Adware.Gator

E

Eileen

I ran Norton Anti Virus program on my computer and it found one threat
"Adware.Gator" I deleted it and ran Norton Anti Virus two more time and it
found "Adware.Gator" both times, I then went to the Symantec website and
downloaded the "Adware.Gator Removal Tool" and ran it and it said it did not
find Adware.Gator on my computer.
I then went to the Norton Log viewer and it said the "Delete Failed" on each
one of my attempts to delete it.
I ran Norton Anti Virus again it said, I still have one threat
"Adware.Gator".
What should I do to get rid of Adware.Gator?
I also downloaded, installed, updated and ran Ad-Aware, Spybot Search and
Destroy, and Spyware Blaster on my computer and I still have Adware.Gator on
my computer :-(
I am running Windows XP Professional and IE 6.
Thanks for any help,
Eileen
 
D

David H. Lipman

First go to Control Panel and the "add/remove applications" applet and remove it there.

Then...

1) Download the following item...

Adaware SE
http://www.lavasoftusa.com/

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using Adaware SE, perform a Full Scan of your platform and clean/delete
any parasites found.
5) Restart your PC and perform a "final" Full Scan of your platform using Adaware
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




| I ran Norton Anti Virus program on my computer and it found one threat
| "Adware.Gator" I deleted it and ran Norton Anti Virus two more time and it
| found "Adware.Gator" both times, I then went to the Symantec website and
| downloaded the "Adware.Gator Removal Tool" and ran it and it said it did not
| find Adware.Gator on my computer.
| I then went to the Norton Log viewer and it said the "Delete Failed" on each
| one of my attempts to delete it.
| I ran Norton Anti Virus again it said, I still have one threat
| "Adware.Gator".
| What should I do to get rid of Adware.Gator?
| I also downloaded, installed, updated and ran Ad-Aware, Spybot Search and
| Destroy, and Spyware Blaster on my computer and I still have Adware.Gator on
| my computer :-(
| I am running Windows XP Professional and IE 6.
| Thanks for any help,
| Eileen
|
|
 
E

Eileen

Hi Dave,
Thank you for your help,
I followed all the steps, when I finished I ran the Norton AntiVirus and it
found the Adware.Gator again I tried to delete it and got this message:
"Norton AntiVirus has found one or more files at risk on your computer that
it was unable to repair or safely quarantine. The name of the infected file,
the name of the threat infecting the file, the action taken, and the status
of the repair are displayed. If you have Internet access, connect to the
Symantec Security Response Web site and get more information about the
threat. Click the file name to see its complete path and file name."
I then went to the Symantec website and downloaded the "fix Gator" and ran
it but the fix Gator did not find it on my computer, I ran Norton's again
and got the same message.
Eileen
 
D

David H. Lipman

Where and what files are flagged as "Gator" related ?

--
Dave




| Hi Dave,
| Thank you for your help,
| I followed all the steps, when I finished I ran the Norton AntiVirus and it
| found the Adware.Gator again I tried to delete it and got this message:
| "Norton AntiVirus has found one or more files at risk on your computer that
| it was unable to repair or safely quarantine. The name of the infected file,
| the name of the threat infecting the file, the action taken, and the status
| of the repair are displayed. If you have Internet access, connect to the
| Symantec Security Response Web site and get more information about the
| threat. Click the file name to see its complete path and file name."
| I then went to the Symantec website and downloaded the "fix Gator" and ran
| it but the fix Gator did not find it on my computer, I ran Norton's again
| and got the same message.
| Eileen
|
|
| | > First go to Control Panel and the "add/remove applications" applet and
| remove it there.
| >
| > Then...
| >
| > 1) Download the following item...
| >
| > Adaware SE
| > http://www.lavasoftusa.com/
| >
| > 2) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 3) Reboot your PC into Safe Mode
| > 4) Using Adaware SE, perform a Full Scan of your platform and
| clean/delete
| > any parasites found.
| > 5) Restart your PC and perform a "final" Full Scan of your platform
| using Adaware
| > 6) Re-enable System Restore and re-apply any System Restore
| preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 7) Reboot your PC.
| > 8) Create a new Restore point
| >
| >
| > * * * Please report back your results ! * * *
| >
| >
| > --
| > Dave
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > | > | I ran Norton Anti Virus program on my computer and it found one threat
| > | "Adware.Gator" I deleted it and ran Norton Anti Virus two more time and
| it
| > | found "Adware.Gator" both times, I then went to the Symantec website and
| > | downloaded the "Adware.Gator Removal Tool" and ran it and it said it did
| not
| > | find Adware.Gator on my computer.
| > | I then went to the Norton Log viewer and it said the "Delete Failed" on
| each
| > | one of my attempts to delete it.
| > | I ran Norton Anti Virus again it said, I still have one threat
| > | "Adware.Gator".
| > | What should I do to get rid of Adware.Gator?
| > | I also downloaded, installed, updated and ran Ad-Aware, Spybot Search
| and
| > | Destroy, and Spyware Blaster on my computer and I still have
| Adware.Gator on
| > | my computer :-(
| > | I am running Windows XP Professional and IE 6.
| > | Thanks for any help,
| > | Eileen
| > |
| > |
| >
| >
|
|
 
E

Eileen

I am not sure what you mean, I ran Norton's again and got this:
Item information:
The file C:\Documents and Settings\eileen\Local
Settings\Temp\fsg_tmp\ginst_001_1234_4209.exe is a Adware threat.
Filename "ginst 001 1234 4209.exe"
Is this what you wanted to know?
Eileen
 
S

Syncme

Eileen said:
I am not sure what you mean, I ran Norton's again and got this:
Item information:
The file C:\Documents and Settings\eileen\Local
Settings\Temp\fsg_tmp\ginst_001_1234_4209.exe is a Adware threat.
Filename "ginst 001 1234 4209.exe"
Is this what you wanted to know?
Eileen
Click to expand...

That is what he was asking for.
Go to the directory and delete that file. Re-boot and scan again...
It should go away.
Chances are it is no longer loaded in memory, it is probably just a residual
from the time it was installed(that's why it's in your temp directory).

Syncme
 
D

David H. Lipman

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode and shutdown as many applications as possible
3) Using your NAV software, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
6) Reboot your PC.
7) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html






| I am not sure what you mean, I ran Norton's again and got this:
| Item information:
| The file C:\Documents and Settings\eileen\Local
| Settings\Temp\fsg_tmp\ginst_001_1234_4209.exe is a Adware threat.
| Filename "ginst 001 1234 4209.exe"
| Is this what you wanted to know?
| Eileen
 
S

Syncme

David H. Lipman said:
Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Reboot your PC into Safe Mode and shutdown as many applications as
possible
3) Using your NAV software, perform a Full Scan of your platform and
clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP,Re-enable System Restore and
re-apply any
System Restore preferences, (e.g. HD space to use suggested 200 ~
400MB),
6) Reboot your PC.
7) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html






| I am not sure what you mean, I ran Norton's again and got this:
| Item information:
| The file C:\Documents and Settings\eileen\Local
| Settings\Temp\fsg_tmp\ginst_001_1234_4209.exe is a Adware threat.
| Filename "ginst 001 1234 4209.exe"
| Is this what you wanted to know?
| Eileen
Click to expand...
Since it is in "Local Settings\Temp" dumping the internet cache will do
nothing.
Sorry Dave... no offence intended.....

Use Windows Explorer to go to C:\Documents and Settings\eileen\Local
Settings\Temp\fsg_tmp
and delete the file ginst_001_1234_4209.exe
Try not to double click it.... that will install it again....
Might want to empty you recycle after....
Anyway, re-boot and scan again.
 
B

Bob

OK, I will try again, and will report back tomorrow and let you know how it
comes out. I am off to bed, thanks you both so much for your help.
Eileen
 
E

Eileen

OK, I went to "C:\Documents and Settings\eileen" and their was NO folder
named "Local Settings" the only folders were called "Cookies", "Desktop",
"Favorites", "My documents", "Start Menu", "User Data" and "Windows".
I then went to Start/Search/all files and folders and ran a search looking
for
"C:\Documents and Settings\eileen\Local
Settings\Temp\fsg_tmp\ginst_001_1234_4209.exe" and it found it in Folder
"C\Documents and Settings\eileen\Local Settings\Temp\fsg_tmp"
Should I try and delete it from the Search results? and why when I go to
"Explore/Local Disk (C:)/Documents and Settings/eileen" it does not show a
"Local Settings" folder?
Eileen
 
D

David H. Lipman

Thanx for the correction...

You are right, not in the TIF in the TEMP directory -- DOH !

--
Dave





| Since it is in "Local Settings\Temp" dumping the internet cache will do
| nothing.
| Sorry Dave... no offence intended.....
|
| Use Windows Explorer to go to C:\Documents and Settings\eileen\Local
| Settings\Temp\fsg_tmp
| and delete the file ginst_001_1234_4209.exe
| Try not to double click it.... that will install it again....
| Might want to empty you recycle after....
| Anyway, re-boot and scan again.
|
|
|
|
 
E

Eileen

Dave & Syncme
Should I try and delete it from the Search results? and why when I go to
"Explore/Local Disk (C:)/Documents and Settings/eileen" it does not show a
"Local Settings" folder?
Thanks,
Eileen
 
S

Syncme

Eileen said:
Dave & Syncme
Should I try and delete it from the Search results? and why when I go to
"Explore/Local Disk (C:)/Documents and Settings/eileen" it does not show a
"Local Settings" folder?
Thanks,
Eileen
Click to expand...

The reason it doesn't show up is because it is in a hidden folder to prevent
people from messing with things there.
This was my mistake.. I over looked that detail.
You can delete it from the search result also. It will probably be safer
than going digging through there...

Please let us know of your results.

Syncme
 
N

Nick FitzGerald

Syncme said:
Since it is in "Local Settings\Temp" dumping the internet cache will do
nothing.
Sorry Dave... no offence intended.....
Correct.

Use Windows Explorer to go to C:\Documents and Settings\eileen\Local
Settings\Temp\fsg_tmp
and delete the file ginst_001_1234_4209.exe
Click to expand...

I've seen a few of these of late...

Note that "Local Settings" is a system folder and probably not visible
(at least under a default Explorer config). You can "fix" that by
simply typing the full path into the Address bar (if it is not visible
enable it on the View, Toolbars menu).
Try not to double click it.... that will install it again....
Might want to empty you recycle after....
Anyway, re-boot and scan again.
Click to expand...

Actually, best bet is to remove the whole fsg_tmp folder -- anything
else in there is also stuff you are better to avoid.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

adware.gator 6
HDPlugin1019.dll 31
freeware / 'malware' 4
Threats discovered 5
finally removed adware.gator 2
several infections 1
Can't find files even though "Show hidden files & folders" 9
several infections help please 2

Top