How to remove Gphone.exe

Wednesday, January 7th, 2009 at 2:59 am

Gphone.exe description

Gphone.exe is worm which spreads via instant messengers. It usually affects Yahoo! Messenger and Google Talk applications. Gphone.exe send a message and invites victims to visit a website. If clicked upon, the link actually delivers a copy of Gphone.exe infection. The worm delivers the following message:

“There is in the worst of fortune the best of chances for a happy change
There is only one way to happiness and that is to cease worrying about things which are beyond the power of our will
The wisest mind has something yet to learn
The wise man in the storm prays God, not for safety from danger, but for deliverance from fear
Happiness is a choice that requires effort at times
Action may not always bring happiness; but there is no happiness without action
Happiness is not a destination. It is a method of life
The best way to cheer yourself up is to try to cheer somebody else up
If you want truly to understand something, try to change it
I am a strong believer in luck and I find the harder I work the more I have of it
View my webcam (private) [LINK]”

Once it’s on board a computer, Gphone.exe blocks security tools. This enables Gphone.exe to download and install other malwares.

Get rid of Gphone.exe

How to manually remove Gphone.exe

To remove Gphone.exe spyware you must block Gphone.exe sites, stop and remove processes, unregister DLL files, search and delete all other Gphone.exe files and registry utility. Follow the Gphone.exe detection and removal instructions below.

The most typical software removal method is to remove Gphone.exe by using "Add or Remove Programs" service. However there may be hidden Gphone.exe files, running processes and registries in your computer, so Gphone.exe may recreate all other files after reboot.

Gphone.exe manual removal instructions

Block Gphone.exe sites:
rnd009.googlepages.com Read more how to block Gphone.exe sites

Stop and remove Gphone.exe processes:
DEFAULT_NOT_SET.exe
New Folder.exe
gphone.exe Read more how to kill Gphone.exe processes

Locate and delete Gphone.exe registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares\”shared” = “[ROOT FOLDER]\New Folder.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Yahoo Messengger” = “%System%\gphone.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe gphone.exe”
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\”AtTaskMaxHours” = “0″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule\”NextAtJobId” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\”DisableRegistryTools” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NofolderOptions” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Page_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Default_Search_URL” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Search Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Start Page” = “http://rnd009.googlepages.com/google.html”
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\”HomePage” = “1″
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\”HomePage” = “1″ Read more how to delete Gphone.exe registry entries
Download registry cleaner to remove registry errors caused by Gphone.exe

Detect and delete other Gphone.exe files:
%Windir%\gphone.exe
%System%\gphone.exe
%System%\DEFAULT_NOT_SET.exe
C:\Documents and Settings\All Users\Desktop\gphone.exe
%Temp%\gphone.exe
%System%\gphone.exe
%DriveLetter%\New Folder.exe
%DriveLetter%\gphone.exe
[ROOT FOLDER]\New Folder.exe
[ROOT FOLDER]\gphone.exe
%DriveLetter%\autorun.inf
%Windir%\Tasks\At1.job
[ROOT FOLDER]\autorun.inf
C:\disk.txt
%System%\autorun.ini
%System%\setting.ini
%Temp%\log_[TIME AND DATE].txt

We strongly recommend you to use spyware remover to track Gphone.exe and automaticaly remove Gphone.exe processes, registries and files as well as other spyware threats.

Tags: Gphone.exe how to get rid of Gphone.exe how to remove Gphone.exe how to uninstall Gphone.exe

Posted in Backdoor, Worm

1. GA2
   January 22nd, 2009 at 9:48 am

   Hey where to execute the code u have kept the quotes

   can u make it clear how to get rid of it, i am suffering a lot bec of it

   Reply

   Luciana Reply:
   January 23rd, 2009 at 6:03 am

   Hello GA2,

   You don’t need to execute any code. If you’re looking for anti-spyware application, download the gphone.exe removal tool. If you wanna remove this infection manually, follow the manual removal instructions provided above. Block Gphone.exe site using this tutorial; stop and remove Gphone.exe processes using ‘how to kill processes’ tutorial, locate and delete Gphone.exe registry entries using this tutorial and finally delete other Gphone.exe files listed above.

   Reply

2. kiran kumar
   January 23rd, 2009 at 11:49 pm

   my humble thanks to the people who dsign this,i remove this virus processes,registry entries succesfully, once again thanks for providing good soltuions ,keep provide much more soltuions ,thanq, if any one want any infoamtion
   please mail me

   Reply

3. Jins2Win
   February 15th, 2009 at 2:08 am

   Hey this gphone virus has disabled my taskmanager as well as registry editor..now i cant stop its processes manually..tell me what should i do

   Reply

   Luciana Reply:
   February 17th, 2009 at 2:08 am

   Start your computer in a safe mode. Most of malicious processes are inactive in the safe mode so you should be able to deal with the Gphone.exe.

   Reply

   jackkk Reply:
   June 17th, 2009 at 6:52 am

   I started my computer in the safe mode but it did not help.This can be rectified by:
   Open the ‘run’ and type
   “REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f”
   in the blank space , then press OK.
   The task mansger can then be accessed in the normal matter(likr ctrl+alt +del)

   Reply

4. Virendra
   April 25th, 2009 at 10:50 am

   Hey whenever i am trying to open any of my desktop icons or other programs my system prompts the following message
   “windows can notaccess the specified device, path or file. You may not have the appro
   priate permission to access the item.”

   My PC infected by gphone.exe pls help to get rid of it.

   Reply

   Luciana Reply:
   April 26th, 2009 at 10:06 pm

   Hello,
   Please follow the removal instructions provided above. The error message you receive might be unrelated to the Gphone.exe infection.

   Reply

5. richard
   May 1st, 2009 at 12:06 am

   i used ESET NOD32 anti virus and it deleted the gphone.exe.

   but my problem now is that whenever i start windows, there is a window which says:

   cannot find gphone.exe, if u need to look for this application, use search button

   it goes something like that. its really bothering me alot and it slows down the start up..

   please help me

   Reply

   bryan Reply:
   May 1st, 2009 at 1:52 am

   Richard,
   now you have to delete gphone.exe from your startup files list: start -> run -> msconfig -> go to startup and uncheck gphone. This should help you.

   Reply

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Notify me of followup comments via e-mail

Click to cancel reply