Gphone.exe

Malware removal

Gphone.exe is a file that an instant-message worm infects. This worm spreads through Google chat and Yahoo! Messenger. This “” worm disables your antivirus security software, and downloads more crapware onto your PC.

I’m sure identity theft sounds like a fun weekend, but if you’d rather spend your weekend otherwise — church? Family? Strip club? — I can show you how to get rid of that infected file for free.

messages read:

There is in the worst of fortune the best of chances for a happy change
There is only one way to happiness and that is to cease worrying about things which are beyond the power of our will
The wisest mind has something yet to learn
The wise man in the storm prays God, not for safety from danger, but for deliverance from fear
Happiness is a choice that requires effort at times
Action may not always bring happiness; but there is no happiness without action
Happiness is not a destination. It is a method of life
The best way to cheer yourself up is to try to cheer somebody else up
If you want truly to understand something, try to change it
I am a strong believer in luck and I find the harder I work the more I have of it
View my webcam (private) [LINK]

Block sites:

http://rnd009.googlepages.com/

Remove Gphone.exe Now

Download SpyHunter


Read our review
.

Stop Gphone.exe processes:

%Windir%gphone.exe
%System%gphone.exe
%System%DEFAULT_NOT_SET.exe
C:Documents and SettingsAll UsersDesktopgphone.exe
%Temp%gphone.exe
%System%gphone.exe
%DriveLetter%New Folder.exe
%DriveLetter%gphone.exe
[ROOT FOLDER]New Folder.exe
[ROOT FOLDER]gphone.exe

Get rid of files:

%DriveLetter%autorun.inf
%Windir%TasksAt1.job
[ROOT FOLDER]autorun.inf
C:disk.txt
%System%autorun.ini
%System%setting.ini
%Temp%log_[TIME AND DATE].txt

Delete registry keys:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerWorkgroupCrawlerShares”shared” = “[ROOT FOLDER]New Folder.exe”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun”Yahoo Messengger” = “%System%gphone.exe”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon”Shell” = “Explorer.exe gphone.exe”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSchedule”AtTaskMaxHours” = “0″
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSchedule”NextAtJobId” = “2″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem”DisableTaskMgr” = “1″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem”DisableRegistryTools” = “1″
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer”NofolderOptions” = “1″
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain”Default_Page_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain”Default_Search_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain”Search Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftInternet ExplorerControl Panel”HomePage” = “1″
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel”HomePage” = “1″

DIY Gphone.exe Removal Instructions

Start by removing the above files. If you're not sure how to do this, refer to the instructions below.

Note: In any files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. (Not an iEuphemism for muth@fugg@#*!@.) So if you’re using Windows NT/2000/XP/7, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\NoahFence”).

How to Manually Delete Badware Files

Need some removing badware files help? No biggie. While you should only manually delete badware files if you're comfy editing your system, you'll find it's pretty easy. And probably really satisfying.

How to delete badware files in Windows XP/Vista/7:

  1. Click your Windows Start menu, then click "Search."
  2. A pop up will ask, "What do you want to search for?" Click "All files and folders."
  3. Type a badware file in the search box, and select "Local Hard Drives."
  4. Click "Search." Once the badware file is found, delete it.

How to stop badware processes:

  1. Click the Start menu, select Run.
  2. Type taskmgr.exe into the the Run command box, and click "OK." You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
  3. Click Processes tab, and find badware processes.
  4. Once you've found the badware processes, right-click them and select "End Process" to kill badware.

badware processes

How to remove badware registry keys:

Backup your registry before you edit it. Then...

  1. Click the Start menu, and click "Run." An "Open" field will appear. Type "regedit" and click "OK " to open up your Registry Editor. In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.
  2. Registry Editor opens as a two-paned window: the left side lets you select registry keys,the right side shows the values of any selected registry key.
  3. To find a badware registry key, select "Edit," then select "Find," and in the search bar type any of badware 's registry keys.
  4. When the badware registry key appears, to delete the badware registry key, right-click it, and select "Modify," then select "Delete."

Deleting badware Registry Keys

How to delete badware DLLs:

  1. Open the Start menu, and click "Run." Type "cmd" in Run, and click "OK." (In Windows 7, just type "regedit" into the "Search programs and files" box in the Start menu.)
  2. To change your current directory, type "cd" in the command box, press "Space," and enter the full directory where the badware DLL is located. If you're not sure where the badware DLL is located, enter "dir" in the command box to display a directory's contents. To go one directory back, type "cd .." in the command box and press "Enter."
  3. When you've found a badware DLL, type "regsvr32 /u SampleDLLName.dll" (e.g., "regsvr32 /u jl27script.dll") and press "Enter."

That's it. If you want to restore any badware DLL you removed, type "regsvr32 DLLJustDeleted.dll" (e.g., "regsvr32 jl27script.dll") into your command box, and press "Enter."

Did badware change your homepage?

  1. Select Start menu > Control Panel > Internet Options > General.
  2. Type your preferred home page's URL.
  3. Click "Use Default," "Apply," and "OK."