Help me please, w32.wallz and w32.hllw.gaobot on my computer

Hi,

I hope someone can help me as I am so frustrated, I have been trying to fix this myself all week

Orginally I just had the w32.wallz on my computer today a new one w32.hllw.gaobot popped up.

I couldnt get rid of the wallz with any virus scans and couldnt delete anything myself per nortons instructions because the registry nortons posted does not exist in my registry. So I did what anyone would do that doesnt know how to work on these things and did a system recovery on my computer, darnit the virus was still there.

By some miracle I found your site and followed your steps on this page http://forums.majorgeeks.com/showthread.php?t=35407, here are my results...I ran symantec security check and the details were terrible, hacker exposure check and trojan horse check both at risk. I have some open ports 1025 unused windows services block, 5000 sokets de trois v1.

adaware scan found 11 critical items which were fixed, ran scan again and it was clean but the trojan is still on my puter. Spybot found 64 problems, again, fixed those and ran scan again, said there were no threats.

I tried to run the online trojan scan but my system was shut down with the following message 'NT Authority/system' as the reason for shut down. Right after that Nortons finds a new virus the w32.hllw.gaobot which cant be deleted.

I followed all the steps listed on the page and everything comes back clean, well until the new virus today. I searched your site and found this thread http://forum.majorgeeks.com/showthread.php?t=61970&highlight=w32.wallz, I followed the instructions on that page as well. I downloaded microsoft windows anti spyware and it found nothing.


Note, I cant run in safe mode as I am on dial up. I have windows xp.

I just download hijackthis and will run a scan and save a file if you guys request it. I appreciate any help ya'll can give me. Thanks so much for reading this.

Signed,

A frustrated Flowerchild

 

Thank you I cant connect to the internet in safe mode for some reason, I did scan in safe mode and also in regular mode, I hope I didnt mess up anything. I'm embarrassed to say I dont know a thing about computers, stinger wasnt ran in safe mode because I couldnt connect to the internet. Can I add my isp in safe mode?? If thats possible I will go back and do the stinger again.

 

Ok, I will run stinger again and let ya know. Sorry I thought I had to be online to run stinger. I did run all the others in safe mode.

The zero knowledge freedom thing I have never used, it was already installed on my computer, I will just uninstall it along with weather bug.

I am off to boot in safe mode and run the scan will let ya know what happens. Thanks again

 

I ran the stinger and it didnt find anything, it says I have 878200 clean files. I deleted weather bug and the freedom zero knowledge, I never used freedom anyway, and no I wasnt aware it had a popup blocker lol. It wasnt doing a very good job of blocking those pop ups.

Once I get all this w.32 junk off my puter I will dl firefox, I have heard good things about it, I just never took the time to dl it. Man I have learned some very valuable lessons since this has happened.

 

Thanks for your help So far I havent had those annoying pop ups from the site pretending to be microsoft telling me I have infected files etc. So maybe those w.32 trojan thingys are gone, I hope so anyway.

I really appreciate your help, thanks for your patience with a not so computer advanced poster.

 

Well....I thought everything was ok, but I still have issues. I dont know whats going on. I ran everything again in safe mode and found lots of malware and browser highjackers. I am not getting any virus warnings just all this severe adware, malware, highjackers etc. Most of these are trying to get into my windows update. I saved a txtfile from the adware scan if you need to see that.

I was going to install the firewall along with the new browser this site recommends and found all these errors this morning. I keep getting a pop up that says edowpack.exe encountered a problem and needs to close then I lose my IE page.

I ran another hijackthis and have a file if you would like to see it.

 

Ok, the w32.wallz is back or it never left. Just got the alert from nortons

 

NO. We have a specific way of asking people to do steps here. Do not step into threads where people are already being helped especially in this forum. Thank you.

 

What???????? Mind you I am computer illiterate.

 

Hi Chaslang,

I was trying to do the steps in the how to protect yourself but my computer kept crashing right around the time the downloads were almost finished, grr. I kept getting more and more worms, viruses etc and finally I couldnt enable autoprotect on nortons. I ran all the scans again in safe mode, couldnt run any of the online scans because they wouldnt load. Spybot claimed I had no issues, adware claimed many and deleted but they always came back. Yep, sigh, this computer is in bad shape. I ran stinger in safe mode twice, it did delete a sasser worm but that was all it found. It wouldnt delete the w32.wallz or the hllw.gaobot and the computer kept crashing every few minutes so I did another recovery to see if maybe I could reinstall everything and start over trying to rid this machine of this junk. Of course the trojans are still here ugh.

I will post another hjt log as soon as I do all the steps in the read me first page since I have started over again.

 

Yes I thought I should dl a firewall first as well. I got to 98% and it stopped, I rebooted and am gonna try again now. Once the firewall is downloaded hopefully anyway, will it block any other trojans trying to get in? Or will it be infected since I have the w32.wallz trojan??

 

I finally got zonealarm to download, its the only firewall I could get to dl. I will post once I get all the steps finished, this could take awhile

Also our other computer has the exact same thing, so I am working on it as well. Should I make another thread for it? Between both of them I should learn alot about computers with your help of course. I really appreciate everything.

 

I finally got all my updates and everything on the read me first page finished. I am not getting the warning from nortons about the w32.wallz or the hllw.gaobot anymore. But I didnt delete anything, so maybe stinger got them??? Stinger said I had clean files tho, didnt show any findings.

The spybot scan showed data miners and I fixed those. Adware found 11 critical files, I fixed those and have saved a txt file if you need to see it. I have a hijackthis file for ya when youre ready to see it.

 

Yes this is still the first computer. Thanks

 

I'm sorry I did a reformat on my computer the system recovery thing and I thought I was starting over since I had to do that. Thats me just being computer dumb. The HJT file tho was right the first time around because that was before the reformat, when I redownloaded it I musta been in a hurry and not paying attention because I had been downloading all day. Sorry bout all that. I am off to fix the things you suggested will post when thats finished. Thanks for being patient

 

ok maybe I am not explaining things very well here or something. I first came here looking for help, worked on the puter with your help, something took over my puter after that because obviously I didnt do something right, whatever took over the computer took over my nortons antivirus and disabled auto protect, it crashed my computer several times etc, I couldnt even make a post here so I reformatted once. I explained I did a system recovery and started over with the steps, and posted again for help. I did what you said and downloaded all my windows updates a few at a time, downloaded everything I needed for the read me page and now here I am. Again I only reformatted once.

well the trojan was still on my computer after reformat.

Anyway, I just fixed the RO thing you told me to and checked this thread and thought before I do anything else you understood whats up here. Should I do the next step in your above post??

 

I downloaded all the critical updates, didnt dl sp2 because you told me not to

. I did run stinger in safe mode, it said I had clean files. Since downloading the updates I havent been getting a virus alert from nortons. But I didnt delete anything, so I dont know if its hiding out or what. Or would the patches get rid of it? I am just really computer illiterate, really I am, its quite embarrassing. Hwclock.exe is a program that the w32.wallz trojan was hiding in, I kept trying to delete the file but couldnt, it said I wasnt allowed access. I just checked my window task manager and the processes, that program isnt running now, so I dont know if its hiding somewhere else or its gone. I also have tons of other things running that I have no idea what they are or if theyre supposed to be on my puter. Like zlclient.exe, its memory usage is 6,680, there are 2 IEXPLORE.EXE running 24,964k and 24,380k, is this normal?? There are 31 processes running and this is all new to me so I dont know.

My nortons AV is from 2003 but I get live updates all the time, its just nortons couldnt delete the w32.wallz nor the bot one either. Thats why I am so confused because it seems now theyre gone but I didnt delete anything. I am thinking maybe stinger got them. But as I explained my task manager has all these things running and maybe I am a bit paranoid now. Thanks again for being so patient, I am learning alot from you.

 

Ok, woooohoooooooo! I will get that done tomorrow. I appreciate all your help you have been a peach

Now onto my office computer, should I make another thread?

 

Ok, could you lead me in the right direction on how to download tools when the computer is crashing every 5 mins. The computer has been taken over fully Windows update is another site pretending to be microsoft windows, of course I had no idea, anyway, the trojan has taken over my nortons and disabled auto protect. I have been looking for a thread here but havent found one on how to dl with a crashing computer. Thanks.