Need help to remove W32 Gaobot worm

I have picked up a w32/gaobot.worm.gen.e on my laptop - HELP - how do I remove this worm??

Many thanks mdturner, will let you know of the results when done.

Cheers

Hoi mdturner; ok - did not manage to delete the virus file'

 

I have Windows Vista and on HKEY - LOCAL I cannot find \ RunServices? I have also checked other files in the area for a "Generic Service Process", bit has not picked up details. Could you check and maybe give me an alternative option?

 

Many thanks.

I have picked up a w32/gaobot.worm.gen.e on my laptop - HELP - how do I remove this worm??

Hi Trainer

 

The gaobot removal tool from this Symantec document may help

 

http://www.symantec.com/security_response/writeup.jsp?docid=2004-011316-4140-99

This will be interesting

 

1. The removal Tool may not be updated with the newest detections, removal of newest Gaobots

2. Page states updated "June 15, 2006 12:00:00 AM"

3. Only goes up to XP

 

Quads

The above post is NOT sarcastic comments!

 

It will be interesting, because of the fact it's Vista etc.

 

Also the fact that I remember being told, From Symantec that a lot of the time the fix / removal tools are not kept up to date for new variants, unless it is seen as needed, like the Threat is still in the wild.

 

Like the removal tool for W32.Virut.CF does not remove all Viruts

 

Or like the technical details and removal instructions for Tidserv does not cover all variants of what Norton can detect as Tidserv.

 

Quads 

Hi Quads / mdTurner;

 

Thanks guys - got rid of the virus.

 

However, on the 1st run of the Fix Gaobot Tool I disabled systems restore as stated in shortcut; (to the tee follwed instruc.)

http://www.symantec.com/security_response/writeup.jsp?docid=2004-040212-0834-99&tabid=3

This did not work as 15 minutes later I had windows popping the W32 virus in my face. I then shut down. Went out & came back late the afternoon and decided to do another run. Once in safe mode I realised that I had not gone back to system restore to disable it. decided to run the tool anyway. Once done did restarted.

 

I lost all username & passwords to all my forums and sites, but got rid of the virus. (Kept hard copy details of my usernames and password so nothing was lost.)

 

Just found it strange that it did got rid of the virus without system restore being disabled.

Thanks again guys - keep it up as your forum and info is very valueable to people like me that is a complete novice to the tech world of pc / laptops ect.

Hi

 

Thanks for getting back and giving this important piece of information,

 

"I lost all username & passwords to all my forums and sites, but got rid of the virus."

 

For anyone in the future in case it's the Removal Tool that deletes them, To save any of them first.

 

Quads 


Trainer wrote:

Hi Quads / mdTurner;

 

Thanks guys - got rid of the virus.

 

However, on the 1st run of the Fix Gaobot Tool I disabled systems restore as stated in shortcut; (to the tee follwed instruc.)

http://www.symantec.com/security_response/writeup.jsp?docid=2004-040212-0834-99&tabid=3

This did not work as 15 minutes later I had windows popping the W32 virus in my face. I then shut down. Went out & came back late the afternoon and decided to do another run. Once in safe mode I realised that I had not gone back to system restore to disable it. decided to run the tool anyway. Once done did restarted.

 

I lost all username & passwords to all my forums and sites, but got rid of the virus. (Kept hard copy details of my usernames and password so nothing was lost.)

 

Just found it strange that it did got rid of the virus without system restore being disabled.

Thanks again guys - keep it up as your forum and info is very valueable to people like me that is a complete novice to the tech world of pc / laptops ect.


Hi Trainer

 

Good to hear that the Fix Gaobot Tool worked for you and your system is now OK.