help me... please

Discussion in 'malware problems & news' started by clance, May 28, 2004.

Thread Status:
Not open for further replies.
  1. clance

    clance Registered Member

    Joined:
    May 28, 2004
    Posts:
    7
    i believe my pc is hit by some tough virus, coz even after i format my pc for 4 times, there is still pop up from my norton saying there is a virus like W32.Gaobot.gen!poly and W32.Randex.gen which after deleted, they just keep coming back again. this is veli frustrating and i have tried a couple antivirus program but none detected anything. i suspect maybe it can be hidden somewhere? Please note that the situation occurs again even after i format my pc.
    And the most worrying thing is my pc is going slower and slower.. :oops:

    apprieciate it if anyone kind expert would help me around.

    thanks.
     
  2. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Hello Clance !

    Welcome to Wilders :)

    Certainly your machine is in bad shape. Lets remove the nasty Gaobot first.

    1) Download the removal tools from here :
    http://securityresponse.symantec.com/avcenter/FxGaobot.exe

    2) Save the file to a convenient location, such as your downloads folder or the Windows Desktop.

    3) Close all the running programs before running the tool. If you are on a network or on Internet, disconnect the computer from the network and the Internet.

    4) If you are running Windows Me or XP, then disable System Restore else discard this step.
    How to Enable / Disable Win Me System Restore
    How to Enable / Disable Win XP System Restore

    5) Double-click the FxGaobot.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.

    Note: If, when running the tool, you see a message that the tool was not able to remove one or more files, run the tool in Safe mode. Shut down the computer, turn off the power, and then wait 30 seconds. Restart the computer in Safe mode by tapping F8 key at startup and run the tool again.

    6) Restart the computer.
    7) Run the removal tool again to ensure that the system is clean.
    :cool: If you are running Windows Me/XP, then re-enable System Restore.
    9) Run LiveUpdate to make sure that you are using the most current virus definitions and scan your machine fully Or Go here and do an online virus scan: http://housecall.trendmicro.com/

    Be sure and put a check in the box by Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.
    !.

    When you've done all show us the findings of removal tools and Antivirus scan.

    With Thanks !
    Newkid !
     
  3. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    the badboys keep coming back because your OS isn't patched against the new vulnerabilties. here are the two links which will help you out:

    W32.Gaobot.gen!poly

    W32.Randex.gen
     
  4. clance

    clance Registered Member

    Joined:
    May 28, 2004
    Posts:
    7
    hi guyz,
    thanks for your advices, actually i have tried all of that. I have been messing around with this worms things for whole night already and suddenly i realise my download folder is packed with antivirus and removal tools :eek:
    yet, i am still not sure i am free from the worms yet o_O since almost all the antivirus detected none during full scan but yet they detected the worms the moment i get connected to internet. and sometimes i even get 60 seconds restart order like the sasser worm but no sasser found in my pc :doubt:
    anyhow, i have left my pc running for whole night with norton on and it seems ok, maybe one of the downloaded items work actually though none seems to detect any o_O

    would be veli greatful if anyone here can give more advices, really appreciate that and thanks.

    ps. how can my pc gets the same virus even after i have reformat my pc?? is it because the worms stuck in my other drives :eek: i wont get to format my other drives since it is fully packed with movies and mp3 :'( really dun want to do that :ninja:
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    clance

    Do you use a firewall? Are you on broadband or dialup for a connection?
     
    Last edited: May 28, 2004
  6. clance

    clance Registered Member

    Joined:
    May 28, 2004
    Posts:
    7
    ya, i am using broadband. Errr.. no firewall, does norton antivirus auto protect count?? :rolleyes:
    din use any firewall program before, do you guyz have any nice one to intro to me.
    One more silly question, i notice there is as much as four svchost process running and sometimes one of it is taking 99 of my cpu usage :eek: is that normal?? i couldn't shut it down coz it said it is a critical system and everytime i end the process, my pc will restart in 60 second, works like i manually trigger the worm.. :p

    advice advice..

    thanks
     
  7. Newkid

    Newkid Spyware Fighter

    Joined:
    Apr 29, 2004
    Posts:
    225
    Location:
    Memphis
    Hi Clance !



    In order to look deeper into your problem, you need to install the Hijackthis from here.. http://www.zerosrealm.com/downloads/hjt.zip/

    Go there and download the zip file to it own permanent folder (i.e. C:\Hijack This\hjt.zip). Please not download the same either at desktop or in temp folder. This will allow it to make back-ups of any changes you make. This is important in the event you need to restore items you chose to fix with Hijack This.

    Now Unzip the file and double click on the HijackThis.exe icon. When finished loading click on the Scan button. Next click on the Save Log button.

    Now, copy the contents ; Start a new thread here and paste them, to be checked.

    Please do not fix anything yet as most of what it shows is either necessary or harmless.

    Someone there on the board will check it for you..

    With Thanks !
    Newkid !
     
  8. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    hello Clance, i'm glad your PC is working alright. i know how it can hurt when you lose your data specially if they are of the multimedia variety :D . did you follow those links i provided? you'll notice that Symantec states the attack of those worms due to some vulnerabilities . its important that you patch those holes in your OS. now go to Windows Update site and patch those holes. The specific links are in those Symantec links. SVCHOST utilising 99% CPU is bad indeed. there are lots of worms out there searching for vulnerable systems and when they find one they exploit that vulnerability and gets itself downloaded to that system. SVCHOST isn't a worm but its used and spoofed to get the worm in your system. so i can't stress enough, PATCH YOUR OPERATING SYSTEM. its good that your on-access scanner is catching the worm when the download is complete but if you don't apply those patches you'll forever get those virus warnings no matter what antivirus you use.

    oh by the way Norton auto-protect isn't a firewall. you can get Kerio firewall which is best among the free ones. Sygate and Zonealarm is good too.
     
  9. clance

    clance Registered Member

    Joined:
    May 28, 2004
    Posts:
    7
    hi guys,

    thanks for all your advices, i have done all the scanning, removal, patches, and so far the pc is running smooth again. at least for the pass 24 hours.
    So, maybe somehow one of the antivirus, removal tool and patches works although i not sure which one since there is a lot that i have tried :p
    Ah, it is a nice feeling to see my pc going smooth again and not getting restarted without a reason, so happy. Hopefully the virus wont come back. :rolleyes: this is my first time encounting a virus and it is really really frustrating, thanks veli much for all your guidance.
    hopefully i wouldn't be posting mssg asking for help again.. :rolleyes:

    thanks.. cheers cheers

    clance
     
Loading...
Thread Status:
Not open for further replies.