W32.HLLW.Gaobot.gen

[Psycho18]

I now have another virus. Thanks to some fellow anandtech members, I got rid of the LSA SHELL virus. Now I have another one.........How do I get rid of the W32.HLLW.Gaobot.gen virus?Windows is all updated as well as norton. Help please.

 

[Psycho18]

Nobody has this problem?

 

[Pepsei]

Gee, is it a new virus?

 

[Psycho18]

From what I heard, its been out since last thanksgiving.

 

[Mo0o]

Its pretty old. try to get the special patch that fixes it. Although when i had norton that did nothing. I switched to macfee and it fixed it in 2 seconds after installation.

 

[aux]

From what I heard, its been out since last thanksgiving.

Yes, it is an old virus. Symantec has removal instructions.

 

[midwestfisherman]

1. Go here and look it up. Follow the instructions to clean the virus from your machine.

2. Get lastest MS security updates for your machine (and in the future keep it updated).

3. Make sure your running a good anti-virus software on your machine and keep the signatures updated on a regular basis (i.e. daily).

 

[Psycho18]

McAfee did not detect it either....

 

[bontu]

well i clean it off manually.
the systems i've seen it infect have this process/file running
called explored.exe (yours might be different, theres different variants of this thing)

boot into safe mode then
i just run regedit and find all instances of that and delete those keys.
then search hard drive for all instances of it and delete
then search for your hosts file and delete all the ones the virus added. usually only 127.0.0.1 localhost should be in there.

then depending on the nature of your network the following might be necessary to keep the virus from coming back in.
change your user account passwords to something not so simple.
disable any file sharing folders


reboot and its gone.
assuming your windows is patched up it shouldn't come back.

 

[Psycho18]

I'm not very smart with computers. I have no idea where to start....

 

[Psycho18]

How do I delete the instances when I dont know what they are?

 

[Psycho18]

How do I find and delete all the instances of the virus?

 

[bontu]

you can hit ctrl-alt-del
to get to the taskmanager.
see what processes are running and see whats taking up the cpu time.

how do u know u have the virus? does norton tell you which file is infected? thats probably what file u need to delete.

in regedit. press ctrl-f4 and type in that file name. when it stops delete the entry it finds (theres usually a single entry in
local_computer>software>microsoft>windows>currentversion>run
and
local_computer>software>microsoft>windows>currentversion>runservices
then theres services it creates usually in something like
local_computer>system>controlset001>Mpr
you should delete the Mpr folder.

press f3 until it can't find anymore of that file you're searching for.

for regular files just go to the start menu and use search

 

[Psycho18]

It keeps recreating the file when I delete it though..Any suggestions?

 

[Psycho18]

It recreates the file. I cannot seem to delete it.

 

[Pepsei]

Sorry bud, did you check out Symantec's site on how to remove it?

Maybe you can send it to me, so I can analyse it, but my company's server will probably intercept it and delete it.

 

[randomlinh]

how'd you manage to get this virus? soooo many ppl get viruses.. I have yet to get one.