W32.Gaobot.sn - advice please

Discussion in 'Malware Help (A Specialist Will Reply)' started by keithn, Jul 16, 2005.

  1. keithn

    keithn Private E-2

    Hello. This web site has been recommended for advice for one with modest knowledge such as myself.

    I wonder if someone could help me. I have Windows XP and my Norton
    anti-virus software says this virus (W32.gaobot.sn) is on the
    machine and it cannot delete it. Following its instructions, the
    first four steps out of five are fine - I have

    1. Disabled System Restore
    2. Updated the virus definitions.
    3. Restarted the computer in Safe mode
    4. Run a full system scan and delete all the files detected as
    W32.Gaobot.SN (there were none).

    The fifth step is:
    "5. To delete the value from the registry
    Click Start, and then click Run.
    Type regedit. Then click OK. (The Registry Editor opens.)
    Navigate to the keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

    (Yes, so far so good)

    'In the right pane, delete the values:
    "Configuration Loader" = "msnss.exe"
    "Configuration Loader" = "msgfix.exe"'

    This is the trouble. These values do not appear in the right pane.
    Instead I get a whole list of other things with an icon 'ab' in
    front of them.

    I have also downloaded and ran the Microsoft Anti-Spyware tool and the Symantec Gaobot removal tool, yet today Norton pops up again telling me the virus is still there.

    Can anyone advise please?

    Many thanks

    Keith
     
    keithn, Jul 16, 2005
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please follow standard cleanup procedures as given below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



    http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

    http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

    http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
    bjgarrick, Jul 16, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds