Solved

W32.hllw.gaobot.gen

Posted on 2004-10-11
6
161 Views
Last Modified: 2010-04-11
Hi,
We are infected!!!  I have a network of 280 workstations and 11 servers not to mention countless printers.  Anyway...we have been hit.  I have been fighting this virus for weeks now.  Just about the time I think I have it licked it pops it's nasty head again.  I have ran the removal tool (in safe mode) on every 2000 & xp system in the network, I have then downloaded the windows updates to insure the patches have been installed, I have cleaned out the registry and all is fine for about a week and then BLAM here it is again!!!  I have read the other questions in the forum regarding this virus but they are all related to one home PC...what can I do for almost 300?  
Thanks for coming to my rescue!
SCUD1
0
Comment
Question by:SCUD1
6 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 12280122
Hello SCUD1 =)

I know its weird... but cant u disconnect these machines from each other... especially winxp systems, coz xp has system restore enabled, and that's why this virus is coming back, and when its coming back, its hitting all the machines again !!

So disconnect them, disable system restore, in safemode run the removal tools, and make sure u will delete all temp files, reboot back in normal mode, enable system restore, create a new system restore point and then reconnect them with each other !!

Sorry but netowkring viruses can cause that much head-ache =(
0
 
LVL 6

Expert Comment

by:knoxj81
ID: 12280928
Most likely it's having to deal with a server.

Since most servers run WINDOWS 2000 or Windows 2003 I wouldn't think system restore is an issue.

Also I would think its on the mailserver, Exchange I take it?

I would run the online scan on a few servers @ www.trendmicro.com to see if you can get a little more than Norton gives you.

Maybe if you could list a few of the "steps from other posts" you took, so we can all be on the same page while defeating this worthless virus.

Thanks in Advance,

Jorden
Tech-Security.com

0
 
LVL 2

Expert Comment

by:kitisak
ID: 12287672
Did you scan by Norton? If yes, you have to try to scan virus by Sysclean of Trend micro in safe mode. Because I found this problem before. My Norton AV alerted me as W32.Gaobot.gen , but my Sysclean alerted as W32.Spybot.worm.

you can download Sysclean from http://www.trendmicro.com/ftp/products/tsc/sysclean.com. And you have to use it with pattern from http://www.trendmicro.com/download/pattern.asp (lptxxx.zip ; xxx is number).

Or try to scan virus online at
symantec
http://security.norton.com/sscv6/default.asp?langid=ie&venid=sym
--------
TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
--------
McAfee
http://us.mcafee.com/root/mfs/default.asp?affid=294
--------
Kaspersky
http://www.kaspersky.com/remoteviruschk.html
--------
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 7

Expert Comment

by:shahrial
ID: 12299228
What you should do now is, think on how to protect your network in future.
One way is to employ the 'Defence in depth' methodology with countermeasures deployed accordingly.

Resources:
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.securitydocs.com/library/1525

Do give it a serious thought...;-)
0
 

Author Comment

by:SCUD1
ID: 12299301
Well truthfully, I'm still cleaning up the mess.  I have eliminated the XP systems from the network but still getting the 2000 systems cleaned up.  Installing a anti-virus program on each workstation as well as all the servers.  I'm a one man show here and it always seems like when it rains....it pours!!!  And I'm being flooded right now.  I know I've taken too long to get the point distributed but I won't forget your help and I value you all for the input you have offered.  I will get back to y'all as soon as possible.  
Thanks,
SCUD1
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12299699
my friend, we can truely understand ur problem,, no need to hurry at all,,,, take ur time and just comment back if any more help is needed !! ^_^
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Creating a Vendor Admin user 23 81
ICACLS "No mapping between account names and security IDs was done" 12 140
Manage ASA using outside IP 14 63
SMTP connect() failed - WordPress 6 23
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question