Sign In
Create Account
0
Had a problem with one of our computers. Obviously phony anti-spyware ads aggressively popping up, couldn't access the Internet, etc. Used another computer to download Malwarebytes basic program onto a memory stick and ran it on the infected computer. Worked great, clobbered everything except for this one bit of malware.
Every time we try to log in, we get an endless hourglass. Every 15 to 60 seconds, up pops what appears to be a phony window trying to pose as a Microsoft message, saying [I'm paraphrasing a little here]: "gmres.exe has encountered a problem and needs to close. Sorry for the inconvenience. We have prepared a report to Microsoft. Please send report." There are the usual Send and Don't Send buttons. We click Don't Send, and go back to the endless hourglass until the next copy of the window pops up. Tried Cntrl Alt Delete, highlighting and deleting gmres.exe, but it regenerates itself immediately.
We've tried running the Malwarebytes full scan again and also ran a Microsoft Windows Malicious Software Removal Tool (KB890830) . Neither could remove it. The MS tool said the infection was at C:\WINDOWS\system 32\drivers\NDIS.sys but the MS tool said they recommend "a full scan with an anti-virus product." Thought that's what the MS product was.
Then we Googled gmres.exe and found a PrevX website that said (yesterday, but not today) that gmres.exe was a virus that started on June 3, 2009. Do not know PrevX so held off for now on any purchase.
Has anyone encountered this virus? Any suggestions on how to clear it? Thanks.
Back to top
#2
Posted 07 June 2009 - 06:12 PM
-
- Trusted Advisors
-
- 658 posts
Elite Member
- Gender:Male
- Location:Bulgaria
Seems to be detected by SAS as well ?
http://www.superanti.../GMRES.EXE.html
Follow the instructions below:
Someone will be happy to assist you further with cleaning your system.
http://www.superanti.../GMRES.EXE.html
Follow the instructions below:
- Please read and follow the instructions provided here: I'm infected - What do I do now?
- If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
Someone will be happy to assist you further with cleaning your system.
#3
Posted 08 June 2009 - 12:53 AM
-
- Members
-
- 4 posts
New Member
Botgo, on Jun 7 2009, 02:05 PM, said:
Had a problem with one of our computers. Obviously phony anti-spyware ads aggressively popping up, couldn't access the Internet, etc. Used another computer to download Malwarebytes basic program onto a memory stick and ran it on the infected computer. Worked great, clobbered everything except for this one bit of malware.
Every time we try to log in, we get an endless hourglass. Every 15 to 60 seconds, up pops what appears to be a phony window trying to pose as a Microsoft message, saying [I'm paraphrasing a little here]: "gmres.exe has encountered a problem and needs to close. Sorry for the inconvenience. We have prepared a report to Microsoft. Please send report." There are the usual Send and Don't Send buttons. We click Don't Send, and go back to the endless hourglass until the next copy of the window pops up. Tried Cntrl Alt Delete, highlighting and deleting gmres.exe, but it regenerates itself immediately.
We've tried running the Malwarebytes full scan again and also ran a Microsoft Windows Malicious Software Removal Tool (KB890830) . Neither could remove it. The MS tool said the infection was at C:\WINDOWS\system 32\drivers\NDIS.sys but the MS tool said they recommend "a full scan with an anti-virus product." Thought that's what the MS product was.
Then we Googled gmres.exe and found a PrevX website that said (yesterday, but not today) that gmres.exe was a virus that started on June 3, 2009. Do not know PrevX so held off for now on any purchase.
Has anyone encountered this virus? Any suggestions on how to clear it? Thanks.
Every time we try to log in, we get an endless hourglass. Every 15 to 60 seconds, up pops what appears to be a phony window trying to pose as a Microsoft message, saying [I'm paraphrasing a little here]: "gmres.exe has encountered a problem and needs to close. Sorry for the inconvenience. We have prepared a report to Microsoft. Please send report." There are the usual Send and Don't Send buttons. We click Don't Send, and go back to the endless hourglass until the next copy of the window pops up. Tried Cntrl Alt Delete, highlighting and deleting gmres.exe, but it regenerates itself immediately.
We've tried running the Malwarebytes full scan again and also ran a Microsoft Windows Malicious Software Removal Tool (KB890830) . Neither could remove it. The MS tool said the infection was at C:\WINDOWS\system 32\drivers\NDIS.sys but the MS tool said they recommend "a full scan with an anti-virus product." Thought that's what the MS product was.
Then we Googled gmres.exe and found a PrevX website that said (yesterday, but not today) that gmres.exe was a virus that started on June 3, 2009. Do not know PrevX so held off for now on any purchase.
Has anyone encountered this virus? Any suggestions on how to clear it? Thanks.
#4
Posted 08 June 2009 - 12:54 AM
-
- Members
-
- 4 posts
New Member
Botgo, on Jun 7 2009, 02:05 PM, said:
Had a problem with one of our computers. Obviously phony anti-spyware ads aggressively popping up, couldn't access the Internet, etc. Used another computer to download Malwarebytes basic program onto a memory stick and ran it on the infected computer. Worked great, clobbered everything except for this one bit of malware.
Every time we try to log in, we get an endless hourglass. Every 15 to 60 seconds, up pops what appears to be a phony window trying to pose as a Microsoft message, saying [I'm paraphrasing a little here]: "gmres.exe has encountered a problem and needs to close. Sorry for the inconvenience. We have prepared a report to Microsoft. Please send report." There are the usual Send and Don't Send buttons. We click Don't Send, and go back to the endless hourglass until the next copy of the window pops up. Tried Cntrl Alt Delete, highlighting and deleting gmres.exe, but it regenerates itself immediately.
We've tried running the Malwarebytes full scan again and also ran a Microsoft Windows Malicious Software Removal Tool (KB890830) . Neither could remove it. The MS tool said the infection was at C:\WINDOWS\system 32\drivers\NDIS.sys but the MS tool said they recommend "a full scan with an anti-virus product." Thought that's what the MS product was.
Then we Googled gmres.exe and found a PrevX website that said (yesterday, but not today) that gmres.exe was a virus that started on June 3, 2009. Do not know PrevX so held off for now on any purchase.
Has anyone encountered this virus? Any suggestions on how to clear it? Thanks.
Every time we try to log in, we get an endless hourglass. Every 15 to 60 seconds, up pops what appears to be a phony window trying to pose as a Microsoft message, saying [I'm paraphrasing a little here]: "gmres.exe has encountered a problem and needs to close. Sorry for the inconvenience. We have prepared a report to Microsoft. Please send report." There are the usual Send and Don't Send buttons. We click Don't Send, and go back to the endless hourglass until the next copy of the window pops up. Tried Cntrl Alt Delete, highlighting and deleting gmres.exe, but it regenerates itself immediately.
We've tried running the Malwarebytes full scan again and also ran a Microsoft Windows Malicious Software Removal Tool (KB890830) . Neither could remove it. The MS tool said the infection was at C:\WINDOWS\system 32\drivers\NDIS.sys but the MS tool said they recommend "a full scan with an anti-virus product." Thought that's what the MS product was.
Then we Googled gmres.exe and found a PrevX website that said (yesterday, but not today) that gmres.exe was a virus that started on June 3, 2009. Do not know PrevX so held off for now on any purchase.
Has anyone encountered this virus? Any suggestions on how to clear it? Thanks.
#5
Posted 08 June 2009 - 01:07 AM
-
- Members
-
- 4 posts
New Member
Sorry about last posts,
I'm a first time user and did not realize that the system kept posting my original post as "replies" as I tried to reply to B-boy/StyLe/'s post.
B-boy: Thanks for replying, but then I downloaded the SAS program to a memory stick and tried running it on the infected computer twice. Both times it began running the scan, and after a minute or two I got the Windows "blue screen of death," i.e., the dark blue screen with white letters telling me that Windows had a serious problem and was shutting down for its own protection. Don't seem to be able to find an easy way around this one.
I'm a first time user and did not realize that the system kept posting my original post as "replies" as I tried to reply to B-boy/StyLe/'s post.
B-boy: Thanks for replying, but then I downloaded the SAS program to a memory stick and tried running it on the infected computer twice. Both times it began running the scan, and after a minute or two I got the Windows "blue screen of death," i.e., the dark blue screen with white letters telling me that Windows had a serious problem and was shutting down for its own protection. Don't seem to be able to find an easy way around this one.
#6
Posted 08 June 2009 - 01:40 AM
-
- Trusted Advisors
-
- 658 posts
Elite Member
- Gender:Male
- Location:Bulgaria
You can try to start your computer in Safe Mode.
Navigate to your SUPERAntispyware installation directory and run => BootSafe.exe
Choose Safe Mode - Minimal.
Click Reboot.
Now navigate to your SUPERAntispyware installation directory and run => Runas.exe (alternate start).
Choose Preferences => Scanning Control and set these options:
Click Close and choose Scan Your Computer.
Select Drive C (or your System Drive) and select Perform Complete Scan.
Choose Next.
Remove everything that is found.
Reboot your PC in Normal Mode.
After that scan with Malwarebytes' Anti-Malware 1.37.
* Navigate to Update tab and select "Check for updates".
* Make sure the "Perform Quick scan" option is selected.
* Then click on the Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully.
* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
Post your logs here and you will receive help from MBAM forum experts as soon as possible.
Best regards,
B-boy
Navigate to your SUPERAntispyware installation directory and run => BootSafe.exe
Choose Safe Mode - Minimal.
Click Reboot.
Now navigate to your SUPERAntispyware installation directory and run => Runas.exe (alternate start).
Choose Preferences => Scanning Control and set these options:
Click Close and choose Scan Your Computer.
Select Drive C (or your System Drive) and select Perform Complete Scan.
Choose Next.
Remove everything that is found.
Reboot your PC in Normal Mode.
After that scan with Malwarebytes' Anti-Malware 1.37.
* Navigate to Update tab and select "Check for updates".
* Make sure the "Perform Quick scan" option is selected.
* Then click on the Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully.
* Click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
Post your logs here and you will receive help from MBAM forum experts as soon as possible.
Best regards,
B-boy
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
