Worm infected, should I re-install windows?

Discussion in 'Computer Support' started by A.D.A., Jan 19, 2004.

  1. A.D.A.

    A.D.A. Guest

    My computer (not this one I'm using) came back after repair and before I
    could update patches or install security applications, it got the gaobot
    worm. 3 files were infected.

    I've been reading up on how to clean and remove the worms, but I'm wondering
    wouldn't it be easier to re-install or repair windows?

    I have many applications and would I lose them if I re-install?
    A.D.A., Jan 19, 2004
    #1
    1. Advertising

  2. A.D.A.

    °Mike° Guest

    There's no need for a re-install, unless core system
    files have been infected or damaged.

    Online Antivirus scanners:
    ================
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.kaspersky.com/remoteviruschk.html
    http://www3.ca.com/virusinfo/virusscan.aspx
    http://security.symantec.com/sscv6/default.asp
    http://www.pandasoftware.com/activescan/activescan.asp
    http://commandondemand.com/eval/index.cfm
    http://www.ravantivirus.com/scan/ [See ****]
    http://www.bitdefender.com/scan/licence.php
    http://www.drweb-online.com/en/online_check.asp
    http://www.pcpitstop.com/antivirus/default.asp
    http://scan.sygatetech.com/prestealthscan.html

    **** Caveat:
    http://archives.neohapsis.com/archives/bugtraq/2003-07/0240.html


    Anti-virus programs:
    --------------------
    KAV (Kaspersky)
    http://www.kaspersky.com/

    eZ Antivirus (Computer Associates)
    http://www.my-etrust.com/products/Antivirus.cfm

    Vet (Computer Associates)
    http://www.vet.com.au/html/products/index.html

    Sophos
    http://www.sophos.com/products/software/antivirus/


    On Mon, 19 Jan 2004 21:26:57 GMT, in
    <BYXOb.176235$ts4.12245@pd7tw3no>
    A.D.A. scrawled:

    >My computer (not this one I'm using) came back after repair and before I
    >could update patches or install security applications, it got the gaobot
    >worm. 3 files were infected.
    >
    >I've been reading up on how to clean and remove the worms, but I'm wondering
    >wouldn't it be easier to re-install or repair windows?
    >
    >I have many applications and would I lose them if I re-install?
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jan 19, 2004
    #2
    1. Advertising

  3. A.D.A.

    Harrison Guest

    A full scan, removal, and repair to the registry should take about
    fifteen minutes of actual seat time, tops.

    If you can reinstall the OS, your programs, and device drivers in that
    amount of time, then go for it.
    Otherwise, simply read and follow directions for removal.
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fq.html

    This page is specific to one variant of the gaobot worm, and there are
    many.
    Make note of what your virus scanner tells you and go to
    www.sarc.com and use the search function to find instructions for
    other variants.

    On Mon, 19 Jan 2004 21:26:57 GMT, "A.D.A." <> wrote:

    >My computer (not this one I'm using) came back after repair and before I
    >could update patches or install security applications, it got the gaobot
    >worm. 3 files were infected.
    >
    >I've been reading up on how to clean and remove the worms, but I'm wondering
    >wouldn't it be easier to re-install or repair windows?
    >
    >I have many applications and would I lose them if I re-install?
    >
    Harrison, Jan 19, 2004
    #3
  4. A.D.A.

    A.D.A. Guest

    Oh, thanks.
    I've already scanned and identified the worm as gaobot.ao and gaobot.gen.
    I've read up about how to remove manually, but I'm afraid to mess with the
    registry.
    Is there a removal tool around that would remove this worm specifically?
    SOPHOS has one to remove gaobot.ao, but I don't think there's one for
    gaobot.gen. I don't know how specific/generic these tools are, so I'd like
    to make sure before I try.

    ada


    "°Mike°" <> ???
    news: ???...
    > There's no need for a re-install, unless core system
    > files have been infected or damaged.
    >
    > Online Antivirus scanners:
    > ================
    > http://housecall.trendmicro.com/housecall/start_corp.asp
    > http://www.kaspersky.com/remoteviruschk.html
    > http://www3.ca.com/virusinfo/virusscan.aspx
    > http://security.symantec.com/sscv6/default.asp
    > http://www.pandasoftware.com/activescan/activescan.asp
    > http://commandondemand.com/eval/index.cfm
    > http://www.ravantivirus.com/scan/ [See ****]
    > http://www.bitdefender.com/scan/licence.php
    > http://www.drweb-online.com/en/online_check.asp
    > http://www.pcpitstop.com/antivirus/default.asp
    > http://scan.sygatetech.com/prestealthscan.html
    >
    > **** Caveat:
    > http://archives.neohapsis.com/archives/bugtraq/2003-07/0240.html
    >
    >
    > Anti-virus programs:
    > --------------------
    > KAV (Kaspersky)
    > http://www.kaspersky.com/
    >
    > eZ Antivirus (Computer Associates)
    > http://www.my-etrust.com/products/Antivirus.cfm
    >
    > Vet (Computer Associates)
    > http://www.vet.com.au/html/products/index.html
    >
    > Sophos
    > http://www.sophos.com/products/software/antivirus/
    >
    >
    > On Mon, 19 Jan 2004 21:26:57 GMT, in
    > <BYXOb.176235$ts4.12245@pd7tw3no>
    > A.D.A. scrawled:
    >
    > >My computer (not this one I'm using) came back after repair and before I
    > >could update patches or install security applications, it got the gaobot
    > >worm. 3 files were infected.
    > >
    > >I've been reading up on how to clean and remove the worms, but I'm

    wondering
    > >wouldn't it be easier to re-install or repair windows?
    > >
    > >I have many applications and would I lose them if I re-install?
    > >

    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    A.D.A., Jan 19, 2004
    #4
  5. A.D.A.

    °Mike° Guest

    There is no removal tool, that I know of. The full removal
    instructions are here -- you'll just have to buckle down and
    do it.
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.gen.html

    Perform all of the recommended removal instructions, and if
    you get stuck on the registry cleaning, post back here.


    On Mon, 19 Jan 2004 22:43:09 GMT, in
    <14ZOb.177285$ts4.20741@pd7tw3no>
    A.D.A. scrawled:

    >Oh, thanks.
    >I've already scanned and identified the worm as gaobot.ao and gaobot.gen.
    >I've read up about how to remove manually, but I'm afraid to mess with the
    >registry.
    >Is there a removal tool around that would remove this worm specifically?
    >SOPHOS has one to remove gaobot.ao, but I don't think there's one for
    >gaobot.gen. I don't know how specific/generic these tools are, so I'd like
    >to make sure before I try.
    >
    >ada


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jan 19, 2004
    #5
  6. A.D.A.

    A.D.A. Guest

    Thank you.
    Since the computer got infected straight after I got it back from repair,
    before I could download patches or AV software, is there anything I can do
    to prevent the same happening again?
    Would I be able to update patches and install security measures while in
    safe mode?

    ada


    "°Mike°" <> ???
    news: ???...
    > There is no removal tool, that I know of. The full removal
    > instructions are here -- you'll just have to buckle down and
    > do it.
    >

    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.gen.html
    >
    > Perform all of the recommended removal instructions, and if
    > you get stuck on the registry cleaning, post back here.
    >
    >
    > On Mon, 19 Jan 2004 22:43:09 GMT, in
    > <14ZOb.177285$ts4.20741@pd7tw3no>
    > A.D.A. scrawled:
    >
    > >Oh, thanks.
    > >I've already scanned and identified the worm as gaobot.ao and gaobot.gen.
    > >I've read up about how to remove manually, but I'm afraid to mess with

    the
    > >registry.
    > >Is there a removal tool around that would remove this worm specifically?
    > >SOPHOS has one to remove gaobot.ao, but I don't think there's one for
    > >gaobot.gen. I don't know how specific/generic these tools are, so I'd

    like
    > >to make sure before I try.
    > >
    > >ada

    >
    > <snip>
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    A.D.A., Jan 19, 2004
    #6
  7. A.D.A.

    °Mike° Guest

    Yes. Don't click on files that you are not absolutely
    sure what they are, even files sent to you from
    friends -- scan them first. You only got infected
    because you ran the IRC bot.

    Safe Hex
    http://www.claymania.com/safe-hex.html

    Safe Computing Guide
    http://www.trendmicro.com/pc-cillin/vinfo/safe_computing/

    Protect your PC
    http://support.microsoft.com/default.aspx?scid=/directory/worldwide/en-gb/protect.asp

    Safe Computing Practice
    http://users.iafrica.com/c/cq/cquirke/safe2000.htm

    Safe Computing Practices (Safe Hex)
    http://www.cknow.com/vtutor/vtsafecompute.htm


    On Mon, 19 Jan 2004 23:01:05 GMT, in
    <RkZOb.177523$ts4.31438@pd7tw3no>
    A.D.A. scrawled:

    >Thank you.
    >Since the computer got infected straight after I got it back from repair,
    >before I could download patches or AV software, is there anything I can do
    >to prevent the same happening again?
    >Would I be able to update patches and install security measures while in
    >safe mode?
    >
    >ada
    >


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jan 19, 2004
    #7
  8. A.D.A.

    A.D.A. Guest

    Thanks, got them.

    ada

    <Harrison> ??? news: ???...
    > A full scan, removal, and repair to the registry should take about
    > fifteen minutes of actual seat time, tops.
    >
    > If you can reinstall the OS, your programs, and device drivers in that
    > amount of time, then go for it.
    > Otherwise, simply read and follow directions for removal.
    >

    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.fq.html
    >
    > This page is specific to one variant of the gaobot worm, and there are
    > many.
    > Make note of what your virus scanner tells you and go to
    > www.sarc.com and use the search function to find instructions for
    > other variants.
    >
    > On Mon, 19 Jan 2004 21:26:57 GMT, "A.D.A." <> wrote:
    >
    > >My computer (not this one I'm using) came back after repair and before I
    > >could update patches or install security applications, it got the gaobot
    > >worm. 3 files were infected.
    > >
    > >I've been reading up on how to clean and remove the worms, but I'm

    wondering
    > >wouldn't it be easier to re-install or repair windows?
    > >
    > >I have many applications and would I lose them if I re-install?
    > >

    >
    A.D.A., Jan 19, 2004
    #8
  9. A.D.A.

    A.D.A. Guest

    I read all my mail on ISP webmail, I don't even store a single e-mail
    address anywhere. Always type them in individually, so my contacts would
    never get cross-infected.

    So how did I happen to run the IRC bot?
    As far as I know I never installed any IRC device on that computer.

    ada
    ada


    "°Mike°" <> ???
    news: ???...
    > Yes. Don't click on files that you are not absolutely
    > sure what they are, even files sent to you from
    > friends -- scan them first. You only got infected
    > because you ran the IRC bot.
    >
    > Safe Hex
    > http://www.claymania.com/safe-hex.html
    >
    > Safe Computing Guide
    > http://www.trendmicro.com/pc-cillin/vinfo/safe_computing/
    >
    > Protect your PC
    >

    http://support.microsoft.com/default.aspx?scid=/directory/worldwide/en-gb/protect.asp
    >
    > Safe Computing Practice
    > http://users.iafrica.com/c/cq/cquirke/safe2000.htm
    >
    > Safe Computing Practices (Safe Hex)
    > http://www.cknow.com/vtutor/vtsafecompute.htm
    >
    >
    > On Mon, 19 Jan 2004 23:01:05 GMT, in
    > <RkZOb.177523$ts4.31438@pd7tw3no>
    > A.D.A. scrawled:
    >
    > >Thank you.
    > >Since the computer got infected straight after I got it back from repair,
    > >before I could download patches or AV software, is there anything I can

    do
    > >to prevent the same happening again?
    > >Would I be able to update patches and install security measures while in
    > >safe mode?
    > >
    > >ada
    > >

    >
    > <snip>
    >
    > --
    > Basic computer maintenance
    > http://uk.geocities.com/personel44/maintenance.html
    A.D.A., Jan 19, 2004
    #9
  10. A.D.A.

    °Mike° Guest

    As far as you know? There's one thing that's certain,
    and that is that it (the bot) cannot start all by itself.


    On Mon, 19 Jan 2004 23:14:45 GMT, in
    <FxZOb.172646$JQ1.45318@pd7tw1no>
    A.D.A. scrawled:

    >I read all my mail on ISP webmail, I don't even store a single e-mail
    >address anywhere. Always type them in individually, so my contacts would
    >never get cross-infected.
    >
    >So how did I happen to run the IRC bot?
    >As far as I know I never installed any IRC device on that computer.
    >
    >ada
    >ada
    >
    >
    >"°Mike°" <> ???
    >news: ???...
    >> Yes. Don't click on files that you are not absolutely
    >> sure what they are, even files sent to you from
    >> friends -- scan them first. You only got infected
    >> because you ran the IRC bot.
    >>
    >> Safe Hex
    >> http://www.claymania.com/safe-hex.html
    >>
    >> Safe Computing Guide
    >> http://www.trendmicro.com/pc-cillin/vinfo/safe_computing/
    >>
    >> Protect your PC
    >>

    >http://support.microsoft.com/default.aspx?scid=/directory/worldwide/en-gb/protect.asp
    >>
    >> Safe Computing Practice
    >> http://users.iafrica.com/c/cq/cquirke/safe2000.htm
    >>
    >> Safe Computing Practices (Safe Hex)
    >> http://www.cknow.com/vtutor/vtsafecompute.htm
    >>
    >>
    >> On Mon, 19 Jan 2004 23:01:05 GMT, in
    >> <RkZOb.177523$ts4.31438@pd7tw3no>
    >> A.D.A. scrawled:
    >>
    >> >Thank you.
    >> >Since the computer got infected straight after I got it back from repair,
    >> >before I could download patches or AV software, is there anything I can

    >do
    >> >to prevent the same happening again?
    >> >Would I be able to update patches and install security measures while in
    >> >safe mode?
    >> >
    >> >ada
    >> >

    >>
    >> <snip>
    >>
    >> --
    >> Basic computer maintenance
    >> http://uk.geocities.com/personel44/maintenance.html

    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jan 20, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lord Shaolin
    Replies:
    6
    Views:
    2,507
    John Tate
    Aug 20, 2003
  2. Doug Fox
    Replies:
    10
    Views:
    703
    donutbandit
    Feb 28, 2004
  3. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    607
    code_wrong
    May 15, 2004
  4. Imhotep

    Worm spoofs Google on infected PCs

    Imhotep, Sep 20, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    398
    Brett Michaels From Poison
    Sep 20, 2005
  5. Winged

    Hard drives infected with the Tompai-A,worm.

    Winged, Dec 3, 2005, in forum: Computer Security
    Replies:
    6
    Views:
    486
    Jim Watt
    Dec 5, 2005
Loading...

Share This Page