Does My Computer Have A Virus? Gbplugin
Hi,
I'm worried I've downloaded a virus from an email and I'd be very grateful if anyone has any information that might help me. I'm not great with computers...
I received an email a few days ago that appeared to be from a friend. I opened it and clicked on a link and nothing appeared to happen. I thought nothing of this until the next time I logged into my computer and it was very slow. When I eventually got in I logged into my hotmail account and realised that the same email I had been sent had been sent from my hotmail account to all the contacts in my address book a number of times. A list of my contacts and my login details had been sent in separate emails to a googlemail address (newblack300@gmail.com). I furthermore realised that my virus protection software (avast) had been uninstalled.
After reinstalling avast I did a scan but it didn't find anything. I had a look at programmes that had been recently modified and found one called gpplugin along with various related programmes. I couldn't delete this to begin with but have somehow managed to do so now.
I'm worried though that there is still something wrong. Whenever I boot up my computer and log into windows I get a message telling me that one of the files that I deleted cam't be found. I suppose this is positive in one way, but it also makes me think that there is a virus still there that is trying to use this file. I can't see anything under the processes tab...
If you can help I'd be extremely grateful!
Many thanks,
Iain
Comments
-
Hi,
I'm worried I've downloaded a virus from an email and I'd be very grateful if anyone has any information that might help me. I'm not great with computers...
I received an email a few days ago that appeared to be from a friend. I opened it and clicked on a link and nothing appeared to happen. I thought nothing of this until the next time I logged into my computer and it was very slow. When I eventually got in I logged into my hotmail account and realised that the same email I had been sent had been sent from my hotmail account to all the contacts in my address book a number of times. A list of my contacts and my login details had been sent in separate emails to a googlemail address (newblack300@gmail.com). I furthermore realised that my virus protection software (avast) had been uninstalled.
After reinstalling avast I did a scan but it didn't find anything. I had a look at programmes that had been recently modified and found one called gpplugin along with various related programmes. I couldn't delete this to begin with but have somehow managed to do so now.
I'm worried though that there is still something wrong. Whenever I boot up my computer and log into windows I get a message telling me that one of the files that I deleted cam't be found. I suppose this is positive in one way, but it also makes me think that there is a virus still there that is trying to use this file. I can't see anything under the processes tab...
If you can help I'd be extremely grateful!
Many thanks,
Iain
Yep, sounds like some form of malware, try this. Boot into Windows hit Start->Run and type "msconfig" (without the quotes) when the window opens click the tab marked "Services". Near the bottom, check the box that says "Hide All Microsoft Services" now, look at the remaining entries, if the Service column displays "gpplugin" uncheck it's box so that it won't start up with Windows on reboot.
Now click the tab marked "Startup" look for the same deal as described before and uncheck it's box if it exists. Click the "apply" button then click the "OK" button, opt to reboot when asked and see if that makes a difference. You may also want to contact the people on your mailing list to confirm they were sent a poisoned attachment, if so, apologize profusely and let me know if this made a difference.
If so i'll walk you through the regedit process to remove any references from the registry.0 -
Yep, sounds like some form of malware, try this. Boot into Windows hit Start->Run and type "msconfig" (without the quotes) when the window opens click the tab marked "Services". Near the bottom, check the box that says "Hide All Microsoft Services" now, look at the remaining entries, if the Service column displays "gpplugin" uncheck it's box so that it won't start up with Windows on reboot.
Now click the tab marked "Startup" look for the same deal as described before and uncheck it's box if it exists. Click the "apply" button then click the "OK" button, opt to reboot when asked and see if that makes a difference. You may also want to contact the people on your mailing list to confirm they were sent a poisoned attachment, if so, apologize profusely and let me know if this made a difference.
If so i'll walk you through the regedit process to remove any references from the registry.
Many thanks for your reply. No references to gbpluggin under the services or startup tabs I'm afraid... There a number of items that aren't immediately recognisable though. I presume if something is running on my computer that shouldn't be then it should appear under these tabs?
Yep, everyone on my contact list has the email (about 10 copies each...). The apology emails have already gone out!0 -
Many thanks for your reply. No references to gbpluggin under the services or startup tabs I'm afraid... There a number of items that aren't immediately recognisable though. I presume if something is running on my computer that shouldn't be then it should appear under these tabs?
Yep, everyone on my contact list has the email (about 10 copies each...). The apology emails have already gone out!
How about taking a screen shot of the services and startup tab items, or just type them out, i could attempt to look for suspicious entries that way.
By the way, the errors/prompts you get on boot up, what are they saying?0 -
How about taking a screen shot of the services and startup tab items, or just type them out, i could attempt to look for suspicious entries that way.
By the way, the errors/prompts you get on boot up, what are they saying?
Ok, here's a screen shot of my desktop after booting up with the error message:
And here are screen shots of my services tab:
/applications/core/interface/file/attachment.php?id=1823" data-fileid="1823" rel="">services_1.bmp
/applications/core/interface/file/attachment.php?id=1830" data-fileid="1830" rel="">services_2.bmp
/applications/core/interface/file/attachment.php?id=1824" data-fileid="1824" rel="">services_3.bmp
/applications/core/interface/file/attachment.php?id=1825" data-fileid="1825" rel="">services_4.bmp
/applications/core/interface/file/attachment.php?id=1826" data-fileid="1826" rel="">services_5.bmp
/applications/core/interface/file/attachment.php?id=1827" data-fileid="1827" rel="">services_6.bmp
/applications/core/interface/file/attachment.php?id=1828" data-fileid="1828" rel="">services_7.bmp
/applications/core/interface/file/attachment.php?id=1829" data-fileid="1829" rel="">services_8.bmp
And my startup tab:
/applications/core/interface/file/attachment.php?id=1831" data-fileid="1831" rel="">startup_1.bmp
/applications/core/interface/file/attachment.php?id=1832" data-fileid="1832" rel="">startup_2.bmp
Thanks again, much appreciated!
Iain0 -
Sorry, but none of the screenshots are present on the server. It would be very helpful for both me and you if you could re-attach them to a new post.
Cheers!0