tubby linton

The anti-vrus (AVG) caught this on a friends laptop and then shortly afterwards the laptop owner could not get into the control panel,or get any of the system tools to run or even get on the internet.Can anybody offer any help please?

green granite

Cant find a lot but try reading:

BleepingComputer.com > ADSPY/Gdown - Help

tubby linton

Thank you for the link I but I had already found that one! The problem is that shortly after this bug was discovered on the computer,the owner could no longer get many of the computer functions to work,such as firefox,system restore ,control panel etc.

Mike-Bracknell

Boot into safe mode with command prompt, and try executing things like Malwarebytes from there....as these new rootkit viruses seem to hook into windows Explorer, and the command prompt variant of safe mode appears not to let these processes execute immediately. Hence you need to be fairly savvy with your DOS commands (not too difficult for someone in the business with a memory), but as long as you stick to these instead of trying to use the windowed versions, you should be able to successfully initiate a MBAM scan. However, you'll need to update MBAM first though.

tubby linton

Thank you for the advice.I have managed to remove this nasty bug,but it took a very long time!

frostbite

Am I being naive in thinking that AVG should have stopped it in the first place?

tubby linton

Avg did find it ,but I do not know what the owner did after it was discovered.I would suspect that the owner may have ignored the warning or the virus started to do damage as soon as it had been downloaded.

Tarq57

If you have time, what did you have to do to kill/remove it?

tubby linton

The big problem was trying to get the machine to respond. I knew from the avira log that the bug had been found on the 3rd so I tried to do a system restore to a date before that.By booting into safe mode I managed to get it back to a system checkpoint before the infection and then I had avira rescan the whole system.It found the bug again and removed it.I downloaded tools onto a stick from another computer and then installed them on the machine I also used another anti malware tool to scan it again.I scannned it in safe mode and again when I rebooted it in normal mode.
If you ever have this problem there are a number of topics to read if you search for "cannot access control panel or system restore".I am not an it professional so I was just following the advice from the various websites to remove this virus.
There is not a lot of info about the actual bug but I think that it was a rootkit.Some of them are getting very nasty and stop you even running the anti malware tools.

Tarq57

Thanks for that, tubby. Well done. You're a bit lucky system restore worked.

Just out of interest, read an article that said there's been a 585% increase in rogues in the first 6 months of this year.
I was involved (peripherally) on another forum with helping someone to try and remove pretty much a "zero-day" rogue antimalware. Poor bu@@er hasn't got access to the control panel, any system tools, can't boot into safe, no .exe will run, with a message saying "..has been disabled by the administrator..." and nothing he had detected it before it went belly up. His AV has now been disabled. I think he's either looking at a BART cd, or a format/reinstall.

This sort of thing just reinforces the idea that it is a very good idea to disable (or prompt) for scripts to be allowed to run in any browser.
Among other GOP's.

tubby linton

For the record the file was:
GTDownDE_87.ocx

Having surfed the net a number of sites have reports of problems with this file.
This site probably offers the best advice:
Bleeping Computer - Computer Help and Discussion