Nasty w32.gaobot!inf Virus

Trotter

Hey, I wonder if anyone has heard of this variant of the Gaobot virus -
w32.gaobot!inf.

Im using XP and it seems to have got my PC by the curlies. This virus basically disabled my Norton Antivirus and stopped me from accessing antivirus websites by messing with my host file. I fixed the host file and got to the websites eventually.

I booted into safe mode, and ran the virus scanner but it told me the files couldnt be deleted. Weirdly enough, it seems to have deleted them anyway. Now when I run the virus check in safe mode, it finds nothing, yet when I boot into windows, my Norton is still refusing to open and the host file is messed up all over again.

I sense a reformat job is required.. but wont I have to pay my antivirus subscription again then?

Any help would be great,
Thanks!

The Muppet

Originally posted by Trotter
Hey, I wonder if anyone has heard of this variant of the Gaobot virus -
w32.gaobot!inf.

Im using XP and it seems to have got my PC by the curlies. This virus basically disabled my Norton Antivirus and stopped me from accessing antivirus websites by messing with my host file. I fixed the host file and got to the websites eventually.

I booted into safe mode, and ran the virus scanner but it told me the files couldnt be deleted. Weirdly enough, it seems to have deleted them anyway. Now when I run the virus check in safe mode, it finds nothing, yet when I boot into windows, my Norton is still refusing to open and the host file is messed up all over again.

I sense a reformat job is required.. but wont I have to pay my antivirus subscription again then?

Any help would be great,
Thanks!

A friend of mind had similar problems over the weekend. I got the machine this morning and it was trying to access the Internet and nortons antivirus wouldn't run on it even thought it was already installed. It wouldn't boot into safe moed either. As a last resort before the dreaded reformat etc I restored xp to last saturdays date (before he got the virus) then I deleted the resore points and rebooted. Then I installled the updates from microsoft and everthing appears to be working ok now but its early days.

Nick_oliveri

System restore and viruses dont go well together.
You say your hosts file was messed wit when you booted up normally. This is probably a registry key spawned by the virus.
If you can connect to the net in safe mode (fixing the hosts file) Download the removal tool or do it Manually

p.s This is the gaobot.zx variant tool and might not get rid of the biatch!!

Trotter

I downloaded both of the removal tools for gaobot on symantecs website last night but neither of them located any virus.

The trouble is, I know its there because my Norton wont open unless its in safemode, and when I run the virus scan it says its not infected.

Nick_oliveri

Ya may do it manually. And methinks you got this from an e-mail.
Corporate policy = Dont open mail u aint expectin
I hope you get this fixed and it hasnt spread to every .exe in your system. :eek:
Good luck

Trotter

I dont open iffy mails at all, my suspicion is it came in because I havent done the security patches from Microsoft in a few months.

I hope I can avoid the dreaded reformat! Thanks for your help!

The Muppet

Originally posted by Trotter
I downloaded both of the removal tools for gaobot on symantecs website last night but neither of them located any virus.

The trouble is, I know its there because my Norton wont open unless its in safemode, and when I run the virus scan it says its not infected.

Have you disable the system restore. This could be the infected file and as Its protected so NAV is unable to scan it hence the clean report.

Be aware that when you disable restore you LOSE all your restore points.

Nick_oliveri

F-prot told me that the Netsky was still in the restore files. Took me a few days to turn system restore off, i was quite stoned. Dont forget peeps if ya want F-prot download a "legit" version. Give them all your money