Copyright 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

Becoming more common, but information is sparce.  URLs addressing the problem include:


The information is pretty much identical to:


A fix is available at the URL below. Save it to your desktop and then run it (thanks to Doug Knox):


If you cannot start your machine, even in safe mode, do the following (again from Doug Knox) to remove Gpix:


Doug has created two files, called novirus.reg and novirus.bat that can be used to clean a machine from DOS.


A predone BAT and REG file can be found at:

Instructions for use are at:


If you have a file called explorer.exe at c:\explorer.exe, rename it. There have been examples of that file being implicated.  Important note. Do not touch the file with the same name at c:\windows\explorer.exe.  That file is part of Windows.


The gpix problem *might* be related to but more evidence is required before a conclusion can be reached. Its purely guilt by association at the moment.  I would appreciate an email from anybody who has shellexpl.exe on their system. I would like to know if they, also, have hndldt.ini or winhndl.ini on their systems, and if their search engine has been hijacked by


Note: some people have shellexpl.exe, some have shellexpi.exe. Please keep feedback coming in (thanks to all who have emailed). Doug is updating the script to catch new/unsolved problems as often as he can :o)