Cannot eliminate trojan.gema

  • Thread starter Thread starter Virgil
  • Start date Start date
V

Virgil

I run windows XP and this morning my Norton AntiVirus informed me that I
have trojan.gema (as hvid.exe) and it cannot eliminate it; it isn't allowed
access. After going to the Symantec site I followed the instructions at:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html

I have not been able to rid my laptop of hvid.exe. It is still showing up
at C:\WINNT\system32\hvid.exe.

Does anyone have any suggestions as to what my next step should be? Any
advice would be appreciated.
 
Virgil:

Go into the XP Safe Mode and perform a full scan of your platform and clean/delete any
infectors.

Dave



| I run windows XP and this morning my Norton AntiVirus informed me that I
| have trojan.gema (as hvid.exe) and it cannot eliminate it; it isn't allowed
| access. After going to the Symantec site I followed the instructions at:
|
| http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html
|
| I have not been able to rid my laptop of hvid.exe. It is still showing up
| at C:\WINNT\system32\hvid.exe.
|
| Does anyone have any suggestions as to what my next step should be? Any
| advice would be appreciated.
|
|
 
Virgil:

Go into the XP Safe Mode and perform a full scan of your platform and
clean/delete any infectors.

Dave



| I run windows XP and this morning my Norton AntiVirus informed me
| that I have trojan.gema (as hvid.exe) and it cannot eliminate it; it
| isn't allowed access. After going to the Symantec site I followed the
| instructions at:
|
| http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.ht
| ml
|
| I have not been able to rid my laptop of hvid.exe. It is still
| showing up at C:\WINNT\system32\hvid.exe.
|
| Does anyone have any suggestions as to what my next step should be?
| Any advice would be appreciated.
|
|
Click to expand...
Dave,

Thanks for the info. I did as you suggested and got rid of the hvid.exe via
Norton. Then at start up I got two boxes: one said windows couldn't find a
start up program hvid.exe and the second said it could not find hvid.exe
and I should remove it from the registry. I ignored these since I don't
want to go playing in the registry files without direction. I took the time
to use a utility to remove some programs from running at start up and the
warning boxes were gone.

I also noticed in my add or remove programs that I had a new Hvid icon! I
couldn't uninstall it since it wasn't there anymore and I certainly didn't
have it previous to today. I ran Ad-aware and Spybot earlier; neither had
found Hvid.

Anyway, thanks again for the help!

Virgil
 
Virgil said:
I run windows XP and this morning my Norton AntiVirus informed me that I
have trojan.gema (as hvid.exe) and it cannot eliminate it; it isn't allowed
access. After going to the Symantec site I followed the instructions at:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.html

I have not been able to rid my laptop of hvid.exe. It is still showing up
at C:\WINNT\system32\hvid.exe.
Click to expand...

obviously you didn't actually carry out all the instructions on that
page... it tells you to reverse the changes that tojan.gema makes to
the registry and then restart... it even described earlier in the page
what those changes were... had you done that the trojan should not have
been running and you would not have gotten the "access denied" message...
Does anyone have any suggestions as to what my next step should be? Any
advice would be appreciated.
Click to expand...

from the other articles in this thread i see that you did finally get
rid of this, but still have some unwanted registry entries - revisit
the instructions on that page and you may be able to remove them...
 
obviously you didn't actually carry out all the instructions on that
page... it tells you to reverse the changes that tojan.gema makes to
the registry and then restart... it even described earlier in the page
what those changes were... had you done that the trojan should not
have been running and you would not have gotten the "access denied"
message...


from the other articles in this thread i see that you did finally get
rid of this, but still have some unwanted registry entries - revisit
the instructions on that page and you may be able to remove them...
Click to expand...

I did follow the procedure as outlined as per the registry and in fact
tried it again when it didn't work, but hvid was gone from the registry
or at least the area I had previously been to. I must have made an error
somewhere. I'll look for them again.
 
Back
Top