Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Worm infected, should I re-install windows?

Reply
Thread Tools

Worm infected, should I re-install windows?

 
 
A.D.A.
Guest
Posts: n/a
 
      01-19-2004
My computer (not this one I'm using) came back after repair and before I
could update patches or install security applications, it got the gaobot
worm. 3 files were infected.

I've been reading up on how to clean and remove the worms, but I'm wondering
wouldn't it be easier to re-install or repair windows?

I have many applications and would I lose them if I re-install?


 
Reply With Quote
 
 
 
 
°Mike°
Guest
Posts: n/a
 
      01-19-2004
There's no need for a re-install, unless core system
files have been infected or damaged.

Online Antivirus scanners:
================
http://housecall.trendmicro.com/hous...start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://www3.ca.com/virusinfo/virusscan.aspx
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See ****]
http://www.bitdefender.com/scan/licence.php
http://www.drweb-online.com/en/online_check.asp
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

**** Caveat:
http://archives.neohapsis.com/archiv...3-07/0240.html


Anti-virus programs:
--------------------
KAV (Kaspersky)
http://www.kaspersky.com/

eZ Antivirus (Computer Associates)
http://www.my-etrust.com/products/Antivirus.cfm

Vet (Computer Associates)
http://www.vet.com.au/html/products/index.html

Sophos
http://www.sophos.com/products/software/antivirus/


On Mon, 19 Jan 2004 21:26:57 GMT, in
<BYXOb.176235$ts4.12245@pd7tw3no>
A.D.A. scrawled:

>My computer (not this one I'm using) came back after repair and before I
>could update patches or install security applications, it got the gaobot
>worm. 3 files were infected.
>
>I've been reading up on how to clean and remove the worms, but I'm wondering
>wouldn't it be easier to re-install or repair windows?
>
>I have many applications and would I lose them if I re-install?
>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
 
Harrison
Guest
Posts: n/a
 
      01-19-2004
A full scan, removal, and repair to the registry should take about
fifteen minutes of actual seat time, tops.

If you can reinstall the OS, your programs, and device drivers in that
amount of time, then go for it.
Otherwise, simply read and follow directions for removal.
http://securityresponse.symantec.com...gaobot.fq.html

This page is specific to one variant of the gaobot worm, and there are
many.
Make note of what your virus scanner tells you and go to
www.sarc.com and use the search function to find instructions for
other variants.

On Mon, 19 Jan 2004 21:26:57 GMT, "A.D.A." <(E-Mail Removed)> wrote:

>My computer (not this one I'm using) came back after repair and before I
>could update patches or install security applications, it got the gaobot
>worm. 3 files were infected.
>
>I've been reading up on how to clean and remove the worms, but I'm wondering
>wouldn't it be easier to re-install or repair windows?
>
>I have many applications and would I lose them if I re-install?
>


 
Reply With Quote
 
A.D.A.
Guest
Posts: n/a
 
      01-19-2004
Oh, thanks.
I've already scanned and identified the worm as gaobot.ao and gaobot.gen.
I've read up about how to remove manually, but I'm afraid to mess with the
registry.
Is there a removal tool around that would remove this worm specifically?
SOPHOS has one to remove gaobot.ao, but I don't think there's one for
gaobot.gen. I don't know how specific/generic these tools are, so I'd like
to make sure before I try.

ada


"°Mike°" <(E-Mail Removed)> ???
news:(E-Mail Removed) ???...
> There's no need for a re-install, unless core system
> files have been infected or damaged.
>
> Online Antivirus scanners:
> ================
> http://housecall.trendmicro.com/hous...start_corp.asp
> http://www.kaspersky.com/remoteviruschk.html
> http://www3.ca.com/virusinfo/virusscan.aspx
> http://security.symantec.com/sscv6/default.asp
> http://www.pandasoftware.com/activescan/activescan.asp
> http://commandondemand.com/eval/index.cfm
> http://www.ravantivirus.com/scan/ [See ****]
> http://www.bitdefender.com/scan/licence.php
> http://www.drweb-online.com/en/online_check.asp
> http://www.pcpitstop.com/antivirus/default.asp
> http://scan.sygatetech.com/prestealthscan.html
>
> **** Caveat:
> http://archives.neohapsis.com/archiv...3-07/0240.html
>
>
> Anti-virus programs:
> --------------------
> KAV (Kaspersky)
> http://www.kaspersky.com/
>
> eZ Antivirus (Computer Associates)
> http://www.my-etrust.com/products/Antivirus.cfm
>
> Vet (Computer Associates)
> http://www.vet.com.au/html/products/index.html
>
> Sophos
> http://www.sophos.com/products/software/antivirus/
>
>
> On Mon, 19 Jan 2004 21:26:57 GMT, in
> <BYXOb.176235$ts4.12245@pd7tw3no>
> A.D.A. scrawled:
>
> >My computer (not this one I'm using) came back after repair and before I
> >could update patches or install security applications, it got the gaobot
> >worm. 3 files were infected.
> >
> >I've been reading up on how to clean and remove the worms, but I'm

wondering
> >wouldn't it be easier to re-install or repair windows?
> >
> >I have many applications and would I lose them if I re-install?
> >

>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      01-19-2004
There is no removal tool, that I know of. The full removal
instructions are here -- you'll just have to buckle down and
do it.
http://securityresponse.symantec.com...aobot.gen.html

Perform all of the recommended removal instructions, and if
you get stuck on the registry cleaning, post back here.


On Mon, 19 Jan 2004 22:43:09 GMT, in
<14ZOb.177285$ts4.20741@pd7tw3no>
A.D.A. scrawled:

>Oh, thanks.
>I've already scanned and identified the worm as gaobot.ao and gaobot.gen.
>I've read up about how to remove manually, but I'm afraid to mess with the
>registry.
>Is there a removal tool around that would remove this worm specifically?
>SOPHOS has one to remove gaobot.ao, but I don't think there's one for
>gaobot.gen. I don't know how specific/generic these tools are, so I'd like
>to make sure before I try.
>
>ada


<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
A.D.A.
Guest
Posts: n/a
 
      01-19-2004
Thank you.
Since the computer got infected straight after I got it back from repair,
before I could download patches or AV software, is there anything I can do
to prevent the same happening again?
Would I be able to update patches and install security measures while in
safe mode?

ada


"°Mike°" <(E-Mail Removed)> ???
news:(E-Mail Removed) ???...
> There is no removal tool, that I know of. The full removal
> instructions are here -- you'll just have to buckle down and
> do it.
>

http://securityresponse.symantec.com...aobot.gen.html
>
> Perform all of the recommended removal instructions, and if
> you get stuck on the registry cleaning, post back here.
>
>
> On Mon, 19 Jan 2004 22:43:09 GMT, in
> <14ZOb.177285$ts4.20741@pd7tw3no>
> A.D.A. scrawled:
>
> >Oh, thanks.
> >I've already scanned and identified the worm as gaobot.ao and gaobot.gen.
> >I've read up about how to remove manually, but I'm afraid to mess with

the
> >registry.
> >Is there a removal tool around that would remove this worm specifically?
> >SOPHOS has one to remove gaobot.ao, but I don't think there's one for
> >gaobot.gen. I don't know how specific/generic these tools are, so I'd

like
> >to make sure before I try.
> >
> >ada

>
> <snip>
>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      01-19-2004
Yes. Don't click on files that you are not absolutely
sure what they are, even files sent to you from
friends -- scan them first. You only got infected
because you ran the IRC bot.

Safe Hex
http://www.claymania.com/safe-hex.html

Safe Computing Guide
http://www.trendmicro.com/pc-cillin/...afe_computing/

Protect your PC
http://support.microsoft.com/default...gb/protect.asp

Safe Computing Practice
http://users.iafrica.com/c/cq/cquirke/safe2000.htm

Safe Computing Practices (Safe Hex)
http://www.cknow.com/vtutor/vtsafecompute.htm


On Mon, 19 Jan 2004 23:01:05 GMT, in
<RkZOb.177523$ts4.31438@pd7tw3no>
A.D.A. scrawled:

>Thank you.
>Since the computer got infected straight after I got it back from repair,
>before I could download patches or AV software, is there anything I can do
>to prevent the same happening again?
>Would I be able to update patches and install security measures while in
>safe mode?
>
>ada
>


<snip>

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
A.D.A.
Guest
Posts: n/a
 
      01-19-2004
Thanks, got them.

ada

<Harrison> ??? news:(E-Mail Removed) ???...
> A full scan, removal, and repair to the registry should take about
> fifteen minutes of actual seat time, tops.
>
> If you can reinstall the OS, your programs, and device drivers in that
> amount of time, then go for it.
> Otherwise, simply read and follow directions for removal.
>

http://securityresponse.symantec.com...gaobot.fq.html
>
> This page is specific to one variant of the gaobot worm, and there are
> many.
> Make note of what your virus scanner tells you and go to
> www.sarc.com and use the search function to find instructions for
> other variants.
>
> On Mon, 19 Jan 2004 21:26:57 GMT, "A.D.A." <(E-Mail Removed)> wrote:
>
> >My computer (not this one I'm using) came back after repair and before I
> >could update patches or install security applications, it got the gaobot
> >worm. 3 files were infected.
> >
> >I've been reading up on how to clean and remove the worms, but I'm

wondering
> >wouldn't it be easier to re-install or repair windows?
> >
> >I have many applications and would I lose them if I re-install?
> >

>



 
Reply With Quote
 
A.D.A.
Guest
Posts: n/a
 
      01-19-2004
I read all my mail on ISP webmail, I don't even store a single e-mail
address anywhere. Always type them in individually, so my contacts would
never get cross-infected.

So how did I happen to run the IRC bot?
As far as I know I never installed any IRC device on that computer.

ada
ada


"°Mike°" <(E-Mail Removed)> ???
news:(E-Mail Removed) ???...
> Yes. Don't click on files that you are not absolutely
> sure what they are, even files sent to you from
> friends -- scan them first. You only got infected
> because you ran the IRC bot.
>
> Safe Hex
> http://www.claymania.com/safe-hex.html
>
> Safe Computing Guide
> http://www.trendmicro.com/pc-cillin/...afe_computing/
>
> Protect your PC
>

http://support.microsoft.com/default...gb/protect.asp
>
> Safe Computing Practice
> http://users.iafrica.com/c/cq/cquirke/safe2000.htm
>
> Safe Computing Practices (Safe Hex)
> http://www.cknow.com/vtutor/vtsafecompute.htm
>
>
> On Mon, 19 Jan 2004 23:01:05 GMT, in
> <RkZOb.177523$ts4.31438@pd7tw3no>
> A.D.A. scrawled:
>
> >Thank you.
> >Since the computer got infected straight after I got it back from repair,
> >before I could download patches or AV software, is there anything I can

do
> >to prevent the same happening again?
> >Would I be able to update patches and install security measures while in
> >safe mode?
> >
> >ada
> >

>
> <snip>
>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      01-20-2004
As far as you know? There's one thing that's certain,
and that is that it (the bot) cannot start all by itself.


On Mon, 19 Jan 2004 23:14:45 GMT, in
<FxZOb.172646$JQ1.45318@pd7tw1no>
A.D.A. scrawled:

>I read all my mail on ISP webmail, I don't even store a single e-mail
>address anywhere. Always type them in individually, so my contacts would
>never get cross-infected.
>
>So how did I happen to run the IRC bot?
>As far as I know I never installed any IRC device on that computer.
>
>ada
>ada
>
>
>"°Mike°" <(E-Mail Removed)> ???
>news:(E-Mail Removed) ???...
>> Yes. Don't click on files that you are not absolutely
>> sure what they are, even files sent to you from
>> friends -- scan them first. You only got infected
>> because you ran the IRC bot.
>>
>> Safe Hex
>> http://www.claymania.com/safe-hex.html
>>
>> Safe Computing Guide
>> http://www.trendmicro.com/pc-cillin/...afe_computing/
>>
>> Protect your PC
>>

>http://support.microsoft.com/default...gb/protect.asp
>>
>> Safe Computing Practice
>> http://users.iafrica.com/c/cq/cquirke/safe2000.htm
>>
>> Safe Computing Practices (Safe Hex)
>> http://www.cknow.com/vtutor/vtsafecompute.htm
>>
>>
>> On Mon, 19 Jan 2004 23:01:05 GMT, in
>> <RkZOb.177523$ts4.31438@pd7tw3no>
>> A.D.A. scrawled:
>>
>> >Thank you.
>> >Since the computer got infected straight after I got it back from repair,
>> >before I could download patches or AV software, is there anything I can

>do
>> >to prevent the same happening again?
>> >Would I be able to update patches and install security measures while in
>> >safe mode?
>> >
>> >ada
>> >

>>
>> <snip>
>>
>> --
>> Basic computer maintenance
>> http://uk.geocities.com/personel44/maintenance.html

>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Experts Warn of Kama Sutra Worm (yet another MS worm) Imhotep Computer Security 4 01-30-2006 01:53 PM
Worm\Spybot (P2P-Worm.Win32.SpyBot.a) Danny Computer Information 0 08-14-2005 01:09 PM
worm/spybot.17.t (worm spybot 17t) detected by AVG code_wrong Computer Security 0 05-15-2004 04:40 PM
Antigen found VIRUS= I-Worm.Sobig.f (Kaspersky,CA(InoculateIT)) worm ANTIGEN_ML-MAIL Ruby 0 09-09-2003 07:11 PM
New anti-blaster worm attempts to fix RPC/DCOM vuln - W32/Nachi.worm Lord Shaolin Computer Security 6 08-20-2003 10:39 PM



Advertisments