simon

Search your computer for gdiwxp.dll. Looks most Anti-Spyware program cannot catch it as it is not updated in their database. If you found the file, then your computer is infected with an e-gold torjan. Do not login to e-gold till you get rid of this torjan.

If you are using Internet Explorer, that will be a good idea to choose FireFox.

Here is what mctrask of MommyJobs posted:

jambutty

This gdiwxp.dll has been doing the rounds for quite some time now simon but thanks for the warning and the detailed summary.

Those members who have read http://goldentalk.com/t17591.html have been aware of it and have taken whatever steps have been necessary to protect their E-Gold.

But I still have gdiwxp.dll in WINDOWS>SYSTEM32 with a difference. My version is a simple text file with a couple of meaningless words in it and the file attributes have been set to “Read Only”. The theory is that if something tries to infect me again by writing gdiwxp.dll in WINDOWS>SYSTEM32 it can’t because there is a file with that name already in place and it cannot be overwritten.

Since my ‘dummy’ file has been in place I haven't been infected again and I have surfed all the sites that I used to when I got infected the first time.

Maybe I have been lucky or my ruse works. I guess I will never know.

There are some other suspect files that may be variations of the original:
gdiw2k.sys
gdi32.dll
gdi.exe
gdiplus.dll
I’m trying to pluck up courage to do the same with those but as they can be deleted in the normal way maybe they are not nasties.

jennyd

Hi thanks for the post on this. After reading your post jambutty i did a search on my system for "gdiwxp.dll" and came up nada! good right but i did a search with the other suspect files you posted:

gdiw2k.sys
gdi32.dll
gdi.exe
gdiplus.dll

And i came up with alot of these files..... well they are all gone from my system now but was prompted by windows that i needed these files... now im wondering why is that? oh well now im thinking of reformating and loading everything again since i have all my files backed up. Well let me know your opinion.. thanks

jambutty

Open up WordPad and type a word or two into it and save it as gdiwxp.dll to C:\WINDOWS\SYSTEM32.

Open My Computer and then C:\WINDOWS\SYSTEM32 and find gdiwxp.dll. Click on it once with the RIGHT mouse button and select Properties from the drop down menu that appears. In the window that comes up, near the bottom you will see the Attributes section. Click on Read-only and then Apply and OK. If anything tries to write a file named gdiwxp.dll to your computer it will not be able to and thus you will not get infected by it

Windows will report that a type of file is needed by windows because of its suffix not its content. If you have deleted those other files and your computer still works OK then they weren’t needed, were they? So it would now pay you to do with those like with gdiwxp.dll

Have just deleted gdiw2k.sys and gdiplus.dll and replaced them with Read-only files of the same name. On my computer right now with several programmes running gdi32.dll and gdi.exe are needed by one of them but I don’t know which.

I shall see what develops.

jambutty

With gdiw2k.sys - gdiwxp.dll and gdiplus.dll replaced with Read-only files I closed down my computer toddled off to make myself a brew and came back and booted up again. Everything seems to work OK. Obviously because I can post this.

misiasiek

hahaha, i've always said that IE is scam. I have very old computer so i cant run winxp. win98 with mozilla and i don't need any antivirus program .

PS: IE program to reviewing the Internet from your computer and VICE VERSA :]

Mr_Chiang

thanks simon, I am scanning my computer for this file

zoyla

Do we have something new on this. This is quite old thread but I need to know about E-Gold Trojans more. DO we have some specific Trojan recently?

satria

Yes, indeed there is a trojan that can infect our computer and try to spend our egold fund in the background without our notice. The trojan is known as Win32.Grams
More info can be found here
http://www.secureworks.com/research/threats/grams/