Tweet
Ok, 2 of my computers have got this virus/worm, and I have already looked it up on the net, and according to what several sites they, the anti-virus info on this worm are included in a 2003 update for norton, but the thing just keeps coming back up. The most annoying thing is not what the virus does (because to the best of my knowledge, it does nothing apparent, however I did see that it steals low security passwords or something worthless like that) but that the Norton virus alert just never goes away and I can't end process it, so it just keeps coming back. Anyone know how i can get rid of this? I did find the file it infected, it is Iexplore.exe, its using a window icon, and is in my Documents and Settings folder. When I tried to manually delete the thing it says that the program was currently running and cannot be deleted (JUST GREAT). Yea I was pretty p'oed by then.
-
♪♫♪♫♪♫♪♫♪♫♪♫
Failure teaches success.
. ▲
▲ ▲ -
i don't think i originally had that iExplore.exe file before, so i think it must've gotten in there SOMEHOW. Reassure me that this file doesn't belong in the Documents and Settings/All Users folder.♪♫♪♫♪♫♪♫♪♫♪♫
Failure teaches success.
. ▲
▲ ▲ -
like the blaster virus, you should be able to defeat it, with blaster you close a port, update your widnows, and it works, but how i dunno how to do it with this worm YET, i will see what i can do for youCode:1:Pred_FNM <ER>> guys, yellow + green is really shitty for forumcolours :p 1:lnx> what's wrong with that combination 1:lnx> I wear yellow-green clothes :( 1:Pred_FNM <ER>> i dont mean in clothes, in forums.. 1:lnx> kk 1:lnx> buy a black-white computer monitor if you don't like the colors foo
Comment
-
When you do, include the instructions on how to close the port too plz ^__^♪♫♪♫♪♫♪♫♪♫♪♫
Failure teaches success.
. ▲
▲ ▲Comment
-
There's no place like 127.0.0.1Comment
-
ok i found something here, very soon, virusalert.nl, dutch site so i will help you with that..
Gaobot.AA is an internetworm that uses two security problems of Microsoft Windows, it uses the same problem as W32.Blaster.worm.
the website says that you should use this like to remove the virus: http://security.symantec.com/sscv6/d...d=nl&venid=sym
1f. Start your pc with an origonal bootdisk.
2. check your system for the files and registry-entries (if they are there) and remove those manual
3.A. - Start pc in safty mode, CLOSE ALL PROGRAMS BEFOR REBOOTING
Take away the power for 30 sec (take out the plug DO NOT FORGET THIS! You have to do this!) then start the pc again, and while booting press ctrl or f8 depending on system and select safety mode
3.B. start "regedit"
Remove this from the register:
"Config Loader"="svchosl.exe" from
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\
RunServices
Close down computer, remove power again, and start how you always do
this is the page if you don't trust me and then u can ask another dutch player to help you: http://www.virusalert.nl/?show=virus&id=552Code:1:Pred_FNM <ER>> guys, yellow + green is really shitty for forumcolours :p 1:lnx> what's wrong with that combination 1:lnx> I wear yellow-green clothes :( 1:Pred_FNM <ER>> i dont mean in clothes, in forums.. 1:lnx> kk 1:lnx> buy a black-white computer monitor if you don't like the colors foo
Comment
-
Do what dotsy or fallen angel have said. You probably don't need to start from a boot disk if you haven't got one so long as you start in safe mode. Hijackthis might be easier to use to get rid of those registry entries if you're not familiar editing the registry (very useful to have hijackthis anyway) and scan again once those keys are deleted. If you use XP, disable system restore first then enable it when you've finished scanning as it could have backed up the worm.Comment
Comment