GAOBOT-90

Avast us warning me about the worm gaobot-90 in my windows\system32-folder [msasm.exe]. I’m running XP, I’m currently downloading the microsoft-updates, and I’ve tried repairing the files with Avast but since the file is “used by another process” it can’t delete it.

Any suggestions would be VERY appreciated!

Do a boot-time scan.

??? Hi: I have gaobot-139 which is also in the operating system. What this **** worm does is also disable inet access to Norton, Macafee, and many other AV sites - sneaky eh? Avast detected it but I have the same problem: cannot repair as file in use etc. Did you manage to resolve this? I suspect it requires a registry edit.

kevinM

Hi,

what about above advice (boot-time scan) or Booting in SafeMode and deleting it then ? or killing the respective Process first ?

Also symantec offers tools against some GAOBOT=AGOBOT-Variants

did you use the board-search ?
enter: GAOBOT

:wink:
ALSO change ALL your Passwords/PIN’s/ onlinebanking-data etcetc. recently/ever entered on the PC

Thanks, boot scan revealed it is there, could’t repair it, and until I identify the function of the file it is in (awaiting reply from microsoft on this issue) the problem may get worse if I simply delete it, as I am wary of then disabling the whole operating system. Advice on pins etc appreciated, luckily I am too cautious to have that stuff on my home PC anyway, but will change passwords anyway. What I am having to do is use my work PC (where I am now)to find out as much as I can about it as any site with gaobot in the header/title cannot be accessed from my home PC!! this is how it ‘protects’ itself.
what a *********** nuisance.!!

you have not understood the functional difference between viruses and trojans: viruses infect, trojans copy themselves

just delete the file ( if other scanners confirm the infection) or move it to avast’s chest, or to another different, empty folder.

Hi all. I have gaobot-219 which is in windows\system32\winhlpp32.exe. Avast detected it but it can’t repair it. I don’t want to delete it because i think that it is a system file ??? I found a gaobot removal tool on symantec site but it dont detect it.
I’m a newbie pls help me

Hi:

I was advised by microsoft to follow the instructions on this link:
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wo.html

for a manual removal. This requires a registry edit and a number of other steps, haven’t tried it yet though, will attempt later today. Problem I had was accessing syamantec in the first place, had to use another PC to get the info.!!

Hi bojler,

enter winhlpp32.exe
into the search here:
http://securityresponse.symantec.com/avcenter/vinfodb.html
and try to identify your variant.

or use Onlinescanners Trend, RAV and KAV to get another name for it
(Pause avast shield for this)

it is NOT a system file, just delete it

also try board-search above