Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

W32.hllw.gaobot.gen

Posted on 2004-10-11
6
Medium Priority
?
165 Views
Last Modified: 2010-04-11
Hi,
We are infected!!!  I have a network of 280 workstations and 11 servers not to mention countless printers.  Anyway...we have been hit.  I have been fighting this virus for weeks now.  Just about the time I think I have it licked it pops it's nasty head again.  I have ran the removal tool (in safe mode) on every 2000 & xp system in the network, I have then downloaded the windows updates to insure the patches have been installed, I have cleaned out the registry and all is fine for about a week and then BLAM here it is again!!!  I have read the other questions in the forum regarding this virus but they are all related to one home PC...what can I do for almost 300?  
Thanks for coming to my rescue!
SCUD1
0
Comment
Question by:SCUD1
6 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12280122
Hello SCUD1 =)

I know its weird... but cant u disconnect these machines from each other... especially winxp systems, coz xp has system restore enabled, and that's why this virus is coming back, and when its coming back, its hitting all the machines again !!

So disconnect them, disable system restore, in safemode run the removal tools, and make sure u will delete all temp files, reboot back in normal mode, enable system restore, create a new system restore point and then reconnect them with each other !!

Sorry but netowkring viruses can cause that much head-ache =(
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12280928
Most likely it's having to deal with a server.

Since most servers run WINDOWS 2000 or Windows 2003 I wouldn't think system restore is an issue.

Also I would think its on the mailserver, Exchange I take it?

I would run the online scan on a few servers @ www.trendmicro.com to see if you can get a little more than Norton gives you.

Maybe if you could list a few of the "steps from other posts" you took, so we can all be on the same page while defeating this worthless virus.

Thanks in Advance,

Jorden
Tech-Security.com

0
 
LVL 2

Expert Comment

by:kitisak
ID: 12287672
Did you scan by Norton? If yes, you have to try to scan virus by Sysclean of Trend micro in safe mode. Because I found this problem before. My Norton AV alerted me as W32.Gaobot.gen , but my Sysclean alerted as W32.Spybot.worm.

you can download Sysclean from http://www.trendmicro.com/ftp/products/tsc/sysclean.com. And you have to use it with pattern from http://www.trendmicro.com/download/pattern.asp (lptxxx.zip ; xxx is number).

Or try to scan virus online at
symantec
http://security.norton.com/sscv6/default.asp?langid=ie&venid=sym
--------
TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
--------
McAfee
http://us.mcafee.com/root/mfs/default.asp?affid=294
--------
Kaspersky
http://www.kaspersky.com/remoteviruschk.html
--------
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 7

Expert Comment

by:shahrial
ID: 12299228
What you should do now is, think on how to protect your network in future.
One way is to employ the 'Defence in depth' methodology with countermeasures deployed accordingly.

Resources:
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.securitydocs.com/library/1525

Do give it a serious thought...;-)
0
 

Author Comment

by:SCUD1
ID: 12299301
Well truthfully, I'm still cleaning up the mess.  I have eliminated the XP systems from the network but still getting the 2000 systems cleaned up.  Installing a anti-virus program on each workstation as well as all the servers.  I'm a one man show here and it always seems like when it rains....it pours!!!  And I'm being flooded right now.  I know I've taken too long to get the point distributed but I won't forget your help and I value you all for the input you have offered.  I will get back to y'all as soon as possible.  
Thanks,
SCUD1
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12299699
my friend, we can truely understand ur problem,, no need to hurry at all,,,, take ur time and just comment back if any more help is needed !! ^_^
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question