By Seipher ยท 7 replies
Dec 28, 2008
  1. Hello,

    I recently got some type of spyware or malware on my PC. I can't begin to tell you how I picked it up, sorry. Anyway, I started getting a lot of popups taking me to antivirus2009. I quickly unplugged my cat 5 cable and restarted my PC but I was already to late. So I opened my process tree and started googling every process that I don't remember seeing often. gadcom.exe came back as a trojan on many sites. I ended the process but of course it keeps coming back.

    I also have C:\Documents and Settings\NAME\Application Data\gadcom\gadcom.exe which I can not delete off my harddrive.

    It also disabled my windows firewall and stopped my automatic updates. I was able to restart my firewall but now I can no longer start up my automatic updates. I assume it messed up my registry as well. I have a feeling this one runs a lot deeper than I will ever figure out. Im not a technician myself just have a little knowledge of PC's.

    Where do I go from here. What info do you need to help me. Thanks in advance.

  2. brucethetech

    brucethetech TS Enthusiast Posts: 229

    antivirus 2009 disables your access to all auto updates and firewall so do expect it or anything else to work right until you get rid of antivirus 2009. I've seen AVG antivirus detect and remove it but I wouldn't put money on it. If you don't feel comfortable digging around in your registry you may want to post a hijackthis log.
  3. sqwundle

    sqwundle TS Rookie

    Well this isnt an answer but i had the same thing couple a minuts ago which is very strange and i deleted it through avast and malwarebytes

    it also seems like many other people are getting this virus or malware to,

    i know how you feel
  4. Seipher

    Seipher TS Rookie Topic Starter

    I didn't actually install antivirus2009. It is just a IE popup i get that takes me to their site and try's to scan my PC. Which I quickly shut down everytime. I went to add/remove in control pannel to try and see if I somehow got antivirus2009 software unknowingly and It doesnt exist as software on my PC. But, I noticed while doing this I had a software called "Advertisement Services" lol. I of course removed this quickly. It must have came as a package deal to this gadcom.exe virus.

    Im trying to figure out how or where to get this hijack software and info for you. Soon as i figure it out Ill post an update.
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  6. Seipher

    Seipher TS Rookie Topic Starter

    lol there should be a warning for these 8 steps. (May [will] take 5+ hours to complete all scans).

    Just trying to make light of the situation. Anyway, to update. I have completed all the way through step 4 so far. Seems like the job has already been done but I will finish all 8 steps just to be sure.

    Here's what I have found so far.

    1. Avast! located Win32:Trojan-gen {other} inside of C:\Documents and Settings\NAME\Application Data\gadcom\gadcom.exe

    2. Did a scan after reboot with Avast and deleted various files but it didnt delete the gadcom.exe file. However, gadcom.exe no longer loaded in the process tree.

    3. Skipped step 3 as this seemed really broad and I don't have any programs that monitor my PC until i installed these news ones listed in the 8 steps.

    4. Malwarebytes seemed to really be the one that did the trick. After running the scan it deleted the ...\application data\gadcom\gadcom.exe file.

    5. After running Malwarebytes, deleting corrupted files, and restarting my PC, I was actually able to turn Windows Automatic updates back on.

    Anyway, I thought I would give an update. I am running SAS now but i have a feeling the guys post above about simply running Avast / Malwarebytes can fix this one. Will submit the (3) files soon.

    Here are my 3 files.

    Attached Files:

  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    The following entries (although not exactly counted as Spyware) can be safely removed from HJT
    Please run HJT and place a tick next to all the following, then "fix" all of them
    Then go to add\remove Programs in Control Panel
    And remove BitComet

    Once this is done restart
    Then open Malwarebyres again (again?) yes again! If you want to catch the remaining malware
    Make sure that it's fully updated, then run a full scan
    Please submit the new log once all found malwares are removed (by you again)

    Also reply back with how the computer is running from doing all this :)
  8. Seipher

    Seipher TS Rookie Topic Starter

    KK Ive had sleep woot. So, I deleted Bitcomet (although i havn't had this software running in 4 weeks +) restarted my PC and ran Malwarebytes again. You were right, it found 1 last item and removed it as well.

    I decided agaisnt running HJT again and deleting those listed files because all of them are part of software that I actually run on my PC. Some of them are actually important if I ever want to update that software again. For instance, ALCMTR.exe is needed to update my Realtek Audio driver and below is a quote from

    "Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. If you delete this file, then you will not be able to properly update your drivers in the future. It is therefore recommended that you disable the startup instead."

    SOOOO... Yes I don't like the fact that Realtek has something monitoring my PC, but if i ever want an update i need it :( This is just something I think the consumer is going to have to get use to I'm afraid. To many software packages come with these things.

    All this being said, my computer is running great again. If anything is still on it, its unnoticable and not corrupting my computers performance any. I want to thank you for all of your help and I appreciate this webiste being here for people like myself who need the support but can't always afford to pay for it. Below is the last Mbam log you requested.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...