Do I have an active worm here??? (GBPOLL.EXE related)

Discussion in 'malware problems & news' started by slammer_JvA, Mar 11, 2004.

Thread Status:
Not open for further replies.
  1. slammer_JvA

    slammer_JvA Registered Member

    Feb 23, 2004
    Below sea-level. Safe and sound behind our dikes:
    Can anyone here help me out? (To see the forest for the trees again :oops:)

    Since a few weeks I occaisonally encounter a message when starting up my PC, about not being able to execute GBPOLL.exe o_O-or something like that(didn't copy the actual message, sorry, but it must ring a bell with you folks-I figure :D).
    After doing a bit of searching I understand it's got something to do with ROXIO software, and its capacity to restore (GoBack) previous setup.
    Simular to sytem restore in XP o_O

    I also see virus- and worm warnings in my quest with Google.
    On I found this:

    "W32/Agobot-CN is a worm that spreads via network shares. The worm also includes backdoor functions, allowing a remote intruder access to and control over the computer via IRC.
    In order to run automatically when Windows starts up the worm copies itself to the file msconfig32.exe in the Windows system folder and may add registry entries referring to the file to:


    W32/Agobot-CN copies itself to available network shares. The worm uses a list of login names and common passwords to gain access the network shares.

    The worm will terminate processes with the following names:

    Do I have a worm active here? And if so, can anyone shed some more light on this or tell me what to do and/or where to go ? I just don't know enough of this stuff (yet).

    Thanks in advance! *puppy*

    P.S. I will read about wormguard while waiting on reply :)
  2. Storm

    Storm Registered Member

    Nov 8, 2003
    Hi slammer!

    Try an online virus scan, for example Housecall:

    If that comes out clean, crosscheck with another one, for example Panda ActiveScan:

    Else you could try deinstalling and reinstalling the GOBACK Stuff...

    If the problem persists you could post an Hijackthis!-Log in the corresponding Wilders Forum for the Pros to look at


  3. Bronte

    Bronte Registered Member

    Apr 2, 2004

    GBPoll.exe belongs to Roxio's "GoBack" software - a wonderful program now owned by Symantec. I personally couldn't live without it! It's better than System Restore in WinXP. The following is a description of the program:

    "Roxio's GoBack software allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users."
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.