Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

W32.hllw.gaobot.gen

Posted on 2004-10-11
6
Medium Priority
?
166 Views
Last Modified: 2010-04-11
Hi,
We are infected!!!  I have a network of 280 workstations and 11 servers not to mention countless printers.  Anyway...we have been hit.  I have been fighting this virus for weeks now.  Just about the time I think I have it licked it pops it's nasty head again.  I have ran the removal tool (in safe mode) on every 2000 & xp system in the network, I have then downloaded the windows updates to insure the patches have been installed, I have cleaned out the registry and all is fine for about a week and then BLAM here it is again!!!  I have read the other questions in the forum regarding this virus but they are all related to one home PC...what can I do for almost 300?  
Thanks for coming to my rescue!
SCUD1
0
Comment
Question by:SCUD1
6 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12280122
Hello SCUD1 =)

I know its weird... but cant u disconnect these machines from each other... especially winxp systems, coz xp has system restore enabled, and that's why this virus is coming back, and when its coming back, its hitting all the machines again !!

So disconnect them, disable system restore, in safemode run the removal tools, and make sure u will delete all temp files, reboot back in normal mode, enable system restore, create a new system restore point and then reconnect them with each other !!

Sorry but netowkring viruses can cause that much head-ache =(
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12280928
Most likely it's having to deal with a server.

Since most servers run WINDOWS 2000 or Windows 2003 I wouldn't think system restore is an issue.

Also I would think its on the mailserver, Exchange I take it?

I would run the online scan on a few servers @ www.trendmicro.com to see if you can get a little more than Norton gives you.

Maybe if you could list a few of the "steps from other posts" you took, so we can all be on the same page while defeating this worthless virus.

Thanks in Advance,

Jorden
Tech-Security.com

0
 
LVL 2

Expert Comment

by:kitisak
ID: 12287672
Did you scan by Norton? If yes, you have to try to scan virus by Sysclean of Trend micro in safe mode. Because I found this problem before. My Norton AV alerted me as W32.Gaobot.gen , but my Sysclean alerted as W32.Spybot.worm.

you can download Sysclean from http://www.trendmicro.com/ftp/products/tsc/sysclean.com. And you have to use it with pattern from http://www.trendmicro.com/download/pattern.asp (lptxxx.zip ; xxx is number).

Or try to scan virus online at
symantec
http://security.norton.com/sscv6/default.asp?langid=ie&venid=sym
--------
TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
--------
McAfee
http://us.mcafee.com/root/mfs/default.asp?affid=294
--------
Kaspersky
http://www.kaspersky.com/remoteviruschk.html
--------
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
LVL 7

Expert Comment

by:shahrial
ID: 12299228
What you should do now is, think on how to protect your network in future.
One way is to employ the 'Defence in depth' methodology with countermeasures deployed accordingly.

Resources:
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.securitydocs.com/library/1525

Do give it a serious thought...;-)
0
 

Author Comment

by:SCUD1
ID: 12299301
Well truthfully, I'm still cleaning up the mess.  I have eliminated the XP systems from the network but still getting the 2000 systems cleaned up.  Installing a anti-virus program on each workstation as well as all the servers.  I'm a one man show here and it always seems like when it rains....it pours!!!  And I'm being flooded right now.  I know I've taken too long to get the point distributed but I won't forget your help and I value you all for the input you have offered.  I will get back to y'all as soon as possible.  
Thanks,
SCUD1
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12299699
my friend, we can truely understand ur problem,, no need to hurry at all,,,, take ur time and just comment back if any more help is needed !! ^_^
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question