PDA

View Full Version : worm gaobot.l



Lovelee
18-12-2004, 01:59 PM
I have discovered that I have this worm GAOBOT.l and RBOT.NJ

I have hunted for cleaners, to no avail .. can anyone point me in the right direction pse .. :help:

Dannz
18-12-2004, 02:04 PM
Do you have virus protection that should get the worms if it is up to date

Peter H
18-12-2004, 02:07 PM
Try Google for a start.
Bye

Lovelee
18-12-2004, 02:09 PM
Good question ..hehe .. we bought this comp this week .. its used .. it hasnt gone quite right from the word go .. its using Nortons .. I prefer AVG .. and Nortons is up to date ..
I found the worms through trend.com housecall.

mark c
18-12-2004, 02:09 PM
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=23623

tweak'e
18-12-2004, 02:10 PM
firstly HOW do you know you have it?

Lovelee
18-12-2004, 02:10 PM
Im a googler ... its only giving me links to where the worm is mentioned .. ive googled for a cleaner for it .. to no avail :p

Lovelee
18-12-2004, 02:11 PM
Ive been to the link in reply #5 .. have you ?? one must pay for use of the cleaning tool

Lovelee
18-12-2004, 02:13 PM
Tweak ... i found it through housecall .. and they said it was non cleanable

mark c
18-12-2004, 02:15 PM
Yes I Have been there but didn't get far enough to see you had to pay! Shock Horror

TonyF
18-12-2004, 02:20 PM
The current Nortons lists all the W32.G... versions. Run your Norton again. Is Housecall picking up the Norton heuristic line ??

Lovelee
18-12-2004, 02:24 PM
oooooooooooo sorry Mark .. you dont have to pay for it ... they have a million worms on that page but not mine :(

Lovelee
18-12-2004, 02:26 PM
Norton heuristic line ??????????????????????????????

wassat ?????
and how would I know ..

Speedy Gonzales
18-12-2004, 02:31 PM
Try this download and run it

http://securityresponse.symantec.com/avcenter/FxGaobot.exe

TonyF
18-12-2004, 02:32 PM
Nortons recognises a virus through picking up a match with what is in its virus database. Maybe House call is spotting that. Where does Housecall say the infected file is located ? Do run your Nortons again. If it says all clear, then maybe relax.

Lovelee
18-12-2004, 02:33 PM
Ive juss looked at the list of viruses nortons holding here .. it assures me its up to date .. i see something called w32.hllw.g ... mine have been identified as just being as Ive posted at the beginning of this thread ..

Keep sloggin guys .. I have faith someone will get it !!

tweak'e
18-12-2004, 02:34 PM
where does it say it is and what OS are you running ?

http://www.symantec.com/avcenter/tools.list.html

FoxyMX
18-12-2004, 02:43 PM
Give Stinger a run as that will detect Mimail and the gaobot.l is listed as a variant of that worm. Failing that try Avast! Cleaner (http://www.avast.com/eng/down_cleaner.html) for the same.

Don't forget that you will have to disable System Restore to purge out anything contained in there. Also clear out the temp files, etc, etc.

Might pay to put the computer through the works listed in the Spyware/Virus FAQ as well.

zqwerty
18-12-2004, 02:44 PM
A heuristic method or process.

Computer Science. Relating to or using a problem-solving technique in which the most appropriate solution of several found by alternative methods is selected at successive stages of a program for use in the next step of the program.

Speedy Gonzales
18-12-2004, 02:45 PM
Try this and run it

http://securityresponse.symantec.com/avcenter/FxGaobot.exe

I posted this a few mins ago. It didnt work!

Lovelee
18-12-2004, 02:51 PM
HMMM well .. I took speedys advise .. the symantic said nothing there ..
Im running Xp Pro .. funny thing is the comp sometimes wont let me go to pages .. I have a link in my email to trademe .. (someones outbid me on a compass I want) . the link keeps coming up page not found ..
Ive taken down Foxies *avast* ... gonna run that now ..

cross your legs .. oo no .. fingers

Lovelee
18-12-2004, 02:53 PM
speedy #20 .. it worked for me :)

Lovelee
18-12-2004, 03:11 PM
well there ya go .... none infected .. though 2 files it couldnt scan ..
C:\Documents and Settings\Hiretech\Local Settings\Temp\Perflib_Perfdata_67c.dat... file could not be scanned!
and

C:\WINDOWS\SoftwareDistribution\EventCache\{97ED8B A7-723B-4A72-96BE-338A02E2E0BC}.bin... file could not be scanned!


I have a laptop running xp pro .. have no troubles there .. this one has a poltergeist or something

Lovelee
18-12-2004, 03:35 PM
Yer not gonna believe this .. but I checked everything stinger is still running .. and found nothing yet .. suddenly up pops Norton .. I got Bloodhound.Packed.3 and it cant repair it ... I was just logging into trademe .. has it come from trademe ?

FoxyMX
18-12-2004, 03:40 PM
Those two are in your Temp files and cache - I suggested that you clear them before running the AV proggies, remember? ;)

Ccleaner is a really good program to use prior to AV/maintenance on computers. Actually, since you say it is a "used" computer, I would be reformatting to get a nice clean little beastie if it were mine. :2cents:

tweak'e
18-12-2004, 03:43 PM
bloodhound is nortons generic term.

with worms you do not need to go to any site to be infected, simply being on the net is enough. there is little point being on the net if you do not have sufficent sicurity as you will be infected very quickly. install a firewall (or at least turn MS's one on) and go update windows.

Lovelee
18-12-2004, 03:51 PM
damn .. am i going mad .. is there no repair for Bloodhound.Packed.3 ?

Lovelee
18-12-2004, 03:53 PM
well that does it ..
Bugger Nortons .. I have 1 lappy and 2 other PCs .. all them run AVG .. and I have zero troubles .. Im uninstalling norton ..
Thanks guys ..

I might add ... Stinger has juss finished running .. and it shows 13 infected and repaired files ..

TonyF
18-12-2004, 03:56 PM
Maybe not so quick on Norton - it was doing its stuff. Did it not give the option of putting the file into quarantine ? Usual if it cannot repair.
As tweak'e says, get a firewall running anyway.
Cheers Tony

Lovelee
18-12-2004, 04:03 PM
I dont know bout uit doing its stuff .. I cannot believe this bloodhound came from trademe .. the comps been playing up from day one .. I have run avast .. housecall .. stinger .. norton .. and the w32 tool .. they are all giving me differing reports ..

Windows is updating now .. I will look see whats happening with the firewall

TonyF
18-12-2004, 04:13 PM
I cannot believe this bloodhound came from trademe


And why not ? You said Nortons fired up when you got onto Trademe.

FoxyMX
18-12-2004, 06:17 PM
I dont know bout uit doing its stuff .. I cannot believe this bloodhound came from trademe
I doubt that it has. Never had any problems on these two comps and this old PC lives on Trademe. :rolleyes:


.. the comps been playing up from day one .. I have run avast .. housecall .. stinger .. norton .. and the w32 tool .. they are all giving me differing reports ..
That is often quite normal - I nearly always pick up more junk with each tool used as none appear to catch absolutely everything.

It sounds to me like the PC could be infested with viruses, spyware and all that kind of junk, as they so often are. Reformat the thing, that will fix it. ;) :D