I spent oodles of hours on this and finally got it. I tried replying to other's questions but could not find a way to replay (tells you about my technical prowess.) Here's the answer I found:
GBuster or gbplugin is a horrible program that is heavily defended by the Brazilian banking developers. It is purposely designed to avoid removal numerous ways, uses files in program files/gbplugin and a system32/driver, my version was called gbpkm.sys, I'm on XP Home.
I tried all the canned reponses, no virus checker or malware program stood a chance. Restoring from before live existed on earth didn't work, upgrading the OS didn't work, using Avenger to weed out root-kits and bad stuff long before windows starts was the best shot but it didn't work and the Brazilian banks have successfully wiped out specialized programs designed to kill it. (of course reformatting your harddrive and starting with a blank disk would work.) Arg.
I have fixed it though. Much to my displeasure, I used a free Linux based too found here, and followed directions to a T, creating a Linux boot CD and using Linus based commands to navigate to the offending files, then rebooting in Windows, then editing the Registr to remove the doze or so entries:
For my Brazilian bank, Caixi Economica, the bad files are:
I found registry keys by searching for "gbplugin" and removing ones closely named too, for my pc:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\GblehObjClass
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef
Thanks for the sharing here. It can be beneficial to other community members who have the similar questions, the effort you give is very appreciated!
This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Well, at least it is not virus. the problem of those GPB Busters is that they turn on sometimes and keep using 50% of the CPU in a constant way.
Some small forms laptops like HP 2540 if using in a high processing for a long time, becomes extremely hot.
So in a way to override this, i restarted under safe mode, renamed the original folder (Usualy Program Files (x86)\GpbPlugin) and also renamed the executable.
It seems that it didnt load in the next boot, and didnt ask any user action.
Now user will have to test if his internet banking works or not without this program.