W32.hllw.gaobot.gen

Hi,
We are infected!!!  I have a network of 280 workstations and 11 servers not to mention countless printers.  Anyway...we have been hit.  I have been fighting this virus for weeks now.  Just about the time I think I have it licked it pops it's nasty head again.  I have ran the removal tool (in safe mode) on every 2000 & xp system in the network, I have then downloaded the windows updates to insure the patches have been installed, I have cleaned out the registry and all is fine for about a week and then BLAM here it is again!!!  I have read the other questions in the forum regarding this virus but they are all related to one home PC...what can I do for almost 300?  
Thanks for coming to my rescue!
SCUD1
SCUD1Asked:
Who is Participating?
 
SheharyaarSaahilConnect With a Mentor Commented:
Hello SCUD1 =)

I know its weird... but cant u disconnect these machines from each other... especially winxp systems, coz xp has system restore enabled, and that's why this virus is coming back, and when its coming back, its hitting all the machines again !!

So disconnect them, disable system restore, in safemode run the removal tools, and make sure u will delete all temp files, reboot back in normal mode, enable system restore, create a new system restore point and then reconnect them with each other !!

Sorry but netowkring viruses can cause that much head-ache =(
0
 
knoxj81Commented:
Most likely it's having to deal with a server.

Since most servers run WINDOWS 2000 or Windows 2003 I wouldn't think system restore is an issue.

Also I would think its on the mailserver, Exchange I take it?

I would run the online scan on a few servers @ www.trendmicro.com to see if you can get a little more than Norton gives you.

Maybe if you could list a few of the "steps from other posts" you took, so we can all be on the same page while defeating this worthless virus.

Thanks in Advance,

Jorden
Tech-Security.com

0
 
kitisakCommented:
Did you scan by Norton? If yes, you have to try to scan virus by Sysclean of Trend micro in safe mode. Because I found this problem before. My Norton AV alerted me as W32.Gaobot.gen , but my Sysclean alerted as W32.Spybot.worm.

you can download Sysclean from http://www.trendmicro.com/ftp/products/tsc/sysclean.com. And you have to use it with pattern from http://www.trendmicro.com/download/pattern.asp (lptxxx.zip ; xxx is number).

Or try to scan virus online at
symantec
http://security.norton.com/sscv6/default.asp?langid=ie&venid=sym
--------
TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
--------
McAfee
http://us.mcafee.com/root/mfs/default.asp?affid=294
--------
Kaspersky
http://www.kaspersky.com/remoteviruschk.html
--------
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
shahrialCommented:
What you should do now is, think on how to protect your network in future.
One way is to employ the 'Defence in depth' methodology with countermeasures deployed accordingly.

Resources:
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.securitydocs.com/library/1525

Do give it a serious thought...;-)
0
 
SCUD1Author Commented:
Well truthfully, I'm still cleaning up the mess.  I have eliminated the XP systems from the network but still getting the 2000 systems cleaned up.  Installing a anti-virus program on each workstation as well as all the servers.  I'm a one man show here and it always seems like when it rains....it pours!!!  And I'm being flooded right now.  I know I've taken too long to get the point distributed but I won't forget your help and I value you all for the input you have offered.  I will get back to y'all as soon as possible.  
Thanks,
SCUD1
0
 
SheharyaarSaahilCommented:
my friend, we can truely understand ur problem,, no need to hurry at all,,,, take ur time and just comment back if any more help is needed !! ^_^
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.