Virus Alert

Please be cautious if you visit GLP.
After visiting i immediately got hit with a virus which has disabled all EXE. files on my laptop.
I can't open anything. The only thing i'm still able to do is get on line by going into "my computer" and selecting favourites.


Beware!!

whats GLP? sorry for asking but it is hard to avoid if you have no idea what GLP stands for or is.

GLP = Godlike Productions.

EDIT: Advice: Change the title to: 'Those with confidence in their anti-virus software, visit GLP"

reply to post by lifeform11



Godlike Productions.

A site kinda like this one.


Anyway OP thanks I once got a virus like that from ATS and had to re install everything on my laptop.

reply to post by bargoose

thanks for the heads up

thanks for clarifying what GLP is.

i'm sorry to hear the O.P. and others have had problems. thank you for making people aware. i'll make sure i avoid it
thanks for the warning

if you can get to 'my computer' and run 'favourites' (which have underlying .exe's),
you may have only lost the PATHEXT variable in the environment settings.

it should look like:
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

check if it is missing and re-add it.

Just something to try looking at to fix your pc

a very easy fix

if you can open internet explorer - you can open up windows explorer - it's the same thing (kinda)

depending on your os, you have to do the following.... in the file associations location locate click NEW type in .exe (it may complain that it already exists but plz continue) change the ADVANCED property to application...then apply, ok, whatever to save it.

problem solved

Originally posted by bargoose
Please be cautious if you visit GLP.
After visiting i immediately got hit with a virus which has disabled all EXE. files on my laptop.
I can't open anything. The only thing i'm still able to do is get on line by going into "my computer" and selecting favourites.

Beware!!

I am no expert but if you restart your computer and open in safe mode you can then opt to reconfigure settings to a date before you got the virus then as soon as you have done that down load super anti spy ware and run a scan to weed out any infected files.

Exe fix...
Broken EXE Association
Second line because of awesomeness....

Thanks for the fix ideas everybody! Much appreciated I'll give them a try and let you know how i get on.
This virus seems to have disabled safemode though! But i'll try the other solutions later. cheers!

Does it affect Macs?
Or is this just for Microsoft?

While this doesn't appear to be the same issue it does show the ease in which sites can be compromised.


Massive SQL injection attack making the rounds—694K URLs so far

There is a thread on here aboutanti gravity to, that if you click on the links, it takes you to a page full of viruses.

Are you not running an anti-virus program that protects against trojans and the like from being downloaded? I use Avast! and have never had an issue.

See if you can download Malware Bytes , once downloaded change it from a .exe to a .bat and see if it will run. If so, get it to scan.

- Phoenix

I fell victim to this too.

The virus in question, for myself, was the XP Security Centre Anti-Virus 2011 which emulates your Security Centre in XP and is a pain to remove.

If altering file associations fails you may have to stop processes and edit registry - DO NOT edit any registry keys if you are not comfortable with this.

CTRL + ALT + DEL or CTRL + SHIFT + ESC to enter Task Manager, click Processes tab and stop the following process:

CB130_287.exe

Find and delete these files:

Navigate to the file folder using explorer (as explained in an earlier post, My Computer etc)

C:\Documents and Settings\All Users\Application Data\23077d\CB130_287.exe

Finally, remove Windows Antivirus 2011 Registry Values:

Only do this if you are comfortable making these changes. If not you may want to ask someone with a little more technical experience.

Go to Start and Run and type in regedit. You will need to find and delete the following registry keys. They may or may notexist. Do not delete anything not on this list or you risk deleting critical system files.

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “AntiVirusOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center “FirewallOverride” = “1″
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”

HKEY_CLASSES_ROOT\.exe\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\pezfile\shell\open\command “(Default)” = “%UserProfile%\Local Settings\Application Data\pw.exe” /START “%1″ %*
HKEY_CLASSES_ROOT\pezfile

I hope this may help.

reply to post by Pr0t0


The scareware file names tend to be randomly generated though you can mostly found out what it is via msconfig by going Start Menu -> Run -> Msconfig -> Start Up Tab and have a look through.

I echo what you've said though and only start going through the registry if you really know what you're doing otherwise you can make a mess of things.

OP feel free to u2u me for advice on spyware/scareware removal, this goes to anyone really

- Phoenix