Copyright © 1999 - 2006, Sandra Hardmeier, All
Rights Reserved Worldwide
Last updated 20/08/2006
Becoming more common, but information is sparce. URLs addressing the problem include:
The information is pretty much identical to:
A fix is available at the URL below. Save it to your desktop and then run it (thanks to Doug Knox):
If you cannot start your machine, even in safe mode, do the following (again from Doug Knox) to remove Gpix:
Doug has created two files, called novirus.reg and novirus.bat that can be used to clean a machine from DOS.
A predone BAT and
REG file can be found at:
Instructions for use are at:
If you have a file called explorer.exe at c:\explorer.exe, rename it. There have been examples of that file being implicated. Important note. Do not touch the file with the same name at c:\windows\explorer.exe. That file is part of Windows.
The gpix problem *might* be related to martfinder.com but more evidence is required before a conclusion can be reached. Its purely guilt by association at the moment. I would appreciate an email from anybody who has shellexpl.exe on their system. I would like to know if they, also, have hndldt.ini or winhndl.ini on their systems, and if their search engine has been hijacked by martfinder.com.
Note: some people have shellexpl.exe, some have shellexpi.exe. Please keep feedback coming in (thanks to all who have emailed). Doug is updating the script to catch new/unsolved problems as often as he can :o)