Boot Sector Virus

Hi!

I need some help here. The thing is that I have a boot sector virus. When I enable my bios virus system it says that I have a boot sector virus and when I run a virus scan (Avast) it can’t find it? Now I get the same massage on my second harddrive.

I had some virus the first time I installed win2000 but Avast deleted them.

OS: win2000 and win98

Need some help here please!

TXP

Hi,

du you have Win98 and Win2000 on the same PC ?
You have a multi-Boot-System/Bootmanager ?

Then that’s probably why the Bios virus protection complains, because the MBR was changed …

you might want to try other scanners, e.g. OnlineScanners from Trendmicro (see below my sig) or www.ravantivirus.com or AV-Bootdisks from F-Prot

if those don’t find anything, then just switch the Bios virus protection OFF

:wink:

Hi I did as you toldme to do. And here’s the result I got from RAV antivirus.

C:\WINNT\system32\winhlpp32.exe - Win32/HLLW.Gaobot.BQ → Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* → Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[2].htm->(OBJECT0000) - HTML/CodeBaseExec* → Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[3].htm->(OBJECT0000) - HTML/CodeBaseExec* → Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\0LA7CHE7\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* → Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\4XIF01AN\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* → Infected
F:\WINDOWS\Temporary Internet Files\Content.IE5\SLE3052F\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* → Infected

Scanned

Objects: 27258
Directories: 2160
Archives: 996
Size(Kb): 1144200
Infected files: 7

Found

Viruses found: 2
Suspicious files: 0
Disinfected files: 0
Mail files: 593

So does anyone know how to remove this virus?

TXP

PS: txh for the help

Hi,
avast didn’t detect this ? is your avast uptodate ?? did you do a full thorough system scan ?

if so, please send in this file to :
virus at asw dot cz

as RAV offers no description for this specific gaobot-variant, try a scan with Trendmicro, look up the name in their virusinfo and follow the instructions (you might have to adjust the filenames a bit to the ones found infected on your system)

F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[2].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected F:\WINDOWS\Temporary Internet Files\Content.IE5\8D6FGXAF\dialer[3].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected F:\WINDOWS\Temporary Internet Files\Content.IE5\0LA7CHE7\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected F:\WINDOWS\Temporary Internet Files\Content.IE5\4XIF01AN\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected F:\WINDOWS\Temporary Internet Files\Content.IE5\SLE3052F\dialer[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected

that’S easy: just delete (IE-Extras-options) your Temp-Internet files, including offline files, and they will be gone :wink: :wink:

Applying ALL Windowsupdates
and scanning with ad-aware, spybot & cwshredder is also advised
Links & Details via “Search”
:wink:

if you still don’t get rid of it:

post a logfile of hijackthis here :wink: