please someone helps me to get ride of this virus???

Recently i got the new virus which its name is :W32.HLLW.Gaobot.AA(its another name bla.exe).my firewall(mcafee) alerts me everyday for bla.exe.i searches this virus in the internet and i found that it has other name such as W32.HLLW.Gaobot.AA. i found a removal structure from sympatico and it said that i should :first turn off the System Restore then reboot the computer in safe mode. After that i have to use my antivirus for eliminating the virus.Actuelly i did all these ,i used my antivirus Mcafee also i used Mcafee Stinger but nothing found. i used Housecall trendmicro(online) ,microsoft malicious, virus removal tool but nothing found neither. This virus has made some new things in my Task manager:svchost.exe. i tried so much to end this process but it is impossible and it comes in again.
I would be appreciate that someone helps me to get rid of this crazy virus.

 

Hi hashem, I have moved your thread to a more appropriate forum as you had posted in the dedicated WormGuard support forum.
You should receive better attention here.

Pilli

 

If McAfee and TrendMicro are finding nothing you can't be sure you have W32.HLLW.Gaobot.AA. (or indeed Gaobot.AE)

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ae.html

http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.aa.html

Find out the file path of bla.exe and upload it here:- http://virusscan.jotti.org/
That might tell you what it really is. Look for bla.exe in TM and end the process there and try and delete it manually (you may need to go into 'safe' to delete).

If that fails post back giving the full file path of bla.exe.

You should have several instances of svchost.exe listed in Task Manager, and so long as the spelling is exactly correct and the file path is precicely C:\WINDOWS\system32\svchost.exe, they are legitimate entries. However svchost.exe should never appear in the startup tab of Run/msconfig; if it does it is bad. A legitimate instance of svchost.exe could however be hijacked to run a 'bad' .dll service.

 

I'm willing to bet he does have the Agobot or Gaobot worm. I've dealt with this pest before and it's a royal pain. Notice the name:
Scvhost.exe NOT Svchost.exe - Tricky.

More Info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.ae.html

1. Disable System Restore (Windows Me/XP)

2. Download MicroWorld AntiVirus Toolkit Utility

Download:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

DO NOT EXECUTE - UNPACK TO IT'S OWN FOLDER WITH WINZIP OR OTHER ZIP PROGRAM. REPLACE THE mwavscan.com FILE WITH THE OLD ONE BELOW. NOW YOU CAN CLEAN INFECTED FILES, NOT JUST SCAN FOR THEM.

Download:
Old mwavscan.com file
http://sr2.mytempdir.com/41598

3. Restart the computer in Safe mode or VGA mode

4. Run mwavscan.com and select clean.

5. Deleting the value from the registry
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit

Then click OK. (The Registry Editor opens.)

c. Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

d. In the right pane, delete the value:

"Config Loader"="scvhost.exe"

e. Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices

f. In the right pane, delete the value:

"Config Loader"="scvhost.exe"

g. Exit the Registry Editor.

UPDATE WINDOWS AS SOON AS POSSIBLE. MAKE SURE YOUR FIREWALL IS WORKING OR YOU WILL BE RE-INFECTED.

I HOPE THIS WORKS - GOOD LUCK!

 

i am so grateful of you guys.Finally i could eliminate this crazy virus. The most important thing that led to get rid of this virus was some registry keys. when i deleted some of the registry keys which refered to virus, the virus aremadicly gived up from my pc. thanks for your guidances.