I'm using AVG anti-virus.I face a problem about .gif file.Even I know that it is an image file,avg shows it as a virus.Firstly,I didn't agree to AVG,But when I see processes in Task manager ,One process I saw is 1.gif,I scroll down,I saw 2.gif,3.gif and so on.When I tried to end the process,I couldn't.I find these(1.gif,2.gif...) files in %temp%(ie. from run command).I couldn't delete it.I used unlocker to delete,and finally all removed from processes also.But after a while condition is same.So I need help,How to remove it.
Hello, deepu... this is my understanding of the gif problem... yes, a gif extension is defined as an image file, or a series of images with instructions for the hosting image software so as to show animation... timings etc.
But what application runs the gif in your system depends upon file associations in your reg, and a piece of malware can subvert those so as to run a "gif" as an executable, and name an executable code file as a gif file. A decent malware will replace the files that you successfully delete from hidden spares. Try this:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-Important! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.