I had a program called GOG.exe in the following folder:
C:\Documents and Settings\All Users\Application Data
The shortcut on your desktop will tell you the name and location of the EXE
If you download and run Procmon, you can find the rogue process with that tool, too
1. Strip the NTFS Security from the file by removing Inheritable permissions
2. Open a registry editor, and navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
3. Delete the string value called Shell
4. Open a command prompt, and use taskkill to terminate GOG.exe process; you may have to repeat the command more than once
5. Force a restart
6. Use IE and scan from http://safety.live.com
It's not a virus, or spyware... it's a process which hijacks the shell
Tidak ada komentar:
Posting Komentar