Infected with W32/Gaobot.worm.gen.u

Discussion in 'Malware Help (A Specialist Will Reply)' started by comwizz, Apr 26, 2008.

  1. comwizz

    comwizz Private E-2

    Hello everyone ,
    I have been having this problem of slow compilation and b.exe has stopped working alerts since a week and MS Vista detects the worm has W32/Gaobot.worm.gen.u . I am using Avast 4.0 Home edition and definitions are up to date . Just in case , heres my HijackThis log :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:45:00 PM, on 4/25/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.

    The laptop is getting slower . I have Windows Vista , please advice as I am starting to have problems with IE as well.
    Thanks,
    comwizz
     
    Last edited by a moderator: Apr 26, 2008
    comwizz, Apr 26, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    What is slow compilation??? And what is this b.exe program that you are trying to run?

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Apr 26, 2008
    #2
  3. comwizz

    comwizz Private E-2

    I am running g++ compiler for normal C++ code compiling and execution which have gotten slow

    As you have guided me , i have followed all the steps in the readme and the log files are attached .
    Thanks,
    comwizz
     

    Attached Files:

    comwizz, Apr 27, 2008
    #3
  4. comwizz

    comwizz Private E-2

    Also the MGTools log file that was required
     

    Attached Files:

    comwizz, Apr 27, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then it looks like SUPERAntispyware may have thought one of your programs was malware (see below). Probably due to the poor choice of name used for the executable. Many many trojans name themselves like this with single characters. SUPERAntispyware removed this
    Is drive F a removable drive? It is possibly infected and need to be cleaned. If the below files are found on it then delete them:

    F:\t.com
    F:\0hct8ybw.bat
    F:\ntdetec1.exe
    F:\ntdetec1 <--- a folder named anything like this



    Check your main boot drive for any of the above too!


    The above is this infection: http://www.symantec.com/security_response/writeup.jsp?docid=2008-010915-0259-99&tabid=2

    It will copies itself to all shared and removable drives on the compromised computer!!





    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.
    Other than the above, your slow downs may not be due to malware. But let's be safe and check for rootkits. Run this Running GMER to detect rootkits and attach the log.
     
    chaslang, Apr 27, 2008
    #5
  6. comwizz

    comwizz Private E-2

    I searched for the above files but couldnt find any of them . Also , as you say , the infection must be coming from a pen drive as I had one of my friend's pen drive inserted during the last week or so .

    I searched for the files , if anything more is required , do guide me.




    " The registry keys and values are successfully updated " was the message on following the instructions . The rootkit revealer log file is attached .
    Thanks ,
    comwizz .

    PS : I am still having the slow execution and exceptions being raised .
    The message shown while the Windows checks for a solution is

    Virus alert: Microsoft detected the W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm virus on your computer
    This problem was caused by W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm, a known computer virus .
     

    Attached Files:

    comwizz, Apr 28, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you really mean you used Windows Search, then don't use search. Use Windows Explorer and look for them yourself.


    It does not appear to be malware based on your logs.

    None of your logs show any of the signs of this infection. Exact what is detecting this and where is it being detected? Is it Windows Defender that is detecting it? Perhaps it is only seeing something that has already been quarantined or something that is in System Restore. You need to try and find out exactly where this worm is supposedly being detected. Just telling us the name is helpful, but when your system shows no signs of the malware, we need to know exactly what program is detecting worm and what files, folders, or registry keys it believes are the problem.

    The only items I found that are a problem were the ones I asked about on drive F and they are not related to this Worm.
     
    chaslang, Apr 28, 2008
    #7
  8. comwizz

    comwizz Private E-2

    I did that , but couldnt find anything in the root folders .

    I had downloaded a plugin KawigiEdit for the Topcoder Applet , which is an arena for programmers to compete . This plugin gives me the facility to compile on my local machine and find out the time it takes to execute before submitting a problem . While compiling a problem and then executing test cases , a fault of the kind b.exe has stopped working (illegal operation ) comes , and there is no fault in all the codes as I have tested them on the their server and I will again download the plugin and reinstall it and tell you if I am still having the problem .

    Thanks a lot for all your help ,
    comwizz
     
    comwizz, Apr 29, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What does this have to do with the trojan you say is being detected?
     
    chaslang, Apr 29, 2008
    #9
  10. comwizz

    comwizz Private E-2

    The trojan being detected is when b.exe stops working and I click on diagnose the problem , the result that Windows support gives is the virus alert message which i posted before about W32/Gaobot.worm.gen.u
     
    comwizz, Apr 30, 2008
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is b.exe part of your compiler programs? What do you mean Windows support? Do you mean Windows Defender?
     
    chaslang, Apr 30, 2008
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds