Gphone is a recent virus that has troubled many of us. It is basically a trojan. it changes your Internet explorer homepage and repeatedly tries to open gtalk and yahoo messenger. If you are logged in to either gtalk or yahoo messenger, it tries to send message to all your buddies. It creates fake folders inside every folder of the same name as the folder itself, but the fake folder is an image of the virus. When you click on it you get infected.
What does it do?
It basically changes some registry entries. You need to reset them to stop the virus' function, and then delete all the folders created.
Steps to remove Gphone
Go to start menu, press run, in the box type regedit, and press enter. The registry editor will open. You just have to modify the registries as given below.
What does it do?
It basically changes some registry entries. You need to reset them to stop the virus' function, and then delete all the folders created.
Steps to remove Gphone
Go to start menu, press run, in the box type regedit, and press enter. The registry editor will open. You just have to modify the registries as given below.
| Registry Modifications |
- The following Registry Keys were created:
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
- The newly created Registry Values are:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
- NofolderOptions = 0x00000001
to remove the Folder Options item from all Windows Explorer menus and from Control Panel
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
- DisableTaskMgr = 0x00000001
- DisableRegistryTools = 0x00000001
to prevent users from starting Task Manager (Taskmgr.exe) to disable the Windows registry editors (Regedt32.exe and Regedit.exe)
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Yahoo Messengger = "%System%\gphone.exe"
so that gphone.exe runs every time Windows starts
- The following Registry Values were modified:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
- Default_Page_URL = "http://rnd009.googlepages.com/google.html"
- Default_Search_URL = "http://rnd009.googlepages.com/google.html"
- Search Page = "http://rnd009.googlepages.com/google.html"
- Start Page = "http://rnd009.googlepages.com/google.html"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
- Shell = "Explorer.exe gphone.exe"
so that gphone.exe runs every time Windows starts
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
- Start Page = "http://rnd009.googlepages.com/google.html"
