« previous next »
Pages: [1]   Go Down

Author Topic: Win32:Gaobot-112 [Wrm]  (Read 4217 times)

0 Members and 1 Guest are viewing this topic.

plwilliams

  • Guest
Win32:Gaobot-112 [Wrm]
« on: May 01, 2004, 02:52:17 AM »
This afternoon I got a warning from Avast V4.1 Home Edition said that the subject virus was found in a sub directory of My Documents.  I tried all of the available options (delete, rename/move, etc.) but nothing worked.  I tried deleting the file manually, but in just a few seconds I saw it reappear in Windoes Explorer with the current time for the date modified, then a few seconds later it changed the date modified to an earlier time this afternoon (probably when I first got infected).  I tried rebooting in safe mode-command prompt and deleting the file, but it came back again.  I read somewhere that there is a registry entry that includes the text "yeahdude", but a search didn't find that.  HELP!!!  I'm tired of avast telling me every few minutes, and sometimes more often, that I have the virus  ???
Logged

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Win32:Gaobot-112 [Wrm]
« Reply #1 on: May 01, 2004, 08:01:33 AM »
ok its gaobot. Solution UPDATE WINDOWS! run windows update and download all updates. after you update then try deleting the file from the command prompt agian
Logged
"People who are really serious about software should make their own hardware." - Alan Kay

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3398
  • Avast shall conquer the whole world
Re:Win32:Gaobot-112 [Wrm]
« Reply #2 on: May 01, 2004, 08:05:20 AM »
Quote from: MacLover2000 on May 01, 2004, 08:01:33 AM
ok its gaobot. Solution UPDATE WINDOWS! run windows update and download all updates. after you update then try deleting the file from the command prompt agian

If the problem can't be fix it time to kill plwilliams HD and follow my advise as I post before.
Logged
Gigabyte 670 LGA1200 Full ATX MB | Intel Core i9-13900 CPU/LGA 1700 | GeForce Nvidia RTX-4070/12GB | 32GB DDR4 | 2 x 1TB Samsung SSD | W11 Home 64bit | Avast Premium v24.3.6108 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | Firefox 64bit | MalwareBytes Premium | Adguard Premium | CCleaner Portable | Macrium Reflect | 7-Zip

plwilliams

  • Guest
Re:Win32:Gaobot-112 [Wrm]
« Reply #3 on: May 01, 2004, 04:29:51 PM »
I followed the suggestion to update windows, though I do  keep it up to date with all the critical updates.  There were 10 'reccommended' updates that I went ahead a installed.  I then rebooted into safe mode and deleted the file via the command promt again.  I also saw that it was now included in my restore point data, so I turned off system restore, rebooted and turned it back on again.  I thought that this had somehow fixed the problem, as I couldn't see the file with Windows explorer and all seemed fine for a couple of hours.  Just about 10 minutes ago, it all started again  ???  What should I try next?
Logged

whocares

  • Guest
Re:Win32:Gaobot-112 [Wrm]
« Reply #4 on: May 01, 2004, 07:39:53 PM »
Hi,

Symantec has some removalTool for agobot=gaobot
-> search for it and try it.
Also read the description of gaobot there or on other AV-Sites

--> change ALL your passwords on the PC,
and make them SECURE and LONG and DIFFICULT

what WIN do you have ?

Where exactly was the infected File found (full path/folder/filename, e.g. c:\Windows\system32\virusfile.exe) ?

some general advice:


Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temp.Int.Files folder(s) (via IE->Extras-Internetoptions->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don't show it as infected, please send it in a password-protected zip-file to
virus@free-av.de/virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google

general removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

if you still can't remove it, you could post a logfile of Hijackthis here


-Secure your system:
   change passwords, secure shares, install patches/updates for WIN&IE;
   disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean ;)
- If needed, reenable system restore on Win ME/XP


Further Details and Links via the board search above ;)
Logged
Pages: [1]   Go Up
« previous next »