Solved

W32.hllw.gaobot.gen

Posted on 2004-10-11
6
158 Views
Last Modified: 2010-04-11
Hi,
We are infected!!!  I have a network of 280 workstations and 11 servers not to mention countless printers.  Anyway...we have been hit.  I have been fighting this virus for weeks now.  Just about the time I think I have it licked it pops it's nasty head again.  I have ran the removal tool (in safe mode) on every 2000 & xp system in the network, I have then downloaded the windows updates to insure the patches have been installed, I have cleaned out the registry and all is fine for about a week and then BLAM here it is again!!!  I have read the other questions in the forum regarding this virus but they are all related to one home PC...what can I do for almost 300?  
Thanks for coming to my rescue!
SCUD1
0
Comment
Question by:SCUD1
6 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12280122
Hello SCUD1 =)

I know its weird... but cant u disconnect these machines from each other... especially winxp systems, coz xp has system restore enabled, and that's why this virus is coming back, and when its coming back, its hitting all the machines again !!

So disconnect them, disable system restore, in safemode run the removal tools, and make sure u will delete all temp files, reboot back in normal mode, enable system restore, create a new system restore point and then reconnect them with each other !!

Sorry but netowkring viruses can cause that much head-ache =(
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12280928
Most likely it's having to deal with a server.

Since most servers run WINDOWS 2000 or Windows 2003 I wouldn't think system restore is an issue.

Also I would think its on the mailserver, Exchange I take it?

I would run the online scan on a few servers @ www.trendmicro.com to see if you can get a little more than Norton gives you.

Maybe if you could list a few of the "steps from other posts" you took, so we can all be on the same page while defeating this worthless virus.

Thanks in Advance,

Jorden
Tech-Security.com

0
 
LVL 2

Expert Comment

by:kitisak
ID: 12287672
Did you scan by Norton? If yes, you have to try to scan virus by Sysclean of Trend micro in safe mode. Because I found this problem before. My Norton AV alerted me as W32.Gaobot.gen , but my Sysclean alerted as W32.Spybot.worm.

you can download Sysclean from http://www.trendmicro.com/ftp/products/tsc/sysclean.com. And you have to use it with pattern from http://www.trendmicro.com/download/pattern.asp (lptxxx.zip ; xxx is number).

Or try to scan virus online at
symantec
http://security.norton.com/sscv6/default.asp?langid=ie&venid=sym
--------
TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
--------
McAfee
http://us.mcafee.com/root/mfs/default.asp?affid=294
--------
Kaspersky
http://www.kaspersky.com/remoteviruschk.html
--------
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 7

Expert Comment

by:shahrial
ID: 12299228
What you should do now is, think on how to protect your network in future.
One way is to employ the 'Defence in depth' methodology with countermeasures deployed accordingly.

Resources:
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.securitydocs.com/library/1525

Do give it a serious thought...;-)
0
 

Author Comment

by:SCUD1
ID: 12299301
Well truthfully, I'm still cleaning up the mess.  I have eliminated the XP systems from the network but still getting the 2000 systems cleaned up.  Installing a anti-virus program on each workstation as well as all the servers.  I'm a one man show here and it always seems like when it rains....it pours!!!  And I'm being flooded right now.  I know I've taken too long to get the point distributed but I won't forget your help and I value you all for the input you have offered.  I will get back to y'all as soon as possible.  
Thanks,
SCUD1
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12299699
my friend, we can truely understand ur problem,, no need to hurry at all,,,, take ur time and just comment back if any more help is needed !! ^_^
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now