Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello - Appreciate this forum.
I have been infected with the Gpix Trojan, and it appears to have done irrepairable damage to my system. I am only able to reach the wall paper of Windows 98 at which point it stops, no files open and there is no way to access them.
I receive the typical Gpix error message: "E47250 MPEG Error etc.."
I have no access to the CD ROM and can only work in DOS via the floppy drive.
Any suggestions on how to solve this problem before cleaning the whole disc - I really hate to lose all of my files if I can avoid it.
At the end of my rope here, but appreciate this resource, learned a lot and identified the problem.
Thanks
JB
Hello, mesich. Hey, JB. (same as J_Me?)
Someone posted about a page back on the "error code" popping up. Some more digging revealed that McAfee has it under the alias Gpix, without a discovery date.
http://hq.mcafeeasap.com/dispTrojan.asp?virus_k=100247
I still haven`t located an instance from Symantec (the "authority" of virii?), though (unless named differently).
You may be able to plunk it out inside of DOS, by looking inside of your WINDOWS/SYSTEM directory for the filename shellexpl.exe (or SHELLE~1.exe, as you`ll be seeing it as), delete it, then find the following .ini files:
hndldt.ini
winhndl.iniFrom there, I would follow the paths that McAfee have there, and try to delete any other instances that try to boot up the recently deleted files.
If that doesn`t work, I would try to backup the files you can save, copy to another HDD (all inside of DOS) and unconditionally format (C:\>FORMAT C: /U) the drive from there.
0 
Thanks so much - really appreciate it.
Wonder if you could give me the specific DOS commands? I am a bit of a neophyte.
Thanks again
JB
0
downlaod a linux bootable disk and rescue your files or just borrow a linux distro and install it.Then go in and grab you files
0
Hi everyone,
Start the computer with the bootdisk.
At the A:\>type C: press [Enter]
C:\>type cd windows [Enter]
C:\Windows\>type cd system
C:\Windows\system\>type del shelle~1.exe
Restart the computer.
Good Day!
Mesich
0
I've been wrestling with this exact problem for a few days, with suggestions from mcafee and others...W98, with mcafee antivirus installed...but the trojan got in somehow...i've tried deleting from system file as suggested, but no joy...also tried to run a CD mcafee said would fix 2950xdat.exe, but dos response was file can't be loaded...someone suggested trying free s/w executable from 'adaware'?..still researching....may be premature, but if we reach point where nothing seems to be able to execute from dos to clean this, can I simply 'clear' (painful of course) my hd and then re-install W98?...files on hd not that critical, most backed up...would it take a computer pro to do? I'm ok with computers, and can fol directions pretty well, and can do dos stuff if clearly directed...thanks for any help
0
Before doing drastic actions, check this site:
http://www.mvps.org/inetexplorer/darnit_2.htm
0
Thanks so much for the info and the site...sounds very promising...won't be able to try until at home tonight from work...appreciate your patience with following ?s....the Knox "cleaner" file is 1.2M, which I'm hoping means I can copy to a floppy, start my pc from a restart disk, which brings me to a: and then insert the 'cleaner' file? or do I do the following, in which case I'm not really sure how to do...consider me willing, able to fol dir, but not close to your or Mr. Knox's league..again, help is great and much appreciated...
(Mr. Knox's work and descr follows)
DOS VERSION: If your system will not boot, even into safe mode, you can use this version to remove the virus. Extract the contents of the GPIXFIX_DOS.ZIP file to your Win9x/Me Startup disk, and use it to boot the computer. At the A: prompt, type NOVIRUS.BAT. The BAT file deletes the associated files and registry entries.
0
Found another variant of Gpix, what it does, it replaces the Explorer.exe file, in which Windows boot up, to the E47250 screen. This variant is about 312K in size, less than the 500K, and the tale tell signs is that shelle~1.exe is the same size as the Explorer.exe. To solve this, boot into DOS with a floppy, and just delete both files, be sure original Explorer.exe still exist in Windows. Keep a copy on a floppy before deleting incase, you delete the right Explorer file. Hope it works as it did me. Good luck.
0
I'll give that a try tonight...last night I copied the files that Mr.Knox had developed onto my start/boot disk, got to a:, then ran the novirus.bat, but it did not fix my, perhaps idiosyncratic, gpix...and it could easily be pilot error my part...is there something about the way i copied to boot disk and worked from there that sounds like I goofed?...this is a great site, thanks for help...and i'll try the approach that costis offers in resp 10 tonignt...thanks
0
Costis was correct in saying there is a variant of the GPIX. I resolved my problem by simply deleting the duplicate explorer file, but be careful, and have the actual explorer file backed up in case you delete the wrong one. Luckily in my case it deleted the last one created which was the the infected file. In DOS its
C:\>DEL EXPLORER.exe Good luck!!
P.S. Thanks costis for the tip it really helped!!!!!
0  |
 not a valid WIN32 applica...
|
Partition types
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
