Do I have an active worm here??? (GBPOLL.EXE related)

Discussion in 'malware problems & news' started by slammer_JvA, Mar 11, 2004.

Thread Status:
Not open for further replies.
  1. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    Hello,
    Can anyone here help me out? (To see the forest for the trees again :oops:)

    Since a few weeks I occaisonally encounter a message when starting up my PC, about not being able to execute GBPOLL.exe o_O-or something like that(didn't copy the actual message, sorry, but it must ring a bell with you folks-I figure :D).
    After doing a bit of searching I understand it's got something to do with ROXIO software, and its capacity to restore (GoBack) previous setup.
    Simular to sytem restore in XP o_O

    I also see virus- and worm warnings in my quest with Google.
    On sophos.com I found this:

    "W32/Agobot-CN is a worm that spreads via network shares. The worm also includes backdoor functions, allowing a remote intruder access to and control over the computer via IRC.
    In order to run automatically when Windows starts up the worm copies itself to the file msconfig32.exe in the Windows system folder and may add registry entries referring to the file to:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\

    W32/Agobot-CN copies itself to available network shares. The worm uses a list of login names and common passwords to gain access the network shares.

    The worm will terminate processes with the following names:
    ...
    GBPOLL.EXE
    ..."


    WHAT IS THIS? o_O
    Do I have a worm active here? And if so, can anyone shed some more light on this or tell me what to do and/or where to go ? I just don't know enough of this stuff (yet).

    Thanks in advance! *puppy*
    grtz,
    slammer

    P.S. I will read about wormguard while waiting on reply :)
     
  2. Storm

    Storm Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    46
    Hi slammer!

    Try an online virus scan, for example Housecall:

    http://housecall.trendmicro.com/


    If that comes out clean, crosscheck with another one, for example Panda ActiveScan:

    http://www.pandasoftware.com/activescan/com/activescan_principal.htm


    Else you could try deinstalling and reinstalling the GOBACK Stuff...

    If the problem persists you could post an Hijackthis!-Log in the corresponding Wilders Forum for the Pros to look at

    Greetz

    Storm
     
  3. Bronte

    Bronte Registered Member

    Joined:
    Apr 2, 2004
    Posts:
    1
    Hi!

    GBPoll.exe belongs to Roxio's "GoBack" software - a wonderful program now owned by Symantec. I personally couldn't live without it! It's better than System Restore in WinXP. The following is a description of the program:

    "Roxio's GoBack software allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users."
     
Loading...
Thread Status:
Not open for further replies.