Author Topic: GAOBOT-90 (Read 5766 times)

goto8OO · « **on:** February 29, 2004, 12:55:17 AM »

Avast us warning me about the worm gaobot-90 in my windows\system32-folder [msasm.exe]. I'm running XP, I'm currently downloading the microsoft-updates, and I've tried repairing the files with Avast but since the file is "used by another process" it can't delete it.

Any suggestions would be VERY appreciated!

RejZoR · « **Reply #1 on:** February 29, 2004, 01:28:37 AM »

Do a boot-time scan.

kevinM · « **Reply #2 on:** May 03, 2004, 02:11:47 PM »

Hi: I have gaobot-139 which is also in the operating system. What this **** worm does is also disable inet access to Norton, Macafee, and many other AV sites - sneaky eh? Avast detected it but I have the same problem: cannot repair as file in use etc. Did you manage to resolve this? I suspect it requires a registry edit.

kevinM

whocares · « **Reply #3 on:** May 03, 2004, 03:22:17 PM »

Hi,

what about above advice (boot-time scan) or Booting in SafeMode and deleting it then ? or killing the respective Process first ?

Also symantec offers tools against some GAOBOT=AGOBOT-Variants

did you use the board-search ?
enter: GAOBOT

ALSO change ALL your Passwords/PIN's/ onlinebanking-data etcetc. recently/ever entered on the PC

kevinM · « **Reply #4 on:** May 03, 2004, 03:59:55 PM »

Thanks, boot scan revealed it is there, could't repair it, and until I identify the function of the file it is in (awaiting reply from microsoft on this issue) the problem may get worse if I simply delete it, as I am wary of then disabling the whole operating system. Advice on pins etc appreciated, luckily I am too cautious to have that stuff on my home PC anyway, but will change passwords anyway. What I am having to do is use my work PC (where I am now)to find out as much as I can about it as any site with gaobot in the header/title cannot be accessed from my home PC!! this is how it 'protects' itself.
what a *********** nuisance.!!

whocares · « **Reply #5 on:** May 03, 2004, 04:05:36 PM »

you have not understood the functional difference between viruses and trojans: viruses infect, trojans copy themselves

just delete the file ( if other scanners confirm the infection) or move it to avast's chest, or to another different, empty folder.

bojler · « **Reply #6 on:** May 05, 2004, 03:16:05 PM »

Hi all. I have gaobot-219 which is in windows\system32\winhlpp32.exe. Avast detected it but it can't repair it. I don't want to delete it because i think that it is a system file

I found a gaobot removal tool on symantec site but it dont detect it.
I'm a newbie pls help me

kevinM · « **Reply #7 on:** May 05, 2004, 03:43:26 PM »

Hi:

I was advised by microsoft to follow the instructions on this link:
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wo.html

for a manual removal. This requires a registry edit and a number of other steps, haven't tried it yet though, will attempt later today. Problem I had was accessing syamantec in the first place, had to use another PC to get the info.!!

whocares · « **Reply #8 on:** May 05, 2004, 03:55:11 PM »

Quote from: bojler on May 05, 2004, 03:16:05 PM

I have gaobot-219 which is in windows\system32\winhlpp32.exe.

Hi bojler,

enter winhlpp32.exe
into the search here:
http://securityresponse.symantec.com/avcenter/vinfodb.html
and try to identify your variant.

or use Onlinescanners Trend, RAV and KAV to get another name for it
(Pause avast shield for this)

it is NOT a system file, just delete it

also try board-search above

Author Topic: GAOBOT-90 (Read 5766 times)

goto8OO

GAOBOT-90

RejZoR

Re:GAOBOT-90

kevinM

Re:GAOBOT-90

whocares

Re:GAOBOT-90

kevinM

Re:GAOBOT-90

whocares

Re:GAOBOT-90

bojler

Re:GAOBOT-90

kevinM

Re:GAOBOT-90

whocares

Re:GAOBOT-90