

 

The situation now is as follows:

 

* I ran Malwarebytes and it removed one file called "rootkit",  then when I ran a full system scan again (with Norton) infostealer.gampass is still coming up. Before malwarebutes it would come up twice when doing a full system scan, now this Infostealer.Gampass appears only once.

 

*Looking in Security History (Unresolved Security Risks) infostealer.gampass appears there twice: a) 22.02.2010 -  virus scanner detected the virus and the status is "attention required"; b) 23.02.2010 - second time it was also detected by virus scanner with the same status "attention required".

 

Although, looking at quarantine in Security History, infostealer.gampass was removed three times:

 

a) 22/02/2010, Infostealer.Gampass detected by Virus Scanner and Status is "Removed"

 

b) 22/02/2010, Infostealer.Gampass detected by Auto-Protect and Status is "Removed"

 

c) 23/02/2010, Infostealer.Gampass detected by Virus Scanner, Status is "Removed"

 

Now, when I do a full system scan, it states that infostealer.Gampass "cannot be removed from an unsupported file" and Status "Remove Failed" and only action available is "Review", which is a link that takes me to the link I initially stated in my first post here.

 

Don't know what else to do :-(

 

 

Just one more piece of information:

 

When I click on details in Security History, it is stated that Infostealer.Gampass is in the following location:

 

[keygen.exe] inside of [edge.rar] inside of [c:\documents and settings\all users\documents\my music.000\paul\software-vsts etc\pioneer.hill.software.spectraplus.v50-edge\ecwwv01.zip]

 

I tried to go to this folder, but when I get all users, there is no folder called "documents" inside it. I have "show hidden files and folders" on.

 

 

Can you find it if you do a search under ecwwv01? Or the name of the software?

Hi again :-)

 

Just did a search and found the folder Pioneer.Hill.Software.SpectraPLUS.v5.0-EDGE  (whatever that is)

 

should I just delete the folder?

 

Thanks again

Yes.  Delete the whole folder.

Thanks!

 

I have done it and now will run a full system scan to make sure it is completely gone!

 

Many thanks for your help... Immensely appreciated :-)

 

Cheers