Spyware, Viruses, & Security forum

General discussion

C:\WINDOWS\system32\gaopdxcounter replicating on restart!

by donnio100 / March 16, 2009 5:01 AM PDT

hi guys! my computer has been struggling with a virus for the past week or so, im normally good at sorting these out but this one just wont give up!

just to briefly outline my problem:

computer began freezing and wouldnt allow and antivirus (avg) or spybot or malwarebytes to run so i disconnected the internet and started using safemode but even then spybot, avg and superanti spyware wouldnt run. even when removed and re-installed from a flash drive

i tried the trick of changing the file name (which worked for malwarebytes) however wont work for spybot / superanti spyware or avg. which still will not run.

malwarebytes finds the file named; C:\Windows\system32\gaopdxcounter and deletes it everytime its found however as soon as i restart the computer its back there again and starting it in normal mode causes it to freeze.

id like to get tips on how to get superanti spyware to run as it prompts saying 'the system administrator has made changes to not allow this program to run (when trying to install) and spybot simply doesnt run at all or prompt anykind of message.

im sick of wasting hours everyday trying to get this clean and do not want to have to format my computer. if i can get this gaopdxcounter file to stop replicating i think i might be able to beat it!

pleeeeeease help if you can Happy ive read many similar threads but none of the solutions have worked for me so far!

manythanks

donnio

windows xp
3 gb ram
pentium 4 3.2 ghz
ati 1650x pro graphics card

Discussion is locked
You are posting a reply to: C:\WINDOWS\system32\gaopdxcounter replicating on restart!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: C:\WINDOWS\system32\gaopdxcounter replicating on restart!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Give the following a try........

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys, TDSSspax.sys, gaopdxserv.sys, UACmxegjtve.sys

Highlight that driver and right click on it and select DISABLE - NOT uninstall.

Now RESTART your computer.

Download a copy of Malwarebytes but DO NOT run it yet.

Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.

Once the program is installed go to the UPDATE tab and try to update the program if you can.

Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.

Collapse -
i tried but no luck :(
by donnio100 / March 18, 2009 5:53 AM PDT

hiya thx for your response i tried to do what you suggested however the files that you suggested TDSSserv.sys, TDSSspax.sys, gaopdxserv.sys, UACmxegjtve.sys are not on the list!

what do these files do do they affect the system startup?

i can get malware bytes to run as long as i change the name extension however it deletes the trojan, then i scan again it shows its gone... then i restart in safe mode with no networking (or normal mode) and in both instanses the virus is back again!

really getting sick of scanning my computer all day the only scanners that will open are adaware and malware bytes and cc cleaner but i cant seem to update adaware.

anymore suggestions?

if i can stop the gaopdxserv file from replicating i think ill be ok!

many thanks

donnio

Collapse -
Best you can do is........
by Marianna Schmudlach / March 18, 2009 6:16 AM PDT
In reply to: i tried but no luck :(
Collapse -
thx
by donnio100 / March 18, 2009 8:57 PM PDT

THX ALOT HAVE POSTED THE RESULTS (sorry bout caps) will let u know if i hear anything!

Collapse -
Try this
by jimhannon / May 1, 2009 5:44 AM PDT

After exhausting searches on the subject, I found the culprit "gaopdxcounter" and the fix...
I copied mbam.exe, renamed it to xxx.exe and put it in the same directory as mbam.exe (Malwarebytes). I then started Malwarebytes by using the xxx.exe executable. Malwarebytes opened. I Then updated the program and ran a full scan. It found C:\Windows\System32\gaupdxcounter. After the scan and fix I started Superantispyware by using a tool on their website (Runsas.exe). This opened up the program and I was able to update it and run a full scan. It found and removed files from the same trojan. After rebooting I was able to finlly run MRT (Windows Malicious Software Removal Tool). It found 3 instances of "Alureon" which it fixed.
I rebooted and ran all the scans in Safe Mode just to make sure... Nothing was found. After booting into normal windows I found that I was unable to connect to the Internet. After further review I found that I had to add the DNS server numbers in Network Connections (TCP/IP). For some reason they were deleted. After doing that I had internet and everything worked as it should.
The real trick was getting Malwarebytes, Superantispyware and MRT to run. With the Malwarebytes trick and the download from Superantispyware, I was able to finally scan and fix.
Hope this will help somebody else with similiar problems.

Collapse -
Thanks For Your Info....
by tobeach / May 1, 2009 5:51 PM PDT
In reply to: Try this

I hadn't previously downloaded & saved the RunSAS.exe but I sure have now!!LOL! Thx again! Grin

Collapse -
Try this
by genesisgirl / June 9, 2009 1:09 AM PDT
In reply to: Try this

You are a legend! Thank you so much for the advice! I could kiss you Wink

Collapse -
Glad to help
by jimhannon / June 9, 2009 1:52 AM PDT
In reply to: Try this

I am glad that my post helped you... it can be very frustrating to not be able run the programs that can find and kill malware. Thanx for the kiss... just help out others if you can.
Jim

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.